hxxps://www[.]youtube[.]com

Analysis

max time kernel
1801s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528630250215007"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{AB5BF9B5-AD4E-4749-A7F8-DD4F8DA64E92}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: 33	1432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1432	AUDIODG.EXE
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe
Token: SeShutdownPrivilege	4128	chrome.exe
Token: SeCreatePagefilePrivilege	4128	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4632	4128	chrome.exe	63
PID 4128 wrote to memory of 4632	4128	chrome.exe	63
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 5088	4128	chrome.exe	86
PID 4128 wrote to memory of 4364	4128	chrome.exe	85
PID 4128 wrote to memory of 4364	4128	chrome.exe	85
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87
PID 4128 wrote to memory of 880	4128	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ad19758,0x7ffc3ad19768,0x7ffc3ad19778
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4108 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4672 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 --field-trial-handle=1876,i,9594578154220878690,659639785756560680,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c33b513b72258f3387d4365d9bfba8ab

SHA1
9b49ac9723927063e7b3cccc05124d3b0f376140

SHA256
6cffaff45fc6dd201c9643da46cecce38ecbf30c3a378dafd8bb5bc2cc657fd4

SHA512
67751e0eb94130678e0d6483613870077a49bc039974106eaf2b4e08d2f667cb2fdcb2aa04fa38b4882f0d004dd956b3644e56f893fa5dcb165711828c3eac40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fbef7ecba6235001e410ca8d0707f5a7

SHA1
26848939f411acf6edbcb9d019eec460823bf4bb

SHA256
845cf70e04c3b847f815d5d7f11d3bed6095c9326118dbb0f07e88bfd6d70d8d

SHA512
64ce321fa94594fa8d72b3c752173f36211103abb03a6dbd67bad7702fd6af41d713c36326d6e4fcc666fa3d4b5866c28d3be56da820c0064d36e57b7dec0b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
093f43e6df9e82f2e8c18ff4b601c727

SHA1
c0cae7fe11238fcb462a82d57fdf18ceff8763a5

SHA256
cdcb9e9880b5ea4dbc45399f28ef8dcfadab9280b610ad3f76fa5ece7866cedb

SHA512
295903682861faf219a93fdb57be6bb3f23f2ca8c5480e4eef2925963b3a2b7c6ea5a60fa453d90bf80344b95fa4f773a49bc8a80d373e9a36daf9ddf89f3cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
076133a13f632e2d296c5a653aa8095f

SHA1
158e6a89be105d92f980a08033b37d1894282351

SHA256
2c82fcbda89f001e3420bca542aaa48d38da4d0807ab73e504f93c6da5728fdd

SHA512
944ad67aad342811d4611a1b9a6f0f091aa667247edf7fdb1d0c7adef35b5225984a310d0a2e32235eac197d8004a029eb9d06161b8b666609c31a13d6006c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
58439f730b69d7ea81608f8815326aa4

SHA1
7eaba47a00d0291870aa99fbc13dfe699bd8c504

SHA256
de63c27af5ad41ae7e80a0edec8b7b7edd196014bd8639c89e7c5ffdf6edc64d

SHA512
42cb00ad1686ea6a7ce91cc9e0601749ae0a25bd596319b5d6b2e39c09674f0892489a3181703a8866a7373c786b0a45cbc164b2a6fc09020d4db3a6dfec9dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a521e7e3bb02d4f6ed855569cda6058d

SHA1
9304fbdfea10c90417de44763c2772973f0f66a9

SHA256
37b2d46d6fc98f122cb17d49f36424011b34f6bca57d49328bda98fff5e26181

SHA512
f2a4a01a0dcf7df8e7f63fde070300223151375cfb84164b31840923d529ad49bac9759884978e2074fe9abda3dee713e60c3d765a4f263a1375a8d23a2d50fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
af1e2e2c1db245b1a21f65700015119a

SHA1
9835ae6c3647cfb42d33f64c00efb037fbaff2d4

SHA256
b0f47a9eabfe42b4d966c7847f5edbb3bb31a4c179d5069bbc08bd8085cb4f68

SHA512
abd0ad9913ab389ac56996df2d39a3b02d5dfc86b9e1be1a4444a68d16f11587eb81298fe4e690186c98d18453bc0b6f67d8d318e3b1041cad3853e9a4df86ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1db050540b569caef414ca24dbb480c6

SHA1
4d2c6b050b11e3074b3f129ffa4f5e4667da6944

SHA256
f3b6079c7769c8487b7720670125e70eb03d8224e199042a045215e840139b06

SHA512
9f9447daaf826eab113cddd3386729869e6c2ee41b054840490c870183f96af4d4cdd8cc40cb74261b14ff859f8fe28d163bac56cfb78922d3b8a10f51f5b9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e85a94798d7108c7e14956bd4f2144c5

SHA1
9518393caa10646266c19bc7416f335fb994c0ba

SHA256
1ca9b844a88d3ac370632cf0370009896adadaa9e9d03cb5b98f0808ce451bdb

SHA512
d28592d1485f0d6c163677711fe67b3b2169e13b1932ca4e93cf857122d928b393176fbd090b0a58bad5e35a2d3b59573f365e511eee91478f3e68423ede2c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
5860715ddfedebc61bad8f75e8444f99

SHA1
5a0b127bfa655f4f82f56dea5cfb8a3261476676

SHA256
6b81dea237e06e93d8af63fed92b1b7f999775b7fecee655f4179051b0e30cc5

SHA512
b1c6a54720ff348bc145594789b884a25d713a8a1cd29ed5140e51aff5db25aa12faa9df79afae4799670c9c8b7332e6fd86c66d49fa2077de1f4a4965e9e4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cde6a24aaba5f6a45125bf33dda53b71

SHA1
a9ee1a108f175ce1390c34fc2106734e3b369186

SHA256
24d64192ca8f03696753c4cb053c7b6648283e163c88fd319408f2731199b078

SHA512
0b34bed86cbe462635ee1b308f2caa93607b0efdb055c0e6b6cf91d23c9376ad9a2e0555a72efd693caed25535c72cf6822bcec5f5be302512070c386e22d857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\096dca98-d11a-4626-92f6-d8e304dc0697\index-dir\the-real-index

Filesize
2KB

MD5
8f91cdd7fe434b46d825ecd48ca47935

SHA1
07ec1068d92de43cabab501aeb9d2c2caed6cf71

SHA256
46f90eeba097bee942c318dacdb8977c33c8a2969e0edbef6e85de708219f3de

SHA512
da61d174777a02e87898ff15f89a67999f8b1797e14e067b35452723f363787c77911199c1147d9d0dd824c9a6cfdfdfa8ea287f22f4f5aa9a94d9bd0af64a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\096dca98-d11a-4626-92f6-d8e304dc0697\index-dir\the-real-index~RFe57ddfc.TMP

Filesize
48B

MD5
8208fab115a63639939426f8c734858f

SHA1
225db1cc78d1d12e7ad889535f1085bfe0d33947

SHA256
6ca62dd226dd82f9e4e119452b39e681030f05b4aa715c2a30af35992da2c60a

SHA512
fb7bc914784a96616bfa9447b08af9483a1d274de540e997bd9fb74d4372d80083ec6b898e8cc10fd119acacba3fc2944522bcd62ebb987f32dbd3e0a22e2741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
090653585eb946cf9373c46c28b38a7e

SHA1
fe13c85aba474e236ec2cb999844a19aae5a4c51

SHA256
f72453e732b2e08cc07b37e0e8b415117c477f3f6074504c8f907791248f5e88

SHA512
fbd58805a729a5f89bf74c270d19075a906e842ff87a64a3fc4c4a1994a406e2cb7ce972afd82290c77d61d9b3bb1e711bd780b07216ad69fbf9278d8e246a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
7c36c12663ee4df4f2ff68d1f8f811a5

SHA1
b257377e2a3d4cef6b8e628d7082bf378a47f3d5

SHA256
c2f1e7be32de5ede022230092ebe511647a9c3a98bf77c3261061c5354cea7fc

SHA512
030e30b76ebda7cf273a4ce59f0a06330b2079d3e7d65f53e9661d748986982d583da15280e7ca6dec04330ae6d3e91dc04f886357f2dfcf06ae0fd9152cfe09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
bf1e4e2355d6ff64789d0155a274939d

SHA1
e47e14f159a3c19d4366869f734a8418aa02efe5

SHA256
6ed75781603a2f0a6a4289d57521d8ebb70bbb581daf44996e6014d124ffba39

SHA512
69a3c00182e9acb164e3c8520e2efab381f63861b44ce31df9ae53c2b948838483cb5c169776c0e84a7ef03965dbec642dddf51d74a331542816829dc9be4bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5785ab.TMP

Filesize
119B

MD5
f2591d59d939c73a495ea23ec54bdcdb

SHA1
77578e715354faeede7f9257d77362ccba05a9b8

SHA256
7a2269224981adebeafb5a0427a7959c5006b8372964318e694163e3ca36e3ac

SHA512
9c6690aba1016d294a501fb6d80af8f76c192cb97395e6257c3bb02bd2b0146a5d7d4f3e75a4c7196be700ae2475da4651fd6dd793968dea2ad501a5016716e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4cb4485cc36b8604099ea0ee611226e6

SHA1
0cfc9405179bd284dfe266de0a7ae898c9a78988

SHA256
f0396843276b30a0fc0ad3d4e8e448facbe62994b07ea32ea2830518cf616ece

SHA512
b23b0fef00ba8fad4f888793f291154c643b760fa4fc4c05d650578485d3b64c1cdf810af9933c3e157cfd6f8b29de89f0dd6811ce4bddff6874b7dbcf03de77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d467.TMP

Filesize
48B

MD5
f30cac595b0c1510842f7e4d9b0e8af3

SHA1
49784f5a0d2c7c739dd1a61893542520503f1dd2

SHA256
fd2143dc9ee8272a5fcf5aea25261d9d784b467863cbec22064d8a24fae4f4f1

SHA512
d13a143ee11b1e933f793bf2695af8ac77ab1506dc1599b4417087f007aae307eb78d849ed2319f1a261dff6180d3f94ecb514293fcfb780b9f354034de38525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b97b85330235588a69a3add4ee230127

SHA1
cb35026d444a3adcddbb237edeba36886bb81b1b

SHA256
0465188bb78d6cf4be1e1ee654508861f8306900b053a75f4d8358426a14c2aa

SHA512
f04c7825c02ea763e1d77d85b9aa19677b4f846930ef65adced7386e31b4ef19b16f19c348a5c16ebaaf8344f4179c38b4a19cad82720e47eca684f3b09d0276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit