hxxp://youtube[.]com

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133467655619057416"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-423100829-2271632622-1028104103-1000\{F2B30B6C-5BEE-4C71-9679-549287DFE2A9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: 33	4900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4900	AUDIODG.EXE
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1704	1104	chrome.exe	86
PID 1104 wrote to memory of 1704	1104	chrome.exe	86
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4484	1104	chrome.exe	91
PID 1104 wrote to memory of 4744	1104	chrome.exe	90
PID 1104 wrote to memory of 4744	1104	chrome.exe	90
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92
PID 1104 wrote to memory of 5012	1104	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce6d29758,0x7ffce6d29768,0x7ffce6d29778
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2808 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2800 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4900 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3520 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 --field-trial-handle=1888,i,13254842913753034080,12294242957398943584,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x3b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
d6fa366050bf0b6d2578c06dab4d0314

SHA1
9deb7af9f2e7fa394b21dc3a7835512ee6a4776d

SHA256
35e310f833c0b179355d422a170d5460476eccba82101d67e75ed11fa2a510f0

SHA512
16862fe9d15785f167b6b0559ee26c4861c7690e6499784d09ea04683fb9015c589d563080783bb3510755958388c7d542d6d270807d524a00c69bc9eebf2633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dd0e94249f129e7ff754557dd2a6a5da

SHA1
269bf713dab415babfb4aed994d6d6aba4b5eeb5

SHA256
639ee4173e8864f715b90cfbec1f33535e626c488f83886dee5954a04c828b15

SHA512
1cd9468b6d20f0e609635fd1b91a0bf7f4c4c7c920a4111be897196ed38f2176beaa42d06281124f60bd6f5396b40af67f4dce35449f10ca35bc1d8d8697b1d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
016a7008fdc9aca43ad218bf055d7a8e

SHA1
51655df8b8f7c26c29de2a58f321052dd4a39fed

SHA256
e9a85c3727db722886afa603c8ab66e02a685b4a2f60442fc429c65c1458cf75

SHA512
8fddbc722166cc3309e241c7a2557302ab8b5c5cd11ee1103310e69fc2acd0dfef75e5416e94b10e279215b204e518391a8328fef1b9dafd26090ebc3ede9196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b4f1885a33b1ba089977525381ea67e8

SHA1
3ba835381406659273da3995d43effb24ef0a65e

SHA256
d3fccf0a7bbd469ec87d1da92799816428c7765c20b1ae0427ebb90dd32f92fc

SHA512
fb1ae24ea0eae86ba4c921eec72744fc8ac58cdd8714bf0e77902e3042ec671981509f3d5c432294cf16514eed3c929375a8687793024f9f71ddef703caff904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2e19c23a9fe7ab4c9efd2093c5c14386

SHA1
18dc52b67072026dea0686c983a08a3d001cd398

SHA256
9a813f7cb174a574a622866da48731d1c995d18187f4e78bdc9e76a71d9ac67a

SHA512
f56de28f3d22111bec5f9020600f17ca055cd0d4151eb23e6e8f7dd89a6930fd7cec19408936fe4325b5426303237af3c17d0f02ed7444035f7c9bd2a5b75ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
26bdb1feec2a50907d7ef25cb05a1556

SHA1
ada12ddb79a7245ef0e1513609e82da7fe787ba4

SHA256
b2eb76782d7b9cb4e0b64e6eaaf19d1561805a73cc703a6a5164711479c49781

SHA512
6d1c514be3e6bdf9aab5fdda04f73a71914043101994aac483598f4ab4dae233d4b00213b250d553074b95d3a86fd7dd52ec5004bf6dd175731cc3c750fa02f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
ca95eead3edf86c8746f88a8500ccf39

SHA1
e593ff77cf406727e03d98bbbf4da15881950d6b

SHA256
e4a2ad3707bf5bbcb0435e0f7f8824e1e7022912cba0e7957be1c159320767d4

SHA512
a1a884e2710b84eb0ede9968ffbc00e69d5ca5d264b1072f5d139d00df39dd18058656553159e560deb14d25d12a103c38a0f5cd2d900f857ab8606d68e3dce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f0781e6859c1bacdeb2cd5e232876d7d

SHA1
efb0d89b988168eda4e2cc70f56f4a899fbe88ad

SHA256
c35f1ee7670420d05548eaa19d0b6dda3e0bc24f8e3d5aa0581afe825c31862d

SHA512
2fc08d8aad617c00c94b91bcf5c836b698666abbb28c1026292f94d92115d4337504f6fba3d33526da8ff01c6ea532c703f50441089b5447d0fe495f2b380768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db6a7fc0-ecd9-4621-b829-3ca1376ea3bf\index-dir\the-real-index

Filesize
2KB

MD5
3e23f3ceec07e31d0739556617f355b9

SHA1
4d99830333ab2b349422e92a6dd9c401e9e1560e

SHA256
39ed409362705d404176de4fc417dd9de5af982e85fd459323f69ef6113c7336

SHA512
3a667766a6ccc9f5f5836cb7311d2b8e7d5755ffd1d68fbbb8e9412a992c49385fc43923ddad242507a8fd35450d57648dc9f0e123419dd611b2b6bed0cb99b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db6a7fc0-ecd9-4621-b829-3ca1376ea3bf\index-dir\the-real-index~RFe579d59.TMP

Filesize
48B

MD5
fb5b07ba7b21e5208fd8162ca8a3605c

SHA1
a18002f6bbe45daf69de35b5a533766d2fa24f6e

SHA256
42a6fab990cdd361dd1869f462cfcedab10ec5db8514a2aeedef4339148db555

SHA512
2a950b3331d6dc6776af2c28605c17b089c097b6954f3766b91ff217e233b4dc77e0152dc395bcefb986c7f3f4ecc07bf12b76dd43b7be14fc0fff9927f196d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
7326fdaa0fd880b0c5ae4f2bf3877137

SHA1
6c886b3c72e6c36cd846f51391a38a219fe0d21b

SHA256
8161d9548cb0c1498121b5acdb7fee10db27155304e583ed43c78f57348ffc58

SHA512
97f0ec0e0df8d4bb5f0e09dfa4ab80f14d052fabe4f62037881dc9f0b2904639a669b0cfa5583e5dbbb38c04ff45d2fbc9937767bdf98427093aa3347290a63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
30b1bd129bba485268a5704531d3e98e

SHA1
b8d9fb631ce534b33abe313d4b3672105ef9ffa2

SHA256
3f6478a297b53384644b07f9a9578491b181d50dc9e03b86800287e7adc371fb

SHA512
e17a6d107b8808b3dde6169e5b847edd553735e969b9f6b7cd2367b83567d3badf7721d2cfc2c8858aace0425bba1c7a37cb731a9b5420463cb2873bfae7d303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
b93c81d64f10b5e0253230dbf52af7e9

SHA1
f15e8dee070feecbbb33a565269d19d3bf130eb8

SHA256
18e5278d10071c21803cae42a84a2643a4c80e6d89e4809ec537b19a24de1d53

SHA512
f254a8b1170c9068a40a235b4d297795ffe86364da88de9b51ac82899049500aae78e48399d59458ca08f72d374e98f6f60717feaf2c9a740a8f7cd97a26464a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5748c1.TMP

Filesize
119B

MD5
c3edcbfe12fe7ee3825486b9a2dc66fd

SHA1
af32f95cdd267680c538238af27b34a7cedd86c5

SHA256
42490d73a09c5a43d3b28c93e646d90fcdb60b4629a4f04b8de0fd7ec7278f01

SHA512
6f57f185cc3b3679ea398eb1de31054522c6d717b5655c3037054b72411d97ed61cab0f4fe376d59dff1243024a74d6d1184e6de05835b81fce41b2f58eb3783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e7e3da901c2e0eb7ad48dc319682964e

SHA1
b31953bcb33662206b7e517df9bc3774cc2dd902

SHA256
c4c294ac628315a4291f10f8dd91c2ccdb50ee0945cf6ddfaca3e655302deb82

SHA512
5c3489e5e97353498861c8eb795e7ac023d571e842c837806c84f2ff5e5a42e815b49424050c78121ce0e37e3212888adeb368f6613b07facf7c54050889cc5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57975e.TMP

Filesize
48B

MD5
abc9f2701a90d7f474aefbff412e3ea3

SHA1
38ab7012474de13bd0aa5cba4a13cefcda48278b

SHA256
90da15305385be35fb3fd6965d7a26ad231a197284d7245b2271cced667e5c9a

SHA512
38fc3888122e34e165547cec677edf9f52fbc8dc54e9630503fe9d53c8948be0b907e20017dd60d1826689fb58b46d049c3a1a063c7f6e6f840420176708ecb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1104_1485823231\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1104_1821735843\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1104_1821735843\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
ee8c1792def01d9499fffdba5a010158

SHA1
f3a7b4368611aa7651def3a93973d39db202c1e0

SHA256
8b0b27c7d672eedfe60c80dccbe8ce2e3ae39f8790f5fdeb7e02eb68508bb831

SHA512
42fc88105c8a586e236264ec61af8458be3e1ca602b366d2367603714b9d7f2c58f3a61d44a2d34f2adf2da7cf6a6f9ccc095ff952320d808ee98437e8c5429f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit