hxxps://www[.]pornhub[.]com/ | Triage

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2023, 19:41

Sharing

Report Analysis Logs

General

Target

https://www.pornhub.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239049455704433"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 5060	1344	chrome.exe	86
PID 1344 wrote to memory of 5060	1344	chrome.exe	86
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 3080	1344	chrome.exe	87
PID 1344 wrote to memory of 32	1344	chrome.exe	88
PID 1344 wrote to memory of 32	1344	chrome.exe	88
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89
PID 1344 wrote to memory of 4868	1344	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.pornhub.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ab689758,0x7ff8ab689768,0x7ff8ab689778
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:2
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3364 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4704 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4864 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 --field-trial-handle=1820,i,4642670348550329342,3890654280833332011,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
e423854de532fec690d3a0a67a9c3d6a

SHA1
6def54726158b26652b65847e785d929c0413fd9

SHA256
27dfc72b5ac01d5c430b3fb5af1694c020fa08966fcf4e1f34779df7250a5abd

SHA512
7c95f00e04797d28bdcc0c206b7fa79f029bb63028e34386c30b29a54dd837b866191486c1ee797514e168ff486fc92ab5020cd1c1edd3418bcf618e29af5c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
356c9966c37f8bd88340eaccb169b15f

SHA1
06dbe8649d3bcb893329207996b00de7bc1e762a

SHA256
a810bd90eb0eac1472df4b60ce93252ae6b8c986a4a8a80951a969b86ebd365d

SHA512
b214e937cdc72a9349d35cb4cd0307b2a2914d85e540cf376b01331ab0ce473f0d9d89b3e1301ddb90137b62cf4404e131ef275da65879950b3e6c6a72ab12ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64342fc12e6c42206a9776cf3dbcf7e3

SHA1
b1744df7c7f04f2337734de9b25286cd5dee7b2d

SHA256
e355c5dd94077b21ff0586c6fea3c759cb46b5420bab91ef5ac8a580f9000c6c

SHA512
33426e9b12c162e844f94890162372e8653b8e1767e3777fa00914aacdeb18309b08e27517a6ca2bc6cf2fcec528137ffd641e851f4a250c09567d5ee65a2237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b198456a229ba7b669fc0d4a0f5ee1b

SHA1
48442934c25597c25dd41767c30ca416922203e1

SHA256
c005a02e4438e42279ddd48d44de63e855af91478a5b17c391073dca9645f7bc

SHA512
f0c8a50a24f300a22049e530e9e8b59ab629d235e3446d4296f68e893e46cc8e0d52fb9a556bfb2756c96e8875c6dc5082c4c14851045c90d0885cce119e7d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62518eca2edb213d7835552533e2317f

SHA1
b0fb7b729b5503c783b968cd5de2813cad320730

SHA256
221f1b1f2e623f35f9498e3196284757adb0a7b4d09fbffdcf84fc5b10bcc893

SHA512
5b57befb7eda78d560f0227a5b2570aa512224020723549c8388fd0991ef2473105a19d4ff81b3378603b3970c61cb7ff7fd6c75adeac51fc67bee2648e58ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0d2a89e3633c1a5f0c97a8a07c9bfaf

SHA1
348988dc58342ce19771ffc7a1d23a21de24df50

SHA256
37516b1b1f064c2f72a690a961d9bd53488faeadd03571c76a5bf12f3ccbc67e

SHA512
44156bdbc9cccc30104bd85d2be1fdce45221bca9780aee9e38991f4f1c1297f0a0500843afc1cea23c85617e138168d941b6df684dd087bb11a3542e24fc4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1a64f367c7478267422929f5870b873c

SHA1
79986caced8a2c7c1a59cadb3166b09a43473527

SHA256
c645f6f5f168e7ffd0678f2bd4baa42b8cf662e30f5ad211dcdf837adea68d4f

SHA512
a59a8fbddf170dd532cc1c6559a8a39236e16987b92855fa7548c3b396aa0838aec563105c863697f2fe88c29dd9b47fbb01ada5683831d821d6543a3d4f2580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5d58f5cd95b7a35c53ef649fe6b678be

SHA1
89dd7ca18f867bea8f0f7e35a1bc3750de23818c

SHA256
ac60196eaa08fab1c87274e48929b68f0d4e731d1e3d416f0e7276bb57441dd9

SHA512
e5d1bd1f8e445057fc571c703d35f7e086f85a497d14d64af07509a1e2dc961ad1572c3a3b5ab4995612fdb764eec634b23c85bd10bc3e158c679a5bb400f593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe572d2a.TMP

Filesize
48B

MD5
1702d64e3cc6f37602b4d1c587c248e0

SHA1
6f10e27f4bd32ce666086b15b1791a11ef73da1b

SHA256
1229f9b1e751738bea0d3b967efee6c984bc0b6d40a9238b4263a46a9f66bea8

SHA512
1e265cbabe463fb1d58c1b0fecc9df0de9400c18f45006fb57afd3fd4c927eeddcd67df2edd5a2f17b74124b09d2b5518640ccac785b9fc1ae8b351376aba22b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
d880afca7e1da2f7862b1a32733673e7

SHA1
00403f66fe6455b9e9b0f732184fcaf4db4e3b53

SHA256
85fc67f0a0a8e429b74920d6996363b51906e5248a4f68af58aa3b1e75b5df77

SHA512
8bf1383419df15c58c37f11d69e7400d24cecfa0d690e8ecaba17c589d60f34994b8ad2983943093fb88e20f6eb5d61ef85c0337e46aedd171d096cfa886a7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
cd911e031ae4aee01291270ac5533ee1

SHA1
3747ef3c3c990c023aa1d6ef90228a2b9ae3764c

SHA256
93593068b8e4d2d576f09560eb1e3d296705c068a4043e5333005a02dc2585f1

SHA512
c9f39a4f37dfc0eeefc91487856dad71244a8afc4964f72cb8f1daaf55790c3ef1b0d4ac9e9b87b9eed6cae2496e0be587b04c9c51be868a68d0ae273e886e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
d8d879343647e591e5d8f1ff28780b24

SHA1
911b0d222436d52d7cab22c2c201f816035d9a2f

SHA256
96aa42c28a2953c8026fb4daa7718a9a668c8df8a98df9a2c0b216698959a300

SHA512
37d863e6db1797ac6de905fb7199d75f48ced52ef82ea61329a670a16a5888caef09240c75fc684f280f7b48e117a8bdf6344f6d8447e7a5bc7a1d9943e3e249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit