hxxps://youtu[.]be/LvsnPPxK5DY

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtu.be/LvsnPPxK5DY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630535406212418"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{83C8A3E9-82F1-48E8-A530-14FBCC24E88D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
372	chrome.exe
372	chrome.exe
5744	chrome.exe
5744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: 33	548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	548	AUDIODG.EXE
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe
Token: SeShutdownPrivilege	372	chrome.exe
Token: SeCreatePagefilePrivilege	372	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 3148	372	chrome.exe	91
PID 372 wrote to memory of 3148	372	chrome.exe	91
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 3356	372	chrome.exe	93
PID 372 wrote to memory of 1380	372	chrome.exe	94
PID 372 wrote to memory of 1380	372	chrome.exe	94
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95
PID 372 wrote to memory of 4956	372	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtu.be/LvsnPPxK5DY
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae9d69758,0x7ffae9d69768,0x7ffae9d69778
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4900 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5132 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 --field-trial-handle=1896,i,7532255113801450475,16103448157065627744,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x384
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:5240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
46KB

MD5
3dda883b89b1f31dd1e8e0be2d4250e9

SHA1
ff69000e8307afcb2b4db7d6117b47975f9de06a

SHA256
e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b

SHA512
25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
e309695afccc8160b56fb24a758608ef

SHA1
0790488e3493fe95b7f2963e35ae23553016618b

SHA256
dd4ba3854e4f27c822372d4d6ecfe9c12b839a1c3aed9e95b8e19f9436de81ae

SHA512
5dbee354686fdbe4652edaf6a9ac35a100da612b56828d477820e96f9f8842bc37c4adbead8e4fc30a86809c977aeb4d7cc28fb8816d7d327b268b22aa9d00db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
18f2193eff4dab4ee08ec079eae22b3a

SHA1
4b09622fc0ea09fb296eb40536ac652361010a3c

SHA256
a17325ff57f13066481a2c1013e1f390893cd898b82758a765f9d40b9292bcfc

SHA512
d3c76e77dac19efe4c8d8d1bd5f2a4fea2bf5e2b6a7ec3f16eda7d500bff435f4d571accc4e63e315f850d974a33f329a3cea0a37f81ae65adab831120905465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
3dc78c6613e7c479b398f69e42e09675

SHA1
c7b6a47f2e548a1b64215c8622e35389d6b71b29

SHA256
b0b34859f83d14c7365007c50bd99614c5586a165c52bfa600fc30a374d57a35

SHA512
4d17f372402e02600a4f8942d9857f7db114a7b59ff1242fbe132b6e529f9441e4c1a667cd44f5d7086b3f975e1c69e199011bc54319b96b5daef1446ffeecd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
e32b675aaa3ae3185e5e74fffd834ef5

SHA1
9ec47099d87a833bd10c717b896dafe9945ea0d2

SHA256
72e85b7f0489e64413409eebf6ce03dece478c40e9f04234b871c32d0c500b12

SHA512
d945e34c49fc363b4057f6fc07488a6b8b1649b0b2533a19ed755863634ee97e128fa57c5255a016838d82dabe0599a0f31e65f3ab30024064d5c4644e587720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f918ff28f4733397cb15b0260bc84f9

SHA1
7b51df5d593e9888d6fc25a3d5638c61e15fe355

SHA256
148ff45bb970e349997b226c05da2f47faf3a1a847881b6e953ff658c0b8986b

SHA512
21108b87354840137843ef3674c3f498bb08d60e241b450bc8e1653dfc11bb603af6d9c4cb12c1371b5a22f3d5f119a7ce274b103702b7c41a9df8864e166aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
469412dfe47da2645ecd3597dd9a282f

SHA1
91218f067929222f8a3adfc48d7d3daa046a6501

SHA256
a40fc998d556c66d35c282512261170470c5a55a0ecf4c517307d0ef4388e408

SHA512
b56552ca4d60229a0a5001a36bcf064df594fdab0e112ad0f200d902d37f8e355064f9d7f2ad8f0dda6c4a2925352ef22bc2ff05c461e253a39759e83e3b6d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bdc789504206c831d1ca873eee13f0e

SHA1
9aca45fe85b907cb21c2a913a2dae38460314a77

SHA256
2dc120e89d8f71373a25183df3f12113d06ad8794f0a2e55d98e3a8a7ceb6cbb

SHA512
ad79312e7cb0cbabc773dd070134c0bf6d79f734c13e60121a17c41f6053f75bd393e5e862fb04dce7049ed398d1e8a1616fbd912ceadbc526a236372e42d92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78031503-c128-4f4f-9619-b83838d29dba\index-dir\the-real-index

Filesize
624B

MD5
e0b57fc695da2d602976cf5e58fb2242

SHA1
fcc3ab924fd66fe9496e1adc7730887c04dd9d3f

SHA256
770514904de0c7eaec18cce697e1eee2fa537c71fdcbf7a2b11b67a49bde98e7

SHA512
fdb648e6b38b46fee913e5187bf1250885b1880d830353596235d7496c76394eef35356255d07e0a4ddb79315ddf4c1855b1bc5fda8644632e929e2ccbc5ba5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78031503-c128-4f4f-9619-b83838d29dba\index-dir\the-real-index~RFe58b532.TMP

Filesize
48B

MD5
9f9df36b5de6f628ca88f91c9cc331ba

SHA1
26773755240aedd6e353ba7e9c3c8eb088df16e6

SHA256
74870d58c13c514477b078bc54de47c6039ad2dec18da48060ca993ccf7f4dd1

SHA512
068e74f6f66c1fde674b6667bd1fe01433a5568ca2cdd3132794c8222ba0283544405d70809b7421a5708132ddf213425bd95d1a23b8a1500c614c15d9ca95fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\94613812-cffe-4424-97a8-24b906f84984\index-dir\the-real-index

Filesize
2KB

MD5
8956fed5d6c041d2bf2aa6b303a42c16

SHA1
ff748e7eed63ddc0dc473b86385598ea97cfae95

SHA256
1a8919b22844a0b42ce1b2a200e3e262a907bd32da89f3ce6af0f7c018e3ee8a

SHA512
6d0809039a07c073218f162e9eb8214e711bf93ffd3f8c24ac0abde90d9bfec5c2e830f350e1c326669e942da73358cb28148ac925af6a1595504ee0f5497e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\94613812-cffe-4424-97a8-24b906f84984\index-dir\the-real-index~RFe58b755.TMP

Filesize
48B

MD5
ab0aab7d24348fef841b49980d6942c5

SHA1
a473ea78ac01b837d5609e4dbd769317b2de3876

SHA256
6c24b25d2759b1e6157e56819245f229a3f5b3074b3f8b35fbeb2949f08fe55b

SHA512
dcb5a31303dc4b8104dc112c0d47e28a3808c1c01b391242f2bd8a1bba22ea9bbc1dca153aa805197cf20728156f4d7be41e5b7dc3c82c5835126d40ec3aa996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
2550c7375ad9fb546a2f5ae0a8037610

SHA1
4d0c2d91db15e673efd0fa80cf30efbc3df117f4

SHA256
fd745abf3cd423541e7c4614d6b21f214cb93ad7cf517679ca848a62052a46cc

SHA512
84c96e41db1eb9784604c8fb11070545cc8ff4d31ab1e5e0588b0d6314c08babdf8df200519d56501d9172c76e7a34574116f3d2d7ade7224e1ae9e7a13ae6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
8dc1aaf057fcdcc665fa25b8085e74b7

SHA1
c50ae547b9245f427ea87943f4b498fc6fe55bdf

SHA256
88311b1f0791e3349d09490d5b6f0e117b1c24b66062df27d458be3f66f5d9fb

SHA512
cd757695f6e07fcef92dfc98943c24990e0007dca6b0ad99a48e254166f5602c9d5827e9810b8884b3ac05d810b892f0bf615f9c29f97edbcf3aab75d46688b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
1a0a01c5a09c927ca4c77e096f24b4b3

SHA1
5d206a5b70b23d71cfed5f4c23f63269a728dfa7

SHA256
e5476e501f0307244d7462cb87d85a768446d9b24d413f40682e922ea71e8e39

SHA512
6823da661d816ef31fd77ee525f6f8d7dbce4ef3bf9bd22726e0d71298a0f050e112881fcbfceca0fa92d057ccca6c99b9bbdff597be167689b36617408dc558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
ba29a7119bb612a7bd2c686acb4e4958

SHA1
c233997aee0e5282abf55ab3eef56ffbf11a2519

SHA256
948a4aea87d32bcbef855a6b5bd6c01a6b9c441cada227162e4922cb9f59a4aa

SHA512
27b84dabd9c2ff0612aa9bf2248eabb6d8825473539f85d8646e46c5de2ec07a5d88540e640f02286bf93ca23afe8bdc35c06fdbf70ec7c9dd4e6506d0895582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe582769.TMP

Filesize
119B

MD5
6b3a18aaf1f43114e15fc5ed45fc3f12

SHA1
5a15f974ba7f3de0947e2161a43fd662da41e877

SHA256
4d6e81887d066b242c23d0facd53519ed73f179258787ccbfbe9bf4e0be9ac74

SHA512
697c66cdab9e6ee439ad4eaf9b0390448411a968a0c9cad0c9abcdbf86ad4a2a64d1ecec499b1c972d381c9b8a0e63d5f49369bdf508c035cc6fc19df4095bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b4057fec4443ee57b524a721e14b6ad3

SHA1
bf3d8139dd6933edcc183c292dc2b582d88230a3

SHA256
8bc47794a13bde7d45c3f157a4d2e371e8eb686a750f763e4a58b35fb192530a

SHA512
bc4ea83bbe1ebe5ad8f88e4299ccfbea7cb6f6ac59a19cb6f15469358e565aa61f152608457897c513b682b5f1a693e10cec0603912fbf4fc07d5f12f888a396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587f9b.TMP

Filesize
48B

MD5
0278471ad53542f3da5a12b36c2c8632

SHA1
46a3f7c52c2b5a32fdeff9022993f461db123f37

SHA256
9e5444f068e1513f9e88ff19bbff780c953c7b86772b1f28d428da208a4ad85e

SHA512
28c1f8f244e8ee59c65dfa917de0bf445541d854a5c528491993c66b94c5fb1214488437b324d3e58284fa6d4cc4ec1360ed02bc97b1dc1ecf447701f3fd99b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir372_584971619\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir372_584971619\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
649f9782e15dbbd943a109d6f76df0f8

SHA1
5abb161da7d55355853e1faef8facffa91b5d67e

SHA256
d93e47a5e818058c54e238087fea38bb66097b318bad980f8a60f796251332fa

SHA512
5930727d020952bf7e3c6edfc5bfe0a3add0ad3838658c1f7488b8fde401d0d3055f41f781122843f206c6ec691d50a39cd39c183c6d0e97e1f75ada571ecddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit