hxxps://raw[.]githubusercontent[.]com/Lachine1/xmrig-scripts/main/windows[.]ps1 | iex

Analysis

max time kernel
13s
max time network
1786s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
3	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2412	2964	chrome.exe	28
PID 2964 wrote to memory of 2412	2964	chrome.exe	28
PID 2964 wrote to memory of 2412	2964	chrome.exe	28
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2652	2964	chrome.exe	30
PID 2964 wrote to memory of 2868	2964	chrome.exe	31
PID 2964 wrote to memory of 2868	2964	chrome.exe	31
PID 2964 wrote to memory of 2868	2964	chrome.exe	31
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32
PID 2964 wrote to memory of 2660	2964	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65a9758,0x7fef65a9768,0x7fef65a9778
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:2
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1264 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:2
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1360 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3640 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1472 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3584 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=636 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3696 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1204,i,4778942661405337084,15790330220222168623,131072 /prefetch:8
  2⤵
  PID:1544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\23624a5d-22fc-4bef-b033-02597c41df46.tmp

Filesize
6KB

MD5
18a827244922b573f4e847e39468f7f8

SHA1
263b2d767759285920b436f6163d02dc1a70ba5c

SHA256
b63e30f71d93681ceae1e805dc144dc99631eedeabdecc3d6604df5487850b94

SHA512
7b7b6550560f3ef49c6d601ed3bc776004865a9540d9ec4f368cf454de0d98fe248f030fbbe7ace6069ddcbb095d2cee945b91f1f2bb8506b32e6d674d11e2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
225KB

MD5
d115c0a2800145c06e066875ba331616

SHA1
b94c5f0d25110782e939d1234141b70e6b238653

SHA256
113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e

SHA512
2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
19KB

MD5
0e598b4e0838f1540edaaa0ebf6d1e68

SHA1
a69cc56bc59a19d8e0da1b74db64b0f6c319e095

SHA256
4ed8eeb9c3e8abd8a3ae9a6e4a0da56d3bb513938555795256d73cbd578bbe17

SHA512
4a00bd10f567a45b9a3332a50803002f4a089bc38b065657e2a921d505c0a10c4275add2d6c9b4c3ea6a5ba87ccff47140aad0222bef3fceac331de97cb1f273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
808KB

MD5
2bddd552038fa6582707fe3e183855ea

SHA1
7e622e9b8256f94a9051934534f85137a8b9c9f1

SHA256
5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7

SHA512
e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf771d22.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\25311119-a7b8-4902-b423-c3ebebf7a78d.tmp

Filesize
5KB

MD5
de1207c4fa9c33565aaff3330dce0a30

SHA1
42fc4eb1bc779154839fcd86d7840024ebabe4fb

SHA256
c4fc1cf8361b796d837435b4b44e6bf29eba5b49fed0e648670840ab267422e4

SHA512
14ab9ae78cfe8542ab41de9d436fa2a473c5204d0ab48c023bbd8641bf8af7001b471377bd54b848b8710a56a16c264e85ebea5c69133ad76f6f545f034c5961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7e1eacf29508beee8650b5761b0b839e

SHA1
e595b818fc365efe69c01361ee4c1c4146dafebd

SHA256
fdf2317847baaf7501fba271cbd5f25453e298064b296b3b5e8e06e736fcf049

SHA512
d51d96be0c854352c7a2485a85a73b2967daf77ba5b719cd48a0a2d9320ff303deab03b6acb37c6828b83b152d967873191a2d1af4f6e86216fc6a1104709f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d3924e4baab31e2bfec85074bda0523b

SHA1
643e2c6c619acb8cdd8b805b4ba0cdb43955d6fd

SHA256
3b4bdbcf75e54de9a463c9bd5ff642e2000730b6432bc0c723cfaac9c74e6e53

SHA512
05e00f4271062b7e6dc81763391dc802db2a727294a93454f9d87883390b39a80c85c96319c6db6ce6236e70eddfa4683c730d410cddb44119b2d834ddd95737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
41d224d10d3c7481e6f9b34ceff52527

SHA1
e855ae4cbe3e3020e08425e0efb0c7cdaeb886ee

SHA256
e14bcbcc7835b4b4cc85b7bc9c8d3cfb822c4777187f98e5cb69866d296bceb1

SHA512
85bb2fc1b896f228683c0c25858787c518455deb09c5071f0e0a08ee4645b02a7b50351bd1aa1b810b9755866956656ed1dffca0c1a5df3b2fea669f3b401ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
0414d7d66ba13fcd9d5f6cbddf7c8530

SHA1
2a0e36d8c66537bebb2fc883f970292903561aaa

SHA256
2356e55ddcc91f352d62d46ab1973187723aa5fd3d8e55d4e094a861021cb379

SHA512
8f3e765a9ef597a4c5e369e1e4a675b3144868f389d64cea29edf0c4dbc25f5c8a7cc2cccdfd80562308e31bde2a602a02d5254ccab6f005929eef123593d25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
26e1a93ccf088e45e5c73453de3e7815

SHA1
e6aff98382445ee9ce2ad87b3e155c53fd908073

SHA256
6696f51ad08ffb7e64f94bd83b1e4d87522bbd00fa24b881294ea7d681e8ae8f

SHA512
1ac31feafccf0b49d3a5ad223082a1ac5d031bd6ba0c44966d86bc20dcdb7aa8e4ace49f8c52fbc9e6518cd137f85ef37cf98a9e3039532721c2c467a60e229b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
2e63778e640389762e740e83976794e5

SHA1
f6c83c51e83fe96db130224565f1e8564f264ab5

SHA256
316a0a7b59e50a4c033b899da09cc2bb2ba5e287df4c2608b623980103ddf6d5

SHA512
9737e7302ec09f2e14ba58c8fdf0b0d432ec1198d5740e4ef83f56c87119f8a2719789158cbf83aeed86ad437ca2a57f579734a14a92cadb180aad86ef7b97ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
1c9cbd24aea8c48cd7925cdbe5b56deb

SHA1
1d0b7e2de77ba3e224bad148430d14d9c5b9a70f

SHA256
aa46f6e232df43d53c8b6b87b117883907e38429d2818a314b51ce609dee2a76

SHA512
b0202f8d383e016862eeadc156ec920b1c67989090c1df1be353539ddd6ec7b1c7df9a982c5c844b30eb22ea0930375407be7e9e1d5b19c1deaf3ad8e4b4e7bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
effce2e17072090a00f8a1fb87332397

SHA1
61207318d326d3c5abe1f4e7b29126bdab1d764f

SHA256
142be9027eca1a3e07a407c05f44e35facaeb241a76e0bf87effa2f47c0b4156

SHA512
e037ff594601a0e3c80c269c7280e65a620bdb17c6acbfd0255377658946a368523d47d1b1d8e52e4b344afc0a52621f733115796dcb6e3995ff185336dc0636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1e3b8b484fb80dcf54429ad30293b529

SHA1
e6d36a50b07e470c26a990dea0bf1ebf79a953ab

SHA256
e16e45e1d78ba845ee5207e3ba46c62659764c65143d70d6e23f11a7d18abfb3

SHA512
3735ce5140f9242234e703e8c4e831e9e32db0bff7658a1cd9a665f616d76fdd7c90aa2dedae5c14fc640d6d5ddd596db5de311699d3438d5f32cf5089c12c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4e1039f0270f24c862b121cf0f4e0202

SHA1
e8fb8d2cf41c879affd2e09129e42ae8e091e366

SHA256
9a872e82a1f4da00c747378631ce9eeb30db69102de2031fdc6301c7bf81f9be

SHA512
7decc4a1bf21179aa2b78ddd4b9ad99ade62c99f93b8167227478fc1528387936e2e8089fdd678bff12d699c1df74ec2cf398e45ce6e0b5ed0497c7cc3ee4187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\854bae2e-5a69-4c73-a567-715c37ab0e22\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d9f68e61-1e4b-408a-96d2-62a281ef13f6\index-dir\the-real-index

Filesize
2KB

MD5
f7b56cf24165eb46a3dbfba513e483e9

SHA1
e6956eacd8736a7e1a6433ec31462e9cd96caa16

SHA256
4b587dab4991b23d378c823f90e1b876864a535924e5c3f9769eaf8144c3c400

SHA512
aacdb47ceb6fd6e8f3e9347479358d15d4d23e41cba12f421064b971e0c40753f41b88fc5ed5a9f97be34d0a7148bb65208862a5d3ef291f0687ac447b65848f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
144ff83624359827ee458330e35222a9

SHA1
1d5ba2d975d8fb214864ab157dd709fbab90f72d

SHA256
0a974882b96bf69d4cdd0023d50dd9cfcc17febf8b8a251402dc00be5f5cfbbe

SHA512
aa59f971a8d95ad6d9528c3b45fc776524f4552fc64215ce392eb16ea70beef65319b29fc4bd6cc5d8a12b220e315570a93947d863c77d5777d0fa282b45a2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
ce333b993b2def5cc0bbd49e3ceec67c

SHA1
14e377f8fc9ccf064addf941fa6ad31402fb0a88

SHA256
07ff083e6ebf34c5919df5c2d47070088de04d6d032ff0eb8975abd93c9dae15

SHA512
c9d5b1dc651c3addf4bb6bf3ff2b4fc8f9b39a49038132ee8de0158c13b3dc726b3ba4d0367f2fe037fad09980887d0628bbca511d5e5399a320c59adf5d205d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b934b15148d5e39754e210a0bcf30adc

SHA1
c33d4e817780d82cf3e7fcf72ead7e5fb1c1f1ad

SHA256
9a9ed555bc02a8f84036bf38807aa9e3ea67058cda254e5c1a832a5aee96f90e

SHA512
2725caf9e6797d62d82b1b6b0f2012db035c7743555e3441c2a090073ee6444ce9142acb9cf06752624b4e1b2507a4e042d57b59c0532bd1b2425749a516a62c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
3069f9f873f1ed15db32ce1c20243f0e

SHA1
614aeb72abe981abea4c5af35c14c7d27661b4a9

SHA256
d1889051a7f201b561a71330613a0da729a0b9ca474323f0bc8d7dbcc905ad22

SHA512
a69c470fb9d7d85512ab078fcb6cdd5243623ff956eee31b17193b194ea6bd18ab26b5752b1e95d9d866a00ebbda8bdce1c3c75b383550826d7692797ef59ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
918251b46e12c02a5ad6aae2f3c41187

SHA1
be11d7edb1cdd639d20a7b95a09e3183c75de7d2

SHA256
f6d21f4dc49a1c91ed034f6108194b8463bc72ecf9fab53d25a0a18071a8288f

SHA512
687242c5b1af8785789510b45504f7c15f3bb1ef3ae18b5ebe47179af0615c82b8d23515cfb854a05fe4ba1dcfbef108bf5e0cef1983f26b72449537d3de71f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
dd25f2396ea5698d177c08839fcb85d1

SHA1
f410de4ccdcc0742de8f636350775e7b6fc45be3

SHA256
3cb1fac3fddb1fa02969446d1be1c32d3585804802c80ddb4313fb9f9e55b2b7

SHA512
9a29baa7419339f94569b231c44d60ee109d83ee62c76c71cc8673fdc8777c4e761841a8050c7fbac59905a255aece2cc39de7e84a9be9ede3c381a0029ecaa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BF5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7C37.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit