hxxps://mytaxrefund-ato[.]com

Analysis

max time kernel
156s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mytaxrefund-ato.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133346343442923763"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4368	4024	chrome.exe	47
PID 4024 wrote to memory of 4368	4024	chrome.exe	47
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4972	4024	chrome.exe	88
PID 4024 wrote to memory of 4788	4024	chrome.exe	89
PID 4024 wrote to memory of 4788	4024	chrome.exe	89
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90
PID 4024 wrote to memory of 3732	4024	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mytaxrefund-ato.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfb589758,0x7ffcfb589768,0x7ffcfb589778
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1904,i,17789378565570238220,6121947191389728388,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
171KB

MD5
442d0e9e8515f3517372c89d7d94fe9b

SHA1
768598cde1ba553c3b208f842b06eb80b94f2939

SHA256
205f37c78cda70f635fd72e1d99079d7c4d88e54e88b04a0d746455eefe3b979

SHA512
cd396095eb7640706063c45d951e49ec380ddd5f61088a26df2471d4424b14579708842ff971a5abe41f03218364ee5f7246d26bf2a0d3e08998bd580abcf739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f031b8099172fdd6b457f120ae521f80

SHA1
dde6110381098091f9bd3cc64f6722d89468bf7c

SHA256
374fc6eac295e4df30caa93c7fc43544a04d862fbabd510770bd14226e262b9a

SHA512
7285df8f2a2a74fc1c99fb27f9b77b989b234abfadbfd42b598d7bbac0f56c4a942d939f6c8ad723be2a92cf63eab74c9bf2030b51e2b697c6d49e2db64844c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
950c340d01f15e618142c934d2d13e96

SHA1
5beaf791f1f68db60ddc5c002672f6d4cf0647fd

SHA256
e0c8c397fa735d63224b6d43f2ca481cbabdc0dbc5ba4e17ddd25e17ee20049a

SHA512
23bed2b90fcdba90ebde8cf9eba6b7768ddb8347aaa4bfd8dffb4960ac1fce3a7f9b879fe1c582d33e74e3c95d77742032d6e15baede6b6357c5c991ad5b9824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
822db27c48acbea7413cc1ae60dee315

SHA1
98c988e5b910c646a40094eadbce3458d47ae148

SHA256
0e5f7d999303298d0a744c1aa792f2e5c048b054f7d2cb495254f95526eaa9b0

SHA512
ba9c1d5d565ba3b3b7be7498a12ddffb1733fad732fe9256fb5198d3c1a148e0274ca63c7e1097f41ee47c4c058a8625c02b70667baf75f753bbbf35c86c6963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77de44c8daa2dcacf1d84b7f4727fbba

SHA1
16c8f887c6b4d48fcb7b515828b93f18102e8de5

SHA256
ffc41c3fdeaee0011a50db32f3501e280b8f11433b5030e018b1d3a0e6253770

SHA512
55da02951db3bf935c00f7113019246eae2f62ae1b27d293c3c412fb367206484953272b397b19db64fc12f9b876c5fba17c70230d407a59afc2d85f4b8de740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74d9fa5278aadcc1787a1854da264444

SHA1
b3cf12515ce64c888979aad1010d12b191b9809e

SHA256
1c977844a3eddfc93e73a4a9cb3e98c4cc2be210c4c20bd12699502e921d4f11

SHA512
b6613590131288da2c4453be2618223d32147d2377513eb78139ee03518bc8332a293f5ce0b2e2f4f773f465b248001c92d08a683683ba9549fc68edfb0d25d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d62985f6faa3ecbc10fe9ac73d84f9cd

SHA1
399eac121502b328a051b0cc6efe4080fa630482

SHA256
9d4307d876956c839848c66c1932270f15b8a5ba4c026da07610e26a6ff0bfff

SHA512
566ebbeebeb6df8f3b5d87db6a2f3a3ed76cb433d8b1e8ba4be5eb469f0030225b8ef3e08ecbbce87c92b8b00751202351c9de15f388933d53718834237cde07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
108KB

MD5
8415def8a033c1848b5acf54d58ed6df

SHA1
c4a73e1c9cf2450323a18910867035a0fc999309

SHA256
61531c121ad9ef0572acbd373e1a759093c0981874c51cd83df5c762c1c5cff5

SHA512
290163a07afee9fb05256d72f44f9fef899cd51b96ad0aa8124632c4eb7cadf2ec94e052ba9c78e1fea233aadf25ce6c07c1410981a533fd2e438684929ccbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
9b2ef78f7adf4bb8f808675fdc49c550

SHA1
b674368fe5d528748aab952c8737cf9e08fe99ba

SHA256
ec84df63b0767ec2bd8d6d9377eebd6529f3697061bbfe0c3103452795ecc788

SHA512
3e475fac6f9fef1735efd123b98fc7cff75327b21256dc6147e0912b15b10aea1bfac48cd80f844378d4e10685a4c4ac80ee5bc8c194f7523743b698cba7362b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
499dfc1a2ba9dc7f121b2d04e9358adc

SHA1
d3f4a9c47111953fc066f10fa2a04d4fef913795

SHA256
72eb0abe42340659360dcb66f5aa0da946aecb6d7d8149e29f438a280da2cb37

SHA512
0dcb92c55b1d1be38cefdc7b7f342f9e24df913e2650d29026c183bd97b1e9ef61e324bcd85d3861b2005eee8e1b19d69ce595011bd9c83a6117f666703c6aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
9797c03052b9ba895ff37ce5d93fab08

SHA1
1acc5c82fb124902a4a3d6f4b6f6458d654426f1

SHA256
df5ac1ba5d743e96c70e26fe59f9e8547d217faa89f6677f25bc2f5b7c9cf9df

SHA512
2dfc6e58426d0a7dd8436b5460b6e999c6c80a731654a187241b153c59259cf3771576ad01983d477d90dc8972a887150df5e421a2ba8761ee79585e4d233970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit