hxxp://youtube[.]com

Analysis

max time kernel
1799s
max time network
1691s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
09/09/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703791815625616"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: 33	4268	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4268	AUDIODG.EXE
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 3852	4928	chrome.exe	71
PID 4928 wrote to memory of 3852	4928	chrome.exe	71
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4084	4928	chrome.exe	73
PID 4928 wrote to memory of 4952	4928	chrome.exe	74
PID 4928 wrote to memory of 4952	4928	chrome.exe	74
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75
PID 4928 wrote to memory of 4884	4928	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd328a9758,0x7ffd328a9768,0x7ffd328a9778
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2652 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2788 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4376 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4720 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 --field-trial-handle=1832,i,10753870868558833469,16826761476124919735,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4476

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
aec0d7319d0146df6787455d46ad41fe

SHA1
fa47c7a6b05acdde1bec2880d4552d756fac3fcb

SHA256
58866413fd5dbf56ee7aa29b13c9f9096e69bf87ac5fed0dabab42aebe68059b

SHA512
fce6059e15e62be1ab650dce73cc9454affe62d7be4c47a72c1507812a46fade989b836d7dd6521d978eb40ca0269465dc9c76e59beb9c813c211af254a75250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
182B

MD5
ed6cf7f1093ded4418375c0755e59c7e

SHA1
f02d8689a5894a7c312df91a1e0db1ea69785699

SHA256
a4ac6c3e013e12eaecfe1cf1741268283fce8cc6f7a58cde688c24ae3cfb678e

SHA512
89523d9e26be19e3ae3bfd76c373973a5e45b63d14eaab69c2cc84027b2dd30423d0c300ab99403d7933cb3fed4a4ab326b0035bcba794040ab7e6c1cec0cd10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aea30b967577d3496c82cc1a855754d9

SHA1
0b16993f07237960a8475669dec305ca38b15601

SHA256
76cca71fdc4e4a941e7c0cbb2ee1fccd39d4505bbb422d8a542bcb4d8d7abec5

SHA512
5bbb5517b1263148dbddfb41fdb959d5ad36ea037c5069e3c737ac05622f28ff148ff03fd52d514f0fe9debe7af8b088e7cb9ab431e03fe7213dd7837de82649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20890d1309e6e86ab932a6836aea9efe

SHA1
529555aee74b38be49fde9648e00b579ab07aa34

SHA256
f3975f7103bb86590e3ab1a01aac9d1243fd89898342e40701512bc15f8826bc

SHA512
1b8d876632495fe3fb06246a9c3c44c771a25ab1a9ced8a01bcb2e97fa2a0d8764cbb0251c2f57762c0965188f2f54fe41fcb425eafc980135a651c17053d79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3432257c8759d239c9badb1258dcde25

SHA1
c054232516c1176af4da1c46d736291b5625038f

SHA256
d3606254ae64ee8e5b5d21820f9049415a6e1c6a115eefd7ec8cb06e285aeb06

SHA512
9f410cba237bc097644b860745cdd996118112569380330773432e79da354df31b75ab55b23a6c903651db968fb8cc9bee4a3a2353c5184ecf144e1f55c4a75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
97dbe8cb1af1219ff1699ccef98c710c

SHA1
ec68f5240ebccfb239796d9665d0077e31d42c8e

SHA256
8add16ad4b6441bb6461bd703b08f1dfc157ac607957822cec6734de55954b64

SHA512
e764b93815a062b6370c3c28ae09947526e46abc462314275b8a92959f0f9e35e569eb85e8265394d6c13ddda48a759711cbf12f840bfe002ca32f4be37ccfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
12118ef7c0c12b5c0a42aee810fec592

SHA1
1f549586439ca7cb1dfb5a1a2bd794cdc4917f8a

SHA256
7e3d1cabf15e6bef44b60dd7e01c3960226b3a273ef31f8bb37f20eae8188288

SHA512
9e56d68438953457b85e1cbf40da0375bd112b749b5c8dd9d7b8ad1ffbfcf02b4d26f2474f74ca7708986e777332b61ec409860c724f26fc2fefcbdfc1611c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe584d9e.TMP

Filesize
706B

MD5
56b2f0cad32ba05756ff43f98a41d1c7

SHA1
09655c0591fcc70c4b7e1a31ed16510416e3c3c0

SHA256
96333890edb70c7789be48f2d1ccfdee38a0a22c4e934ea35e7285325836fb21

SHA512
475d89de2927cfc22a5742deeba31520bbad1a4631cb0012b48cf056693cec74e5e9339b5c2f0fa12c32e7d802a8c6d2d8f30b422e8ae7a2d36cb4e7e36d0384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b42a4579-e8d5-4307-9056-db8297539c99.tmp

Filesize
706B

MD5
bb84d8b9f0d741ee7eecf9bc5e1c0233

SHA1
a190fe1cd346b205bf9ca9b6ade8d83c526936e6

SHA256
38fb4080378ad10aa5718e4f679d535e9f828408f6df8001d6d832e77e0f35a9

SHA512
b2a01a60064ef3f62669e069ce36629d1724b4884cb66eb9f8f780c11f749eb90d3bfe7348dcb32fae18a87d01804f4581b2404874f9433f916766093f493b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb5e51f868a7fe975b9529a41a3cd578

SHA1
99f426b423ba6072be50019ab72bf946a0e58468

SHA256
ca740b44aa4657ae0f70d22f64400fd85f40fffc34f7c652e180e92be9e827cc

SHA512
74475de1d2759c507561bf2d4d943356ed897b26cf555d7befd833140b9e0fca7802ab21b2aa412cb71e87e4c087508da4a0327825a65d47cbb89844185155c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fbe354c8f32d608e485168569841119b

SHA1
0daef7a542545ee8d2de5e0e417feb655fc87a61

SHA256
55d754919b86a46019125a51816fadbe364a5263550045c3631e5182a129e547

SHA512
2e2b70d063466e349c6969b2ce27f43cba6b23d45a19d455031288140a32a73a986fa64910dba40df1e61939957a3963f1a8d16cd20f816571c392b08a3a2864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ea557e6290eac1d1092e88ed9592df4

SHA1
1d8352dd7f0e04089b264fe704223d5de8a067da

SHA256
c07234581913afb20423a6f093e682ada2342f1fd8bf53326c10c8a348821e88

SHA512
9405312eed3487a6ab351e139115636112cdc8a39c7dbdcfc94944366f65a6315b2dc4030a9094daed35ea89220bb6fd99e0c4ee7a63c33feb7da3d94064a3fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b89c4e05698028bee8b0d2b098023217

SHA1
5e650c741b2bb93b34150512fcbbacb2284d5dc1

SHA256
678be627d5a20213ed649e9e606721787ae78bfb866dfe63b8734ae8cfce4b13

SHA512
e20b83d9d3576475333f4100191d46be0eb1203f38a1c8faf8e27ce233fece85fcf15fd293210bf8e52db612c2bad418d6cad619ecbb0e51a511a576ec60e657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5a2505e-be7c-441d-b9e1-e02915012046\index-dir\the-real-index

Filesize
2KB

MD5
5b1990ca49867edd3adeb353849af1b2

SHA1
bd07f550f6f8a06a5251e85d455897413334c256

SHA256
03585b4e1d766fde791b392500054d80a3a3a892794f797f8eac2bb0cfcb0ec4

SHA512
3692335da244491748d708537df923eded79a88cf7b6195c86823b86ef0d82273472c5a8400f8db1282ef810474b419df148cfcc4f5be07572ce8700926557e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5a2505e-be7c-441d-b9e1-e02915012046\index-dir\the-real-index~RFe5868a8.TMP

Filesize
48B

MD5
d9b12ad885c53714aaa0ea7113d7119c

SHA1
c32374584468da9995c2ca671e7265550c2b3209

SHA256
2b76bff3832de61f60e05b7017363a0705bc2d078cbd7ac032e7f6f482afb329

SHA512
38ec33b17eada47557e732586c879838d354869b2aca233875a2594e3d1d2ddfe43b43cd696a4a0bbf663858dd1491531bf31a1da3c9edf32d2544ea2e242367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
63986d1ba881efee212ba2bd0d21c9f2

SHA1
5c8dc227de91d1320f63d3a862cfd4d5122eff77

SHA256
a41f5c98b82ac200f7feb0352db3bd7ba7b49e699695403cde29c451b6a325ac

SHA512
ffa48aead1457275bedaf6680b79c6b96e5950f18b9e434ba53f189ad7e71c36a199b2ad5f6dc9bf8620e9578cc2ca27fcb9c6cad554cb3d5021a9bbc7b2d4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
1b52d71b1d7e310f883c3ce8776904d1

SHA1
6b87460af798a0832d411bd2254205a5f48c5b4d

SHA256
01cb72bf7b3c84cb32cf330edfde041d57397bb960b1587228581f9f677a8b4d

SHA512
aa5a70dd3afa42ac93d1e0f3ee8595f42e5d389cffddda78759fb6671f5b705638c17b329e172b3fa20189188f24d03167f2050420fbf80b613e1e9072992aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
26e1e909eadb5b3050399bc1c9ed73c1

SHA1
175391794dbf3c4d5088f6c4a064e070fa14f646

SHA256
1699f4a1d49c2d848a7ffbffe79ef5962095f3c22241d5c73c2c8c3785c0c9ef

SHA512
f1342b18bebaf1820168ddc6c64340479660013cfd4d685a33436e6420fb25ee1cbb9dd06dd7f1fd2ff8a26a0693100f1a6c7a29d102eaf27721fd217bdd681f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5805f6.TMP

Filesize
119B

MD5
2fcc5146aaa498f555c233456a268525

SHA1
f752b73d3bba74c146957800fa4c32511d866fc1

SHA256
d929861797ac339d111e09d01b6b9f48e52991cd58b4f8cff6b43db8407894bd

SHA512
036f4693e6a55148620daf58733f66533f16ebae1973464647e35e39a040cd6818c49d9e9c0b77576c2f10c3a00d44a15e63ac214756cd26398554fbdc762ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f30c593176cd83ebdf762cbc6d05f3ff

SHA1
0ccdc33347cf8857926bb64407c9186706a23292

SHA256
e1f5b493fd8e779923318ca6057bf8d05e97f44620821df15420f69f6233d8bf

SHA512
9f43b24540da691d8099a338f22463fdd5f94703d0e5a2116365ad8e2521dbc108937d55f09e711db5c073810bbb5d75f853117f141a50118428266f86e9a33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585d00.TMP

Filesize
48B

MD5
61721ba0f42ab69330ef08e0320ca95b

SHA1
7e98151d6bdc4a32586d4d06bede25f323bf1a61

SHA256
cb85e0985a3b709eb12b4ea15dd15ddb8368459f48f925409c09942eba3812b8

SHA512
5848a5e8a778fc976f2627a1f4414337b39d010d914458300d106fb94bb7134af07cd0cf17a23f862ca037ed44ee16de867a866ec2f65dad969d4b92ceb06a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4928_538467113\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
4KB

MD5
e747ac53a098b1664e6706bed135d142

SHA1
f553c71b4b4cb1c653ca59880350b4cde4b1a289

SHA256
6cf454bf090808f6f557369f869955a9171674538309358a19657dd730a25a55

SHA512
8fa240341220905803bb62a4cd80ca2ffeaa552fdb1930a3a8efcd5f9370ce8baf17e180af1bd0e85b6e91f9ee13191f262e3774b5da4905a6d8bc8af0d98952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
5KB

MD5
0571914646636af61a6f7d159dfc07db

SHA1
2b5e803c6cffc81dc56eb326399606422c709b09

SHA256
b1195591a2926356a90a1c551febd4bbbc168e48c549e9d58197967566ed04f6

SHA512
088a145774e22e05dc92a367261dc073581b3bd302f10d17b37eee2897a456bb797fc63947762e175203f61191ee3290d01e2258379156ae869f88beb662618c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
4KB

MD5
a1b13d5c602f76211b74cbb961bb2b20

SHA1
324deed607c980e4237d0adf8df6e3489c6dbe40

SHA256
3f70620d398fe0265dbbedcd59b548eb72aaaaf45b14f2d340d8beb1c64a7cc7

SHA512
77fa4511c0468ffda58139f46eefc5465641655ad3c9caec59bcb5910d9e909ac7c7b3408c094b507b1ee92c82169bae49e9eff7bc996372b9139b5d9be904ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
22KB

MD5
b73e1605a077a0f7341cf4ee15db7700

SHA1
a61944e9ea01c7bd9bdbf28966bf8069816aa746

SHA256
b1b50ac83805dd7a74713a249823fdae112f1e7230334ded1d546b0dd20e554f

SHA512
4a59f4c8e875a1b902a7be7b5b2d80a66dc0c7fc852b752f6d6e5f5a6d80adf675be5f7db1a51aed43869ed8394b7cade8297867e772207a99394708517ba575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit