hxxps://www[.]youtube[.]com/channel/UCNlWlObusKjIPfA7csfjiUA/

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/channel/UCNlWlObusKjIPfA7csfjiUA/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522718083011261"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{D41FB6E9-382B-4CE2-ACC5-C8F620B98EE0}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: 33	3564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3564	AUDIODG.EXE
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 2016	3576	chrome.exe	75
PID 3576 wrote to memory of 2016	3576	chrome.exe	75
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2420	3576	chrome.exe	86
PID 3576 wrote to memory of 2028	3576	chrome.exe	88
PID 3576 wrote to memory of 2028	3576	chrome.exe	88
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87
PID 3576 wrote to memory of 4024	3576	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/channel/UCNlWlObusKjIPfA7csfjiUA/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83cf09758,0x7ff83cf09768,0x7ff83cf09778
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5016 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3064 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1900,i,9866940917610489098,3559690456896036770,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x3c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\00d657c2-8f21-4bb4-876c-37ada0f4a1b5.tmp

Filesize
6KB

MD5
a2647d94006b7dbdfede922ee0c612e8

SHA1
565d0c4d86f00874ba815dff248c4d21ff106275

SHA256
d2c0e41e79a976f2ecabc3d3396813cfd7f8de9f475ecaa7de484ec9b37392ee

SHA512
870975c6e60bb671209e51a70f4d4428684df39843fd22a5c4f7db783e7c7bb487ccafaf482044fee961f9d07f4da0507b070372706650e79689f0c6f7d2b508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
9974b7ac2ddb5bcec81ae1a059aa4113

SHA1
7baf29abc257a340b6b7180375a70031e90621a0

SHA256
1b492d59d839345124c15581434472a069e76c55ca63c38dac763fec1a916e69

SHA512
d4a177b881274eabc5bcce0e68d07c98c81dd6d2ccd8ff5c67d7652e180616409e879911e06a7f2cf31a06b84eff3491d34feb54bad875e506808122fe00feb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
03aae146921f85eb2ce513ca97d65527

SHA1
2aa3f1c199a476c7bab557047e7d9870f639eea6

SHA256
8173c81fc4a2eb0a1c0ab42a8585865311355e89a9beb8331b3267f03c511697

SHA512
488d9283d8c96ccd0e95e3abf03824a811e8a1ff62b06a8c8d99fc67388f419bd72e74a7bed0263e481af152d6dbe78a679b9c2d8f9f75a9298842e59ade1904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b2c5c1d0660890f081cc82b8fc8a8340

SHA1
d7e18cb57908614065a63db960c6139a086cc25d

SHA256
a7e3ab280ffc08ae30a6ce45ad761b7b8ee04ec6d305255a1896955032109c84

SHA512
73d211668b60012664d37ec0f9799950ffbb84e65937076827bdc5479dd08ef19bac1d2d89cf8186bce4c2cea60fd62bbbfeb8063c40a17410a7af1d220c7672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e62ef90b0a2197628921bf29b6146ff2

SHA1
49b331f0328981f6332ca08d94fb2dbefa8af69d

SHA256
d6e2ba4c3ebcccfe6a52daf6b7108135643e106a5c8c0d406e272d3f8dc28dfc

SHA512
5c3983f6304b2976ba27bec1a83b3484df5800bfcac494f5a864affc39ce268addf400af691c0ba5a000e6991bcefbdc6c043ffc3be7d37769b7d3beb1d0d49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
2628c747cd0ed0a9fb32675edb49fdae

SHA1
97e94c1cf2077bfeb79c449b0ae4aa8ecb68440b

SHA256
c9ebcbb0f374eddf28dc0fd37e0af130dc448c87a49cee07d4728b1cc98bff8d

SHA512
c8364b8b8b175bd7762fcf6535d1e0c5c7260708d391df0bb5656c8c9304def2c867c001f589ca7ecbdb376e0bd8ebaec24bb9344b47e86d1fa218a3b1b3a0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
4271457642fa2e7c48a366452b7702ba

SHA1
c6e16e75aa6678125da4972f07a71c6f92ddf12c

SHA256
5af1552cb69a66382545fbfdd0681676d89e357a21e843321a53f79c6e8a881d

SHA512
1187d89cde11e432b294c88c0ed481518f1304cf3382f1cd612b7c49395a01d6eaa13bf7bbe44f27d014471ea95a5ef24a1c2147653d014fc2567eda9a6199de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9e847f9f8214fe3c396bc7b5bd5f9ae2

SHA1
1ff86ca815151b61df8f0541148ace162b88eadf

SHA256
68eec8361df17e5865b308684296f20acdc1a544cb4ccad38661a94f302e5e89

SHA512
55fccb64a6fde463d092e243a2af572696f05a764b5a2a59d8566ed24eedba5a63e63fc7eae89b06929700b0b2a23570deaea4e247cf383a142f853284ad26e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa3b235f-d726-4cc5-9957-773af85e9914\index-dir\the-real-index

Filesize
624B

MD5
2cfba4acdae483e60e30a47eb07132a8

SHA1
b5260074058f41d84d18ecf8cab1d4a95312a49c

SHA256
0f38d626034dd22eed76a8a2c7e55f40bf463688da9076c1a807a08cefd3de4f

SHA512
58993018d0d546d92c858463068e8a1a7c5a888dbd83fe2b43c4e82c29834c35695f833170096762052e7021ae05a5988bf92ae2a5fc9e05f88db9ceb58551b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa3b235f-d726-4cc5-9957-773af85e9914\index-dir\the-real-index~RFe57fc42.TMP

Filesize
48B

MD5
fc17bd92357c82f7d5e085324b5ed93c

SHA1
db45ed11fc5d615c7742a7531d75172e72b3d89b

SHA256
725d8792e8b31a818fe70671135c034828e9bd15c0239854e71c247dd1dda9c4

SHA512
ed8883ba5e5185029f465933283533fa47e561dd597593e4ea9eafd7659141fd540fcf3df5fc4e9a167fb68797b93c30d0245f14fd7b642f44b693cc5b53b3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fbfcca91-16ad-416d-b141-90b42cd51de0\index-dir\the-real-index

Filesize
2KB

MD5
f41e7e851daaad1b6a1b657e7ec181f7

SHA1
4209d7f849fc523884be8a825a8320d9dbbeb86e

SHA256
71efb0f8959eac554aa85aee82da0535c490f48f83b13a90d882d90603adcb33

SHA512
3b385476c772c4c8d018c9bf8ace6b152737c7b468f4129e19ad354950ae79dbb65e98d065217dae3ef3dc94e71f08a9ed8831e51f56ec4e8a8d2ddb24f790fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fbfcca91-16ad-416d-b141-90b42cd51de0\index-dir\the-real-index~RFe57f8b8.TMP

Filesize
48B

MD5
37d3fcd3e1094c9e365b6aa6bcdc4f5b

SHA1
b9b58173478407fa6733fc65cc261fa907905fe2

SHA256
819b837e9ce9330811f1b4de88eb6caf0922b9b01fe6988395d8950e4984de55

SHA512
72f70dab9a41f133499fcf26130cdfd6d1d547c31da03b93ed9072c8fcda62266b5d19f1271885f587465e7f0971d34331a7748607893387db08f441e7d6a86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
796d22c6ba1f4451fb4f8a1e9b5ce70f

SHA1
9950f373e6395f9c78f9bec34ec267d3767cca64

SHA256
64727f3fad833eeb9d2d8bcdd772b35fe5fadafb6effdc77f7f0df11b9324a32

SHA512
743e5151aebd73995ce51c2b674f112e4e0bc0c806036126b6dbb0d48fb8a002be734a8b789fc201dc5263f64fb9137cabd3a5a0fb700e570cd853830428df23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
120fe1445dcada1b004d159f165fa2a6

SHA1
218319cf15c94d3bd8cf69fc13dc7b9925ec9258

SHA256
5ea6527e8fe3eeacbc9daaaea4559f0085f9d17a0f46b55c2d7b393229551a67

SHA512
9f87d8e58bb1ce43aed02c0b8aaeec926923e1facb5b52de21b7764b9212c4fd9df3c0e58baa13116dca39de6234483d23a3a8d88c82e452ea9fc1e96c928f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
a6e570433ba8d0678a5652295f120d1a

SHA1
ae0584a97047eae2ee6e448faf3e851198c113cf

SHA256
1752a8bb417af54a2b3109dcf755291aa697ae4bc9cde588e6540a7d2f11f7e0

SHA512
0b8194ea18c568dead5fbf35f0f52b6f6b570aeb75539264f6b315e4b2d0fdce6c24d289462ee8d200b186fe31b64945b70ea2cf57d67a542312ea2a56e4b042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
2bcee5f94c7555eb233124eb012c408d

SHA1
b850a90fab20cd0695daad59a6f48410c5931d75

SHA256
7651144e046f39eca305b212e3d83145f79879a21b88f13e2eeeb39c2af54eea

SHA512
6e9efc1b7949f60ab925af92c6f5f25572f14639e6006d6e65a287e73cdcd4534bcfcf126af8b1078c9a177fa108dafd8d3deb996e54770eb73e1265670dc63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579cfb.TMP

Filesize
119B

MD5
2c977980f5d309adb8a7b6d8cb1d708c

SHA1
d7791bdbb287e0109ff89d40e6f41de4fa47a4ea

SHA256
55aedc5d8cca376e234b6ffbbb19a66b5e8806f1599f54523a32358edb2f9976

SHA512
ee41bb38fd51c35d270cdbe2d71f6b17c66837d006ac4dbdf4f3780e3ad8021ffafa3f19156193c1179f989bd25913ecd57921e23c8ed8893e6fbd8ab8fa4b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
430327238405a6843fdbc288c4286d10

SHA1
1873a73ef5d8d06bfc65be89c2982366c36a6e70

SHA256
7b4d687678a1c9b237c21c92a96b99d205879864ba1d42c7e162572bb93adb6b

SHA512
a94754f26bd5c2ce832a58ba37b7d81ffb0bdf8d26d3113403c31f6824960493d9ff7550ad6c4fb5ecc8184c2a0d85d02a6281e01fe8ff1782d887a184e2e9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57edfa.TMP

Filesize
48B

MD5
32a2b1d1a09580f4474a1521a22e1237

SHA1
dc82cf1be553564cb8dbe58177a62073f11052d4

SHA256
55342ea7a59d0d1a3722774253fc8b3921f16bcaab79bf020db10eb03c505ef8

SHA512
4e252f6285720ba012baf3743173ceec6bd74c531be9c831ede378fe7b3a0f45eb6e52c642cb91d048d6944b6cc6ce24a8cb54180addd3deed33e359089132c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3576_860286452\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3576_860286452\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3576_921474250\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
69bdfab09fbf114b00d00bcefd337105

SHA1
3bf99f249f68d6369377af4d9698c2a1fca8a891

SHA256
899495386e211b0f0aaae8bc965b7c1fa367c3e806bfc1008c15e7bf2b14c814

SHA512
8c0ada50f0d9ec128bb9d02ad0c698c534f0226e7394f1f847052dae1482405fe997fcc0d71a80be531e2d6969ca58ebf48ede23f1fb89bd48bc829d70fa7c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
ba912c5cce475c8f87887122e6f30b29

SHA1
7a982360aef7339fb2370845a481ade6b922a89e

SHA256
ee801e2b9180a74df3163440b3231f435dcc0258fbb0ad71b47217b2fb2e0094

SHA512
0fe1c6b3eb167b70d928bb7f44d784601b5646618036b65bf9541d887745156e937a5bdf46d63798166b510e21e044553e793a44aae44a13d8bb4a2b817cd212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d1f6.TMP

Filesize
97KB

MD5
6925b1a2265deb7023eed95bba0d04fd

SHA1
7f1484739ec6969ab6ff2e2e0be0025e3e2ff2ee

SHA256
557335de11e2ff33458f16d775c6435a354f9a8bf78aed2aa8960897ff263244

SHA512
51c2dff1ba5cb55c5b590513c586261af5c88547b1f1a70a4ec4277ea52a4390f72ddab86772aad72382ac876aa7e565107204ce8728a60146199b976591450d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit