hxxps://iqconnect[.]lmhostediq[.]com/iqextranet/iqClickTrk[.]aspx?&cid=PA16LS&crop=0000[.]0000[.]0000[.]0000&report_id=&redirect=hxxps://subsurfaceband[.]com%2Fnew%2Fauth%2FdmrW%2F%2F%2F%2FZGFtest@test[.]com

Analysis

max time kernel
413s
max time network
417s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2023 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://iqconnect.lmhostediq.com/iqextranet/iqClickTrk.aspx?&cid=PA16LS&crop=0000.0000.0000.0000&report_id=&redirect=https://subsurfaceband.com%2Fnew%2Fauth%2FdmrW%2F%2F%2F%[email protected]

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336848749566586"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4536	4440	chrome.exe	83
PID 4440 wrote to memory of 4536	4440	chrome.exe	83
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 404	4440	chrome.exe	85
PID 4440 wrote to memory of 2440	4440	chrome.exe	86
PID 4440 wrote to memory of 2440	4440	chrome.exe	86
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87
PID 4440 wrote to memory of 4300	4440	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://iqconnect.lmhostediq.com/iqextranet/iqClickTrk.aspx?&cid=PA16LS&crop=0000.0000.0000.0000&report_id=&redirect=https://subsurfaceband.com%2Fnew%2Fauth%2FdmrW%2F%2F%2F%[email protected]
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa04d69758,0x7ffa04d69768,0x7ffa04d69778
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:2
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4720 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4892 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5180 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 --field-trial-handle=1916,i,5896896876564350881,16929093425025784707,131072 /prefetch:8
  2⤵
  PID:3700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
dc3beccd8a8ccabb923b30cd02c6a706

SHA1
3880cf3a5fc4f7f104e2b0d5789c13b97a0ef70e

SHA256
67ed4a58067acc8d926fd483c5a4295d030ec53dc6296999b8d71a1d83840326

SHA512
576cf472fa927ee37acc046c4c77e7ac41bbc23e57c1a1f2ee948cd14eac6bb549a804b1fe75dc70954f4127bc9ce301d89c77e9ee5789f615e3f9533f74c3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59ca4da20e479052d5b5ea3d9ec78d8d

SHA1
ba1e2037806807681593d016bc022bc77f55b4d8

SHA256
f90ae6c43ef63049f00640ba2432e47526f054f43be756251dca60f218f9b6d3

SHA512
4323ab57a8569a193c6ab108099044b5d51f07e6f0e1697c7378ee15fed43eafc4e1bb7a00513d5bac7980b140873e479db4b1fa33885920e223060a5ffcaf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
701B

MD5
769e27a651494f18eb01bc706ee7d6c9

SHA1
bca452cd574420afbfd0199f9cc7631eec6869a0

SHA256
fee632a0fadc5683f9cdb1655ac12cd60c420828d0cc76332d694b1a4d168bef

SHA512
2abf5d102badda8fe19f765147e4ead87572aba15f64f10f7ddcb8fa01af7d7c4a8482eef0dbe50b4aaea7083a1acdf8c7c54c0f187a4cd6ba9be561c451aff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6c69476a67f6f2223fad00e512e8e730

SHA1
c09c11f8657429dacda6e2310b7adfea7a22bb07

SHA256
bdb49c2fd1a2b7a986060630586b61c167b5748f51f765201790d98093e9b8d6

SHA512
cd55af0b413a2f28a5b91ed5ea5efff36e1d93aa4889d12dce77656a4290d1dafebf7234d4df46fca8851cc35d8328d05cdbed240641a149493411a5715a7f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06aff57d68c328b41b24519f8571690e

SHA1
4975b98b1e26f542ee194d0af7d406afb078ba4a

SHA256
e9e3bc3c04b6a6571755dc1895acf6b268600d447ab102878369adc4a010da94

SHA512
99f0687949b1110ede96e66d4b1e885e17a4713fcc7f0a3b8651c33dbab99ccaec920ba15b81b015310b0ce3e9ff883cd04091949056bfd884a64a4cc47efcdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4604a1e4058a22e8028b4c8b999275fa

SHA1
c41caadf747001feb8460faf0f185385e310c326

SHA256
06d4a10d327937daad6f05208fe44346b15511e26dd462b383abc8808e795066

SHA512
81116e2ff25e344e99ee79794e15799c600b1caa1e6c0d86f3917e468148bbf1c82fef6b492db84b6d4fb65c3c5d1bd74d3677f75556324ea1dea4763573d978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
c533514218abb4ac803e54f753f0c76a

SHA1
4f205ead6a868dd42c64eb9c68cf0a822a0a82ae

SHA256
32765dcbbd3b0b23f375783fff4327c7f8db4bb1e7f13907d3d7a3c65ff5c35a

SHA512
d60409845c614ff6118448a3813a5c23ed33fd3986b73c76d7785617925cc9f31bd9f374a84f5995b3defe06f4eeb87b2b755ece694a8c4fb3c4b74ed229dc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
b7f7032e343891e81f8d3b6e7ad81b6f

SHA1
153bf9c993f2bf8f656da9892e69fe52fb176e0b

SHA256
ec0e971de0cecf1dc4df8a7150aec34c3886b2f01d2183cf043c53e35ef43a6b

SHA512
74623ec401da846c6feb77e158ffff69551fd6bc1c1cb15c1eea1584b4db7c5b4dd88a0f9f022768e4d5ff6f64935e4209373d02595fe1d516bbf258e7bacc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit