b9d84636a9359f58b03287d8e8db195c45d6557b02f657073144707db483f001

Resubmissions

29-06-2024 16:53

240629-vd8x8s1fqg 10

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheatLoader.js
Size

65KB
MD5

cea842e7e40b63e64888f71901779aa7
SHA1

d46126847457934a3f50f972f26db9acae9bfe4a
SHA256

0cb539002f237d37884e40e3bc26f18b68f4249ff72860386376235061426c0f
SHA512

9bd35b802e6b3214536580e84fd14a5d324239b2d128c8125e1df88ea7922d9f6cadbf8f766b92fade0915f2c05fe05e111c56bf0622bdd2535b6f632839a79a
SSDEEP

1536:aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC:n

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2920 wrote to memory of 2544	2920	wmplayer.exe	31
PID 2408 wrote to memory of 3064	2408	chrome.exe	34
PID 2408 wrote to memory of 3064	2408	chrome.exe	34
PID 2408 wrote to memory of 3064	2408	chrome.exe	34
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 1124	2408	chrome.exe	36
PID 2408 wrote to memory of 352	2408	chrome.exe	37
PID 2408 wrote to memory of 352	2408	chrome.exe	37
PID 2408 wrote to memory of 352	2408	chrome.exe	37
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38
PID 2408 wrote to memory of 1760	2408	chrome.exe	38

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CheatLoader.js
1⤵
PID:2928

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1320

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
  2⤵
  PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a79758,0x7fef5a79768,0x7fef5a79778
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1516 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3188 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3840 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2484 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2232 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4076 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3760 --field-trial-handle=1356,i,6114777241668199327,16693385831008867815,131072 /prefetch:1
  2⤵
  PID:2420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\03f3e534-2202-45f3-91db-90350384d7e6.tmp

Filesize
293KB

MD5
12bd8721455b9c9864f4b70a3f5c16a3

SHA1
861c12b4d2a22620eb5a89cf251531ce0d2b4022

SHA256
e83aeca01ae28bf07ce22e4328e6ea1df021fecc127d8c4c6daf892330d9c15b

SHA512
f2aacd9f19328899fdba3998168236c2d28e237a896f6d4566ac918f2a4181484f1dc96aec5a15310af7f14e68907ce114152f6da09e665c36f30f31f5fff7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
225KB

MD5
d115c0a2800145c06e066875ba331616

SHA1
b94c5f0d25110782e939d1234141b70e6b238653

SHA256
113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e

SHA512
2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
19KB

MD5
5abc2d6a81ee083df5c49e83a342037c

SHA1
1b17bb65749f39ede44e145735252b0d56fc7003

SHA256
e2cb2ad4bb24d27e3b8e92e5a7839d4e68ff613d7e91e19a2668c7c12739267e

SHA512
0eceac3e1207bc2e31238db6880ed6f4026e0ae2ef9f102e08b8e6da79a5495c7ce4bb32c4ecc50ed2f2990cfd1610cfa974b1864455c325560d1d070ff48f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
808KB

MD5
2bddd552038fa6582707fe3e183855ea

SHA1
7e622e9b8256f94a9051934534f85137a8b9c9f1

SHA256
5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7

SHA512
e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf767c51.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
844B

MD5
1e060003df6d5bf3ca513dc910b1ee93

SHA1
95864cb11664c2a9ab4f4837d3535da0646789eb

SHA256
ba564f5ee6bd911218435083ecec6efac1058577a0bb4649d88c99f541979666

SHA512
091df276faaca1456879dc68ebb74a55c6365f3a77c9e3e9fc86df6cb78a97359a8895d2378445551c0dd0104c6ab8b44f81ec0b55d5c2263e43822afbf31125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d166e4b3b01e4f40d60b2f103346ec8f

SHA1
3ccc8be8c1765afb0a827419e7f11f4075c0bb87

SHA256
c6bedbb3d6f115303044bee6c931c382d005073caf1eba1ad87b511c5c4e8cf0

SHA512
35d324e9d1bc05bf149d14cbbe09d9c81930093b79d8ddfd8016cfa0c01b7c546326788443982ba4d5e6052dd4d68bf324b13c5c30b3e2827e9163aa4c2bdf81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\306ba938-c34d-4f54-bd8a-0ea9f8db6939\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9b4d00b1-68c2-404e-be7f-9b7986273f5e\index-dir\the-real-index

Filesize
2KB

MD5
bf44713e83758d4468be4cc9029e60e9

SHA1
3f93a829194423d5eb4bc7e5c184ba22a1bbcf93

SHA256
61b845ea2272f829c6b05025c0a7ff77a9e0155be3bfd822723e479eb7aea922

SHA512
48db146924dc4134e1c9167a92149991cddbad4cdf3dcd51fc4cb933aca5b779b7ef28a376091e075bf273445541ec302aed94b296424b2c2f908df8e9e001ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
3f014732c7c07c91f48a358e7a6d20fa

SHA1
136bafdcdf4dcc82fdbfda4948255fe9c0817400

SHA256
7d71d6b6ac8a4e777ca31812e53c6443b775db9becb63c88e11f5335faca67df

SHA512
78f97ec21e557f16315378daa580af380fcd85aaf93ab0f115d9a5d6f35bcd9ee51dd531aa7498e7547debc2ac70ccd77237e13e8f4420773b51c824df7fc9f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
541734ac7ce62b1ba8d8336acf3f273a

SHA1
fdc6a25ec43c9f1cf0b7af73f0c0f655abde0650

SHA256
7ef8d1eba37ddc43227c36cc1ab24589362f211bade769ac6f1cfa0e78f2f703

SHA512
9afa680e45f43fbf97f81f93052085c0cbe1802eca8e78dd06172194bb4d9aa34178cd2423a3255136a3419ee6795f37a2bc90410c8aa1f17f5ae87e23e294d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
19bac03440a868a98ead2638b37b8310

SHA1
7ae54f7b36c886c9cf40c2d695539b614fb6f815

SHA256
589fe8cde7ccc2f9a405116e5b16a1b8935b27a7eea0895774c3a58721cc9c45

SHA512
556e287f78c421516a31adbd807745dccab0e345021861c34dfdb222275d189b1d5590aab2a84d02e621a62334d6e3d91cc66973386d3e778c026b6db36bea3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
6806a3df2722e9267618bb0fb6f8d233

SHA1
62bd0dfd8530c39daea7822c2ee5dda83d533c31

SHA256
897280402db68e67b2a0fd380f72d1770a1e492f39a03b99e5ac9b85602f3bdb

SHA512
77e4861e1631b6eedfdd5888cf3932b163eab38055c79432d72133eb65f3e0b469112cd3e67d81a89ae9ca47df5bfe03cd4c8ebc792859f3d35ea24b312e4b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
3c65d4ce4a42019f788d5bd73a8ab333

SHA1
9894c11128ecc70e2cc2fce632d1051bd9320b02

SHA256
0b810fa83c86cd96b32d110c6e8cf0a7a5a4658bec10cd0867a2512d7ca213c5

SHA512
a3ae0c4dc72f5372662521679a1ae7c8443f3c51362624aa18d41989869a48429e3e365f0a40184f4c59a20c7a17f1b25ef3548b4a9ec677071fd3e03c02ad63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
293KB

MD5
f8c1d9d562fbbf1af601d700fbfba0e8

SHA1
b287b67d0f9d266e619b7b465d8edf0996cb59d2

SHA256
dd231acf44534dc2f23d2cc0057160d28c64eeede43e02ee9fe1438c874fed32

SHA512
9d9958b6cdb4e7f858f7f00d91500926cec45a4cfeae043b7e3480105dbaef99304de276ef1f271049e0e1bd839ec8ad60f66c2239e2f656a44d3daecd47b592

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp11004.WMC\allservices.xml

Filesize
546B

MD5
df03e65b8e082f24dab09c57bc9c6241

SHA1
6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

SHA256
155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

SHA512
ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

Download Submit