hxxps://googleads[.]g[.]doubleclick[.]net/pcs/click?xai=AKA0jstlJzTIC9rK5xr-phzcKhpP7n7A14iCTBW_DA1Pw9aVInSIcp7ZZRrisL9LLaJtfh2Bx-8BuGJsD0i9UTJdYOCEyY6xUc9d8Np4rh8bEJs7LB2C30FU98W7NENFoJmuXrm@6lw2YJwn--GevAwQpen8wLbKGudm-PgpAVbMcBUcjHlVaajsKzssmCmTV3MuyUOHI5huTBAdsZmrWeJkANDTHygdmlYHiGXk1C9Ilz65v8vQsiAt_Qw7HrgC8Zhrpp7oQ8vcWUh3MhIzGws3ZFx&adurl=hxxps://ipfs[.]io/ipfs/bafybeigpxx3i22lscijxoostki5vf2jwrxgxdawqahykqe5rdsdyardney/indexcuberound[.]html&sai=AMfl-YSf3TYsaJ_TR3PE886EZdHZK4ajEGwVXmmI6T70_Qdv@hhHC2Tv-EDQz7rfwuERiAkck8t4jwzSrxvrJpm1pnI6RUTyRvtSWbnziJkNnEh0ZqzKYg&sig=CgOArKJSzDK3Z99AVhFE&fbs_aeid=lgw_fbsaeid#b2ZmaWNlQGJiaC5zaw==

Analysis

max time kernel
48s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2023 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://googleads.g.doubleclick.net/pcs/click?xai=AKA0jstlJzTIC9rK5xr-phzcKhpP7n7A14iCTBW_DA1Pw9aVInSIcp7ZZRrisL9LLaJtfh2Bx-8BuGJsD0i9UTJdYOCEyY6xUc9d8Np4rh8bEJs7LB2C30FU98W7NENFoJmuXrm@6lw2YJwn--GevAwQpen8wLbKGudm-PgpAVbMcBUcjHlVaajsKzssmCmTV3MuyUOHI5huTBAdsZmrWeJkANDTHygdmlYHiGXk1C9Ilz65v8vQsiAt_Qw7HrgC8Zhrpp7oQ8vcWUh3MhIzGws3ZFx&adurl=https://ipfs.io/ipfs/bafybeigpxx3i22lscijxoostki5vf2jwrxgxdawqahykqe5rdsdyardney/indexcuberound.html&sai=AMfl-YSf3TYsaJ_TR3PE886EZdHZK4ajEGwVXmmI6T70_Qdv@hhHC2Tv-EDQz7rfwuERiAkck8t4jwzSrxvrJpm1pnI6RUTyRvtSWbnziJkNnEh0ZqzKYg&sig=CgOArKJSzDK3Z99AVhFE&fbs_aeid=lgw_fbsaeid#b2ZmaWNlQGJiaC5zaw==

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133398603144567495"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 5040	3108	chrome.exe	66
PID 3108 wrote to memory of 5040	3108	chrome.exe	66
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 3076	3108	chrome.exe	87
PID 3108 wrote to memory of 2816	3108	chrome.exe	88
PID 3108 wrote to memory of 2816	3108	chrome.exe	88
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89
PID 3108 wrote to memory of 1604	3108	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://googleads.g.doubleclick.net/pcs/click?xai=AKA0jstlJzTIC9rK5xr-phzcKhpP7n7A14iCTBW_DA1Pw9aVInSIcp7ZZRrisL9LLaJtfh2Bx-8BuGJsD0i9UTJdYOCEyY6xUc9d8Np4rh8bEJs7LB2C30FU98W7NENFoJmuXrm@6lw2YJwn--GevAwQpen8wLbKGudm-PgpAVbMcBUcjHlVaajsKzssmCmTV3MuyUOHI5huTBAdsZmrWeJkANDTHygdmlYHiGXk1C9Ilz65v8vQsiAt_Qw7HrgC8Zhrpp7oQ8vcWUh3MhIzGws3ZFx&adurl=https://ipfs.io/ipfs/bafybeigpxx3i22lscijxoostki5vf2jwrxgxdawqahykqe5rdsdyardney/indexcuberound.html&sai=AMfl-YSf3TYsaJ_TR3PE886EZdHZK4ajEGwVXmmI6T70_Qdv@hhHC2Tv-EDQz7rfwuERiAkck8t4jwzSrxvrJpm1pnI6RUTyRvtSWbnziJkNnEh0ZqzKYg&sig=CgOArKJSzDK3Z99AVhFE&fbs_aeid=lgw_fbsaeid#b2ZmaWNlQGJiaC5zaw==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd38839758,0x7ffd38839768,0x7ffd38839778
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1868,i,11023060056310841605,6545009265892873538,131072 /prefetch:8
  2⤵
  PID:1788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6db0d935e2f895a5be5c1c7991fa2f8e

SHA1
796f066ee422b36f81967e1af29b2187c8ed2a4c

SHA256
0f7a10a4c56a613dfcc3d7e4f3c60ccc0696be99da038d1e2e55a1b4e007e56d

SHA512
1de6a15da416dcd03666855578e1d0fd52842b64dabf00c37133e0de47d6d12cfba8efb99713672dfac5f52ba5feadc4979d49db235ca0f0e3c694332d0c2d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a06a11a58e91d436185234162e14bf1e

SHA1
9ecae398ac0fa66d6d804d198006efbb9ca6bac4

SHA256
25d259f2db1003325493e3d1ca00d0f1038069537d4fde07e0c607a79fe0aafc

SHA512
7419fe702a1ca4505887fa9c602900852aaa7cdbabb0747a2e231b359df47966e3da5153a6b0b94cb849ae67e96db1bea15ad613da34f4c54d6328da9569bf4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f38e12063dcee3da9a772b99e1cc5d6f

SHA1
10ffe8c03cdfaf93332c9dafc83dde5a4e9887b4

SHA256
76ced2e0879cfe313b8c0a5d47ae7e99da8090ce31a4712a46218a765d93acb0

SHA512
3beeccadf7de9fc08a2ca6ad59ad00590e14b39922e60ca325617aa2f745afb197dc86b0a30a727934a1a95f87cd60f5bb701a3c8e79ada9ea3f3f6f3c8340c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f60f7bc032cdf2ea59069f640ec49e26

SHA1
be09a38e5468477540b36fdcfb63a9be66a0389f

SHA256
0969d0a420432894b4e9bf2d01f7f821828e747020816b5fa1f671581606a609

SHA512
55651f5c1ed8bccbe8621c1fb4726a47bada42db99ea55a5407cdb64af38845e71fe2d4bb9a281782e868fb3d26d8f406a76434504b8aba5312a2dd58249ddd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
260eacd38e23da460a764b9ab8cae937

SHA1
86b9b748857c99261a96dafce52f1ef4e7b11b1c

SHA256
72c507c0b3c2c81ef1a202b1bb48c9f0dd123cdcc28c067361e1e686290a4be6

SHA512
50246ddcdfebb192ac657da917ba024732a73005329d36ef66e5f3dc400b851a46393b60d90fa5305c2e10383b9e626e34f8fd9c101bd0c5012a2749dbd423cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ac785a4d0fd892c11ca30c607490d76

SHA1
b98ecae085ef3963d6f1fcb1904ca136c052e7e0

SHA256
84e64adb097ad015f36368e371edc307e1ad52c5d174672f634ec013b4d08548

SHA512
e1735c378eda107a342d253e300b27972011dbf3bcb3d4960c473786455dc1929776bd583f7652547c91e8a3cec951cb593bca34c7e11abd5dcb49273dba8d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad8d5c3a166c0ca345d7c1ee5749f421

SHA1
9f996e17dd7e78580cec7f492f9ec3657c6ca1c4

SHA256
fca3624d70727ae4779f9fee4d20f40c2b869d02b9d7c3838119921bc5287a31

SHA512
7bb1c5588080a1ee41ac5580a6987211dd362901a9b65dbff537176dca55bdb2ee9df51c77d5c9d1d1b75770275517b27249f9013d671b664d666e816177d895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
174e409a7ee588ab376ea695545072c2

SHA1
26cfede4ffd3e54e5639c24b0faeb480390ee85f

SHA256
f3d263f85429c107647a3e34ab57944611c784d023821cc01792524cb395b5a6

SHA512
ff757a4d649ab172472ffaa829916233aea0ef52663b7436238aa96ea959b5ec24760c19772b5cfa75c01b32940d404ac5a593a4759843353b66c60e1a0f3d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5981f1254953034a7837f3988eb789c7

SHA1
de09c18a0d15566da3b84a2118fb64e5ad607fc8

SHA256
379d7b50fb1b17a2733ddd7440966d149135832ca1a6d94cc78e5bd64bae8f04

SHA512
c7c5a799d64b7f38412086d75d20a45a69f74edb542f7c98ed8771e84a1e9123e2a0799be5fb31d1185e2658ea2d9448fa7b988f9503792243076721e6670ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e8ea743f-4eda-4248-a1be-f6d55ea7ebc8.tmp

Filesize
101KB

MD5
2c9daa31223b8c0838c1eac99976bf86

SHA1
6ed5a4df954d56d53d249cdcc6bcaa2dfd186bbb

SHA256
9c51700ceb55910e15630dc2a995cec3b3a54ffc6120f5e3e1418bdaaf2949fa

SHA512
f4182db80a6a5abd3841a457240c397c077eb81c148da2739c00c20613e21e780289faaf877c33ce4b6979d2f6d2957378b3f56aa08b797496841fb87d9596ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit