63eb2b3c6dfb9aa7ad359cec67d948d4980b5aae86efcb45220d99c0c7fa1320

Analysis

max time kernel
25s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

alysum/pornhub.exe
Size

1.9MB
MD5

e7117f2f7fa1270692cebf5784b255e9
SHA1

09f67cd075a94077964a6d64326a1b3755069eb3
SHA256

f0cd71edabf49bc65c7de45cebd7dbb972ad216302155e555bde69484ce3ba98
SHA512

a4fec6e9574f843cabe8bdee96fe1d8ea7c738cfb55b3f3acc8eb955b3db87533918b65c571e541a57b5bd52160cf46cf6295801c600ace94a16c61d18fafd16
SSDEEP

49152:b/yNSwDDkqs+Lgon7lBGf9/nuSJtrBmO7iR8:baEuAJ3t7K

Score

8^/10

discovery persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	pornhub.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
2432	pornhub.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	2432	pornhub.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2568	2432	pornhub.exe	31
PID 2432 wrote to memory of 2568	2432	pornhub.exe	31
PID 2432 wrote to memory of 2568	2432	pornhub.exe	31
PID 2432 wrote to memory of 2736	2432	pornhub.exe	32
PID 2432 wrote to memory of 2736	2432	pornhub.exe	32
PID 2432 wrote to memory of 2736	2432	pornhub.exe	32
PID 2736 wrote to memory of 2180	2736	cmd.exe	33
PID 2736 wrote to memory of 2180	2736	cmd.exe	33
PID 2736 wrote to memory of 2180	2736	cmd.exe	33
PID 2736 wrote to memory of 2440	2736	cmd.exe	34
PID 2736 wrote to memory of 2440	2736	cmd.exe	34
PID 2736 wrote to memory of 2440	2736	cmd.exe	34
PID 2736 wrote to memory of 2484	2736	cmd.exe	35
PID 2736 wrote to memory of 2484	2736	cmd.exe	35
PID 2736 wrote to memory of 2484	2736	cmd.exe	35
PID 2432 wrote to memory of 2952	2432	pornhub.exe	36
PID 2432 wrote to memory of 2952	2432	pornhub.exe	36
PID 2432 wrote to memory of 2952	2432	pornhub.exe	36
PID 2800 wrote to memory of 948	2800	chrome.exe	38
PID 2800 wrote to memory of 948	2800	chrome.exe	38
PID 2800 wrote to memory of 948	2800	chrome.exe	38
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 2036	2800	chrome.exe	40
PID 2800 wrote to memory of 1016	2800	chrome.exe	41
PID 2800 wrote to memory of 1016	2800	chrome.exe	41
PID 2800 wrote to memory of 1016	2800	chrome.exe	41
PID 2800 wrote to memory of 2516	2800	chrome.exe	42

C:\Users\Admin\AppData\Local\Temp\alysum\pornhub.exe
"C:\Users\Admin\AppData\Local\Temp\alysum\pornhub.exe"
1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c Color 4F
  2⤵
  PID:2568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\alysum\pornhub.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\alysum\pornhub.exe" MD5
    3⤵
    PID:2180
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2440
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2484
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2432 -s 708
  2⤵
  PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefae79758,0x7fefae79768,0x7fefae79778
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1640 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2948 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4068 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2388 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=108 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1248 --field-trial-handle=1292,i,13442898216047389968,13845085429407138625,131072 /prefetch:8
  2⤵
  PID:236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
85a62811837c82a74322d746547576d3

SHA1
f8272f1b15942689e96ad4fc44e4fb39f894cbd8

SHA256
d9a4f1bbd960b843225ab780e42f2ed902857e0db9cec06dd53f5699499f3405

SHA512
87f5358e5cf373d7f39fe7ab47a1072ea7a362d88389e9f5301d5be34ce2ab27b73542f4b1cf198ebb14c11f7822ab46b42ec833a05cfb8a09f80e2975ef8260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f91df45a9497eacb5903093d969c52f0

SHA1
3cfb38e97e3c3bdb59f78095a4cbd193a346f626

SHA256
5e4b8bb4824e3d63d885ddd11692fcfce76e2e082f673c53c5e8c7dd7b8d0e26

SHA512
5d9ad8422e1089667f7962c3d3cb5efdb93f70f5de51449ff6df25cf90761641ff0c776db441382efd2223fdae77c133a8964823fb9d33a425b3356dbe8d6809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3120388a3785c6fd0eccc93ff9c221bb

SHA1
be9e5543745f3082b2e1e0ebc3e540d9d94054c3

SHA256
0fdc52bcc1a5ee97a0107340fee0873f477267e1060ace142f36c15628005c75

SHA512
c4e5948c37badc2a67d6ea53f5274a21765593c8917e3e05cea72982466330dd7f8b895798c3e4831562063007d34bc5c946be1de34d8a9a89ded2b6eeda1f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c559cea0dac91b5ecf72e35e7879aaaf

SHA1
95ac1e3f2f3965cb4cbd94e3715ea2f1aefbe8e1

SHA256
e7ecea5bf3db83f5c3971c9f19cbb88a6417fb6f9c45f744c0faf2f4b291a64e

SHA512
a6701dd868c551bb07cbe60a42b54fa5c3e5f2f2bd263200769fae0ae75b9d6c7f9c6735cc79466d13509829328e1a29262f708a65001262965547e519b6ef50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1e9ff762dbbfb6b617a236731a13812d

SHA1
18ad25aa9b1fdd2e64c08af3e77d250b7b79b64f

SHA256
82ecbe6fef5dc3c717a90f3f0dec9e7acad23879cd3b6503ca6dc016e059cd64

SHA512
e556467c1522ffc51d80e4fdcfff3858e1318e981b430b1762f4b9bfa40e6c55dfa69bee4a015c5c50103ddf1585e5096d41eff21d30b692b43d4521de2027b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eb601e0c5ed60ba1503db4ab0aeadda9

SHA1
1deeae0757cca8f8ec1047fc4f04e62c7b202071

SHA256
4161b58d0190231355248df2097547252e32e97204c590e31bd21385dc445094

SHA512
20814c16e5c187734f45f8c9e0d7ed531e428cecc0eaa906bf8ba37d67b7a296bb9bf81488e1996205e10cbbd6fae9acbf233f27ed69ee1ac5c19a65b8dd8377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e71fc4a3a19016288cd1e8071678f87b

SHA1
5a6782d92796930f81429bb44cda20ad2bf49232

SHA256
1d04c59c959d05bd4cd06df10bbe066e7fd460d5f95ba4e488fbb95bbce0d935

SHA512
de163874b98a8bea67ddd72113bc9908f6387067558304d983408e047d07b8c6874f84d3bf1540400ce244f45497d6721ab1a7843f3f05ca936db1b6db78ef7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0b21b9d4037eabbad93ea9f1625ed239

SHA1
3c136191233d1b4e71efdbb0bdb589b99137960a

SHA256
f56179e9986eeb3b09f04cf1c9840355c0eb47ebf94e209a9034ed26e60d7aee

SHA512
a24d4169965117df23cc3e457990b00fdc3ba97f9dd46373fbec35e99629d22a0df26d0a0d0d7b6e409f9a7ac556e2c730128cc95d8d4b84accf30169de4b534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b1d5cc123ab055a2cb9c274c5e21ff5a

SHA1
eb7a06505e07ce57ab89b176b7b271b6e7ea5086

SHA256
a04139904b7c6e6e82daa526fda1a2530298739daf9ac4a32d18c2d9361b6147

SHA512
c9731619f04970bce6827810467e555f3bf11b527086dbcc0ee38b4e54e7a54647482673f0cb3aa9d3c48f08f8653a6b60b62288ed90ef0cf830ff262e906ca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
memory/2432-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download