hxxp://app[.]plangrid[.]com/oauth_link?token=oauth_da6596803402246b4ea05a279c69b892&redirect=hxxp://microsourcellc[.]radiopulsarfm[.]cl/?code=bGFycnkuZ3JvdGVAbWljcm9zb3VyY2VsbGMuY29t

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2023, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://app.plangrid.com/oauth_link?token=oauth_da6596803402246b4ea05a279c69b892&redirect=http://microsourcellc.radiopulsarfm.cl/?code=bGFycnkuZ3JvdGVAbWljcm9zb3VyY2VsbGMuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259742133735268"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 4876	388	chrome.exe	84
PID 388 wrote to memory of 4876	388	chrome.exe	84
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4452	388	chrome.exe	85
PID 388 wrote to memory of 4860	388	chrome.exe	86
PID 388 wrote to memory of 4860	388	chrome.exe	86
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87
PID 388 wrote to memory of 1796	388	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://app.plangrid.com/oauth_link?token=oauth_da6596803402246b4ea05a279c69b892&redirect=http://microsourcellc.radiopulsarfm.cl/?code=bGFycnkuZ3JvdGVAbWljcm9zb3VyY2VsbGMuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd840c9758,0x7ffd840c9768,0x7ffd840c9778
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4732 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5260 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5476 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3004 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5084 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4680 --field-trial-handle=1816,i,15447384945643310719,9198688336261899960,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3ff4d717a912c0309699aefc9acd5780

SHA1
eb13ea938a45913c049a96dcacb3b5427fb76ff2

SHA256
b45ad68c9139e4309b830b2c8e3abddf6a4dde538c95e33299442c3b1912450a

SHA512
0e7b59b033431be00017b8c33dbccfd3e8e969d26f9810b2eb6be8043d7bd5b6a2cba330d8af013f838acc747d6f0caa0f9d9800c2633c73e35ea92c24f9e004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb37e5e91d86b5e597a02cfb25db4ea5

SHA1
99f9fc8e7b2b33101b483f881b0aa2dec585c6a7

SHA256
daf5f92f68c47ab9cb8acc91a2b0f1f94ef6b5fe5c24b856c917d92a74a1d959

SHA512
86025074a8f0fd9b37cd36dc5216423b5a3e5baec92b724dd4f41259a92b040ae6e083adebe1ab384ea7d08986ac4a23c104c5b98f34e8bec558754ffb1bd283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
1df52288b21fff468010ec3e2ec9b67a

SHA1
ef222e4b61af468aafd78d52afb025e5a88fbbb7

SHA256
83cd47e75060a55201cf2e6b366817801bb6db33437cf85e1faa0631cb08a094

SHA512
abce0bac23519b50020282e6ecda7c92557ed05d85698b733f2c37764dbd38fb4a72b43df82f861a8223543004f854393c974152003348fa4b32e0803ebaf1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e6ebb5e66f882358136b3d2b9a186e8

SHA1
f0659a57d602a9b75e2acccb8695996c3001a7ad

SHA256
0302717d5dc1b96caff75660f9307ce7891ca21794495a8278b28d89aaf79e98

SHA512
e44596a885f909d63537f292b0b2776e411a28c1ed8570cc4c542eda1eb341b0ec98b554950a9be118ec26577ccea20be8f35a9353163b04d9bc42ed3d73fc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ee6b69129a5ebbbc2852e59e9f0a91d

SHA1
32a888b7f3b694a74cd414a1f6fdb5d090cd40be

SHA256
b3496a757a0eff10c36b86b774cf4e8b8ccbd431d36bf4b4db4e992c1fbdb675

SHA512
f77dbca73713da7d8f298799eb3813900e820d2c0eac7045c9d43ce6021e2be0f2ca09a9f0593b5281769861e6f77ccb36bef51144c91f3250df8807d16a1f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7688136c58ee0509be55eff07312660b

SHA1
1abe6fc295490594dad4e414b98bd9df4bffbfcd

SHA256
a8996018035ca9343c081f40d14b6ea6d9113cf6880573c1e95360c75f242a40

SHA512
df49af195ee2af83f0c98d7626f3f4de4e4d1b52b25ee22d8857b74ec0d0c62eeab42526284446d84bc483972ccbc0f29f47078b5f5f0aeba500754356231f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c1a266183f6680daadbbf9703b999833

SHA1
7b4ecd34773d8d24e3d0f2e83dd395964df1cc04

SHA256
a2cb2a591e4feadb8b68ff87981e0b001a732fa3474b6e2232570103b116971c

SHA512
a401f2fa194f251faa953277ca5e2da895cc7c891b5785326bd07e4fd7d4cf7d1f844eed323c9a8ab1fa4b6f6a9c4c3946ab2c1ca95ac798330a136ce92bda51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit