How Google Decrypts SQL Light Cookies

Malware got access to the cookie SQL light database, it decrypted it. The attacker took that file, replaced their Chrome local file, fire their Chrome, go to youtube.com, voila, they're logged in as the team member. And just like that, now they can go, it's as if someone just authenticated again,. It's as if Google received another session token, just from another IP address - which is probably what happened here.