hxxps://googleads[.]g[.]doubleclick[.]net/pcs/click?xai=AKAOjssIdZGtK2LGw4coQMwtQcONuf8cVZUVHUrlFgT33_wiLCuxpoweUvHdBH9neY4iW-CZh2SzgITptx6j64F0B2pEU0uoeRfmKTeyn7LSG5Irubqjv6IFl9MeqTp84ZT99WRJlZDMgrwUaUI7QjgNwL22AVveJm980wuVNryiILT2WhxCPmcY8M7PVIOygAXT_382p7PUn7bIByn2OjlTfCiaqta3tAhZWCuROeXZPznm5cGhgUYspVywPb8Y8GbuT5pyEUyF89icmqe5zg&sig=Cg0ArKJSzFtr0kI2Y6Ll&adurl=https%3A%2F%2Ftaxauditreport[.]download[.]demanddocument[.]clearylfab[.]com%2Ftaxaudit%2Fauditing/ZW1haWxAZnJhdWQuY29t

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjssIdZGtK2LGw4coQMwtQcONuf8cVZUVHUrlFgT33_wiLCuxpoweUvHdBH9neY4iW-CZh2SzgITptx6j64F0B2pEU0uoeRfmKTeyn7LSG5Irubqjv6IFl9MeqTp84ZT99WRJlZDMgrwUaUI7QjgNwL22AVveJm980wuVNryiILT2WhxCPmcY8M7PVIOygAXT_382p7PUn7bIByn2OjlTfCiaqta3tAhZWCuROeXZPznm5cGhgUYspVywPb8Y8GbuT5pyEUyF89icmqe5zg&sig=Cg0ArKJSzFtr0kI2Y6Ll&adurl=https%3A%2F%2Ftaxauditreport.download.demanddocument.clearylfab.com%2Ftaxaudit%2Fauditing/ZW1haWxAZnJhdWQuY29t

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133449929259059317"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 4220	1376	chrome.exe	22
PID 1376 wrote to memory of 4220	1376	chrome.exe	22
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 4756	1376	chrome.exe	91
PID 1376 wrote to memory of 1124	1376	chrome.exe	92
PID 1376 wrote to memory of 1124	1376	chrome.exe	92
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93
PID 1376 wrote to memory of 3632	1376	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjssIdZGtK2LGw4coQMwtQcONuf8cVZUVHUrlFgT33_wiLCuxpoweUvHdBH9neY4iW-CZh2SzgITptx6j64F0B2pEU0uoeRfmKTeyn7LSG5Irubqjv6IFl9MeqTp84ZT99WRJlZDMgrwUaUI7QjgNwL22AVveJm980wuVNryiILT2WhxCPmcY8M7PVIOygAXT_382p7PUn7bIByn2OjlTfCiaqta3tAhZWCuROeXZPznm5cGhgUYspVywPb8Y8GbuT5pyEUyF89icmqe5zg&sig=Cg0ArKJSzFtr0kI2Y6Ll&adurl=https%3A%2F%2Ftaxauditreport.download.demanddocument.clearylfab.com%2Ftaxaudit%2Fauditing/ZW1haWxAZnJhdWQuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6b899758,0x7ffc6b899768,0x7ffc6b899778
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3648 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4568 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4516 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 --field-trial-handle=1676,i,13042149930641059074,7432923753664657792,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e05ca8950cc735ee18335eec840b4415

SHA1
16752072b7b7a4436d52242c42ad50e1be154b30

SHA256
7f63e541bfb47b7f7f2228d60c847dd5cc83a90ef5a8665db9372b31b76d7081

SHA512
75443d44d5f2f7bc6282b0d40f90ce74cf08a14f83981721fd78cadd80c68ca555c951cd29fe071880f1d467e3cb1740b46161fe3a7fca6912d8e9881f366dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4ba96b10ea125b45c4ff461b8d1cecf6

SHA1
2e64c3fa90293ed2b28400cb01644ac61c4a0e06

SHA256
41f89820cde58fefa3887983869e1a8a0f5a6b1d8346b66767c27c0b6af0b5ca

SHA512
6d222bd841fba06682bccd616d7f3bb22a5e037307fb9deae207b56d969a1fce4f2c15244b6a62f4b7aca03c15eee4a3d2c26c6dee0e33f7932bc7221a399dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
562b276c5c188c3312d948725937559e

SHA1
d3a38136b1468c4ba98254cd8b10cf5a7e0a5690

SHA256
28b0737058147c9eb2912370d2bde8b56da945c1c1028f004cffe0a3cc5d735b

SHA512
19e7e714754291bd685a47934b75c7c04a9238a40fc07dd796db0b9ee4351a15aa6a5a928803716641655aadbb49fbc4185f67db9772edafbedcd36f046e9553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
57c423a0ab879c98924237fc29473857

SHA1
e17562341cae5362b8b6be5ea179c747bdac9bd7

SHA256
a050630818f501b2da841d837b2e03d0cccc9147331acfc1cd58acdfd5278999

SHA512
cd394a974e51c33a5e924fe4d814303ae0656222487ba523c0533c4c70c6e899dcf814e62629387a615c617b0b6e54f95197c099a83fa8c4ea9507c660462126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
74c052bc05adafefcc3e805deec45b13

SHA1
980bcbecb116c3d854c3053203848a336adc3915

SHA256
d089556a9d389a8a2fdf99f6ab64f4973f5a4b374be92d5ea388c6991a43f029

SHA512
590f6b58dab1b0773c1ac757132fe044fbb3cfdd3d82c8d7fd4c3a556da58a021a22b1c470e10ede18758cc5e70eb284f9c454cd8ac89205bb924e6bf7c0dda9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit