hxxp://sqairzgolf[.]com

Resubmissions

22/12/2023, 17:49

231222-wd4tysfcc5 1

22/12/2023, 17:16

231222-vtcvqsbhar 6

Analysis

max time kernel
360s
max time network
375s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22/12/2023, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sqairzgolf.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133477391081790085"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4840	chrome.exe
4840	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1468	4840	chrome.exe	21
PID 4840 wrote to memory of 1468	4840	chrome.exe	21
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 1376	4840	chrome.exe	91
PID 4840 wrote to memory of 4984	4840	chrome.exe	92
PID 4840 wrote to memory of 4984	4840	chrome.exe	92
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95
PID 4840 wrote to memory of 3012	4840	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://sqairzgolf.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3c4a9758,0x7ffa3c4a9768,0x7ffa3c4a9778
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3912 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 --field-trial-handle=1892,i,10882444472877942995,15135443823134773895,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9edda5f1e2cdc2bac0ad5d9cadd2c3e6

SHA1
2b28ad0f0fdd9e5446053f5a616ccaf83007bd25

SHA256
ee4eb2896120e1b92edf6e30f1d45ae67de3d9cf0b21676f143c799bd1e7b0e0

SHA512
fc5f284e93dee2d0c255c254df9abc296ea0bbcc23ad6952b94fdd43e8a5bda35350dcdd7bac431bf9a0ce29d5bf75f2605b3d485caaf98674de098f3546a5d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9820b533095eb4e1c48256057f72bd6e

SHA1
b432e4332035c7d73cd94031d9029d7dc9203365

SHA256
38ec4cc2b29c72ee366d4a9d270f28c545ddadecf7a8807bc26364c973132774

SHA512
c47cf80a189041ed274927e0d0ed9ebdac95c4655fb60d4c331c1ace52bf761723bbc0c6cddff9462364c377a57ceca2da1980b510c5879ed5b7810e727050a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e6a2353ba7d51b151c02ac49fa670187

SHA1
2af696a563537428c10594cb4a4d8578d87b1ce8

SHA256
018876e8fa13e28acaa753faf9886e838f5cb5605723116be8ac6b9ad5ca03ce

SHA512
e0cb58f087629fa3bf99c7a41052d266e45b512c80a801e7bae8a6c8fa8f6f24bdb7c33b7e3c974b08ea9dd3f279f06b1c98d375293decb4ec671a548f39582a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
15a3175a428e571cffa045a68244c98f

SHA1
22b0296a36dcd2d1fff9a8d1877ac337c07619aa

SHA256
aa74834c636569ff75493ce5e1c10c842b46c18947ba22d2077377c54cf98a98

SHA512
e8df488720cff97b76f8870fb203705c6f3cc42a69d52e0ab4b291e47191b7cd184a2a417691ca4584e7108cb9e1b9401e8ab6518cc9ad88522fd97768b0b24c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
44fa753fea96edb5d74b4dcec1462b02

SHA1
50cf8c9797c0ef0444ffb148d657d918bffe5323

SHA256
f215d2e53f5baad407475dddbc6e6bfd93148e4c3e737c60e6ede98095350eeb

SHA512
f7526c0502468191a771c3cd69df32b26188023ee6211eb26069af8ce54df0828f980fb876c7d36b892584daf93d18a1574d43a4f3cb60e8823d35c785d18468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aaabdb555c8853ee0350192b8d10bf44

SHA1
0abc66d38324e4afa73a05c9681724744a53797a

SHA256
86f8b82891b115ea5fe82ff8d09f284f69d4bc6dad4763d16a55f7255a1e63df

SHA512
cdf2d6df42e13ded7b0aa526073f1b308f1bcab81b19b476dc35d85de4666b44f05fd10e21886e7cc324c6106b171a2b4fda807993807bcaa023e9f79352b94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d6731506117811d1af0f0b60f6036204

SHA1
7e0743836c8d94a2d7ce96ced2d0e3771f79a773

SHA256
ba6f4eb00bcd36a90b7c9763f3516c0c7a50c991a144a96ff93e94b7f86d7b0a

SHA512
d81ca1ccb3d81323e5800aca766dfe3cef7e3ca9c2c47f6634b2cf189a4d04ab846a7e4c3c68942a0d7ace0ab7c8b3429799c67617b4b8ba8ef9b12492b2ac26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b69ed2e1278ebdd89facb0759ba96e7e

SHA1
36771d5a808a8efd8568842edc684c7aae4f2788

SHA256
dec2225c531367eb365fec589b5ff73192eb28a2cbf8bb11b53e46289cbd75f6

SHA512
e265ccd91c1a1bd59362d696ed67578fb94d3b96f98636025c10ad06c910b393e952bd8a626857646808c2b0c593fe83bdf9eb4ff104271deb88d4797569312d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
51c762c96cec9d6388392e24dc8c7113

SHA1
3753f85533e1ba8cff918c65f21a12dbe59e6daa

SHA256
5080115ccd0c0b746c0ba1d97b15bfac958d09395efec267cceb1e477fd91aac

SHA512
e177149d5c70a2a5d5cc20b8adabb1823cd37d827a9df15a98358a24219ce6fafaa24c364ae1cbb16a4e0c825c3eb0cd5346b7bd93a68ff3541c18049cd85f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b137bb3ace7841b497651ca773acb4b6

SHA1
1214d6ee9746b3b2736b845019655a729b216033

SHA256
474fd5afee34dc25b1a2e4d686b16ef8b44c356afe317f235b492f7afc74e6dd

SHA512
fd77b9f27091aa73772ad24df494629bfafe5e6c15967187ae384bc34ddc3fe117992d5158f8e0a1b86f9f2cb28417855d0c1b2699a59745e65ef7e5ee0994a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit