hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2furldefense[.]com%2fv3%2f%5f%5fhttps%3a%2fwww[.]youtube[.]com%2fwatch%3fv%3d7SlQuS7AOgQ%5f%5f%3b%21%21IqRYp603ny2KL2MbNA%21w90DGoQor60aju8Ly7QflRYjQIkZT816rye4gX8lKu%2dGmBDXjWKsyP2qWTvG4iLYdU3dQYR3wf%5fQtF3nwDXaNunRNisO%24&umid=53797926-3784-472f-b7e9-73b26c826e07&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-a56815cb4e266906a18d48b5129a09fb995797f7

Analysis

max time kernel
85s
max time network
93s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19/02/2024, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2furldefense.com%2fv3%2f%5f%5fhttps%3a%2fwww.youtube.com%2fwatch%3fv%3d7SlQuS7AOgQ%5f%5f%3b%21%21IqRYp603ny2KL2MbNA%21w90DGoQor60aju8Ly7QflRYjQIkZT816rye4gX8lKu%2dGmBDXjWKsyP2qWTvG4iLYdU3dQYR3wf%5fQtF3nwDXaNunRNisO%24&umid=53797926-3784-472f-b7e9-73b26c826e07&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-a56815cb4e266906a18d48b5129a09fb995797f7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528198964618944"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: 33	1916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1916	AUDIODG.EXE
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 1020	4708	chrome.exe	69
PID 4708 wrote to memory of 1020	4708	chrome.exe	69
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 4776	4708	chrome.exe	75
PID 4708 wrote to memory of 1896	4708	chrome.exe	74
PID 4708 wrote to memory of 1896	4708	chrome.exe	74
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76
PID 4708 wrote to memory of 1268	4708	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2furldefense.com%2fv3%2f%5f%5fhttps%3a%2fwww.youtube.com%2fwatch%3fv%3d7SlQuS7AOgQ%5f%5f%3b%21%21IqRYp603ny2KL2MbNA%21w90DGoQor60aju8Ly7QflRYjQIkZT816rye4gX8lKu%2dGmBDXjWKsyP2qWTvG4iLYdU3dQYR3wf%5fQtF3nwDXaNunRNisO%24&umid=53797926-3784-472f-b7e9-73b26c826e07&auth=65a620fa4b6e2edf0405a6ed61dc7465231096cd-a56815cb4e266906a18d48b5129a09fb995797f7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb501d9758,0x7ffb501d9768,0x7ffb501d9778
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3736 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3104 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4924 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4776 --field-trial-handle=1844,i,4274883897715319628,5758399165816229384,131072 /prefetch:1
  2⤵
  PID:3956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
26KB

MD5
fef7250c5e785e2ffac8bd873f18bda2

SHA1
d1cd4beb541c879ae2986663b6718b659dfbd91a

SHA256
110a122fda57379bf19318bc0aa120b1d66aaced1ba83fb093ac6b9154cb585d

SHA512
3155d9767e7d3ce39f143e591c1ff71d9a6f82f3c90a603b7d646c095bd4bfbe1ebe8fad95cd439e06e3d3e557cc4e9c529d91b0e8743263f3818d40e82bee21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
9844c8c156b064d4817adbb450ec17dd

SHA1
468d79b480ae42e8c7ee303d3c929650916f5ce2

SHA256
3ed1aaab6239cce6b9755660b78b94d96f7ab9240cabc34136887b5d0988658b

SHA512
32506e7c7b43bd9858f213525ef66f9f595b95a14cfd87a686079d4e7e52cede55f5368ff90a00cdf9767a91d53f00b18c63ebbd424e85cba4184a3a94d9964f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
856c674cd8899279ac5817e7ffd3e35c

SHA1
3b5313c11aa85c4c822e4fe0526f0c7c0adcc258

SHA256
94faf52a2a359d9a77a6d496d5741306b29c0b55b42b4a45f1fd84f2cabb1e9a

SHA512
cde29846472dde40123e6db5858fe3b66f22172ba8203aca02abd588e5e7601c3addec91759c90b90d25f817cb6cb9931864cc82d19f928aaef58b02eac0af99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80aa2f7c806a1deb710b75b1d3605bbc

SHA1
d4221f215ada1ed397e1a2896d698291644277cf

SHA256
0d0b7d78771c9a9c22a704c798b4c4728e303c60418260b207e06a875bf3b997

SHA512
871fc71c3f97f40e23c2bfe136a77823a4405d7dfa2d28488d2b508832661e15aa660bac0fcb01bd7f16979eb3a345f3fd6813b231d0a650840ffeee9676dfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d77e1e99293a73d5af357970a3924a91

SHA1
d3f66a67f7ed89d565025cc6b43dfced4f5a80c8

SHA256
df4e18635c9e49891a84cad0e3fcfba1825529720cf0d7f82d1d4c7fea8e5b47

SHA512
6754caecaf9cd6c1ae4b4a34471bafb3f9d78709401f3fd2af959bef2b49da9abfb8b4fcee06fb29336c0e2ea1974f5b67b1519512bf4c10e88c49e799b07925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48130cbe7a4acf74914988f06f6dcd02

SHA1
6b525452dd2b553e34eeb0040d185c2468e0b72f

SHA256
24f0318a803f150ccf18d1511cf6d17ed9281ba924ca081700f6f7d03dcdb4ed

SHA512
ccaf3dcad2504b11db4aa21c7540b7033ad0513e37628992d60f9eb31158a1d7635a4ff3e41451b9ad3a668bf947978e1d8dd172a643db90f531aa5ee572a7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6a310ecfb28f86c90263fc1aa330282

SHA1
3863fe97fa11ecab8d70c1ad54e338b88f5ff424

SHA256
d60d1db7d01dedc06bb7ffe599b8275a412b9a32116062cf5c2d2a9f4cbdb49e

SHA512
5d6aa376217854cc49dbbf11c7dc6ff7fbaf97a080f3cfa84ab05adc54d9d0c1c9666cd8626c60b6b22c738d243a660587e1dc77cc85a1fa9e559a586fd033ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6829c2c-c330-4ab6-b36d-464c5cd6771d\index-dir\the-real-index

Filesize
2KB

MD5
e397adb8463c1866ba7f9b18ecc003d3

SHA1
8690ee88071da5af46de59b32fdcf198b006b86f

SHA256
80ee493023e4e9f7193d248f7f9df0480e73d0e045d60b158520f2c707b1f4df

SHA512
0ef9d9049889bc515f294c573d5ee5b8405b12efb9bfa18bd18ef531b7755734a528f32d6e5e6d7ff160c0d593f0d88f368077dc4e09611dcbe8a9e5ea128db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6829c2c-c330-4ab6-b36d-464c5cd6771d\index-dir\the-real-index~RFe5808a6.TMP

Filesize
48B

MD5
0876617a979feadfd60c5efe5da5af69

SHA1
928411a667bfffdcd667985c8f2061a3ba590d2e

SHA256
c482d44f1759e64b77b961714e5fe8b38a36113c33a83136d80982aabb587070

SHA512
3667cfd620fd78f17c27d3b52645f03abd31775c4b847c6e7ae18b7063073c14b414b45c50fe7a508ca34413dc7523be796beddf8a9672082c9ad22a6d95a6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d9b34234318217d38ed08ddc393d1c3d

SHA1
f55a0e1e6eccf0d061a85b250be144cfcf11091c

SHA256
a16142fd70a80228e2ccdcd2fadcf9f74ee4f5cad0bd9df718a2e30fd9ce96d5

SHA512
753744caee81595c7133f4e151da09ebcec04f3a7682f53220544772116838fb0d13103d928da07e7e80ff95bc8b676bf559edc89911a9e524ad16b2f1e3be96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b519ab6e094a605f7c9c1ee6df82bc5e

SHA1
73ac81e232979826d5ebe4307ba7dee57d3fa517

SHA256
c3bd40986e4135012ad22140f0c07fc8feb8e94880e65d6a40144209abaca181

SHA512
23556a582d99b4e6108bdc7c42e0680c189494b3397862e8e0c7234fc9bf4dee998038c03cdc392035746f050db21344d9709af252fce6071864cb6e8009deae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
783d8b3bfd4ec699a0e57d97e8745dd5

SHA1
fde42ab36a7172ead2e760d07ebfc4bd11166b7d

SHA256
953bc86a01943e3aab6070b6861407e1e75dffcab510eabd044137af21cbc8f7

SHA512
bc859a8a0b820539456e4edc19dde7cdd6ee7cc25741ddd1d7d7a699f2a0583e957de12f6ea3476ec31f9eb508c89ab6e7df49f188b7b689d6a0182368bdf178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ab82.TMP

Filesize
119B

MD5
e658d111486da969358fbb6f130daefc

SHA1
aaaa7be58688b9a596009469786305377635ce8d

SHA256
f8a1603032cba1bd1267107a1e52a079b6a36c84421a93b5e6499f7c27c93058

SHA512
baa5725187a2c198ec4a30d18ad37b91d3b87099904f4a2c92a2af59af9842ef4f94addd32f2aadcd59b740c6e7182c6f06affde13c1560c7aa3d3c73048c0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
68f179bd3fe047072f18ef514dacc297

SHA1
e1134b04d7ddb9677d434f5da3af9854ebd9c67f

SHA256
780fad7fa95d698c34a847196569a83e8f735cb5503c37a67b9d29c16c9cb4ec

SHA512
426b368ad529d73c457b425a1894c21a09a1547fdd265aadf4e11fbce363ea46500adc147cfd22448a3c82f699258963a95101517aea3d25c0b95cdb04dada30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fa2f.TMP

Filesize
48B

MD5
33873d528dac4e30fb0271d42a6c4ce8

SHA1
b8367d0e3ba06b1505fa2a82f00a062e5b727518

SHA256
e388c489c01c494b91fefc57eea906123417f7423388c54421a6af535048ca48

SHA512
5b3399e8ee1db5c209bcc563e8e84ccaa110f1ce7f305fb4f39f447e70bf5958ce7b4c6bf0e8ae5757c4e81ae83f2c7b510498cd5a4eb5bd99eab5a69e4abf48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
6da47556c20269207d9f800dc0a17a06

SHA1
c8876d3a859dc0c7b75a4e4a4fbb8637b6ca4f6f

SHA256
881100a9660af7c69ca3e44269dc85f11bc2e11047fec82250a390e7071a34a2

SHA512
7a224331d3ceef805401d9d2f4adda13454e16e8367e6f4b53c4375147aa2c16ae473c11a8f3de9078c86dfd604a42a06ce01fbd3b79369ff1209105b377fbd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit