hxxp://app[.]plangrid[.]com/oauth_link?token=oauth_da6596803402246b4ea05a279c69b892&redirect=https%3A%2F%2Fdirtysak[.]com%2Fnew%2Fauth%2Fsf_rand_string_lowercase6%2F%2F%2F%2FYWxiYW55LmludGVyaW9yQHBjZy5jb20=

Analysis

max time kernel
600s
max time network
595s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2023 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://app.plangrid.com/oauth_link?token=oauth_da6596803402246b4ea05a279c69b892&redirect=https%3A%2F%2Fdirtysak.com%2Fnew%2Fauth%2Fsf_rand_string_lowercase6%2F%2F%2F%2FYWxiYW55LmludGVyaW9yQHBjZy5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295117311968032"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 4768	4216	chrome.exe	83
PID 4216 wrote to memory of 4768	4216	chrome.exe	83
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 1528	4216	chrome.exe	84
PID 4216 wrote to memory of 3624	4216	chrome.exe	85
PID 4216 wrote to memory of 3624	4216	chrome.exe	85
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86
PID 4216 wrote to memory of 5072	4216	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://app.plangrid.com/oauth_link?token=oauth_da6596803402246b4ea05a279c69b892&redirect=https%3A%2F%2Fdirtysak.com%2Fnew%2Fauth%2Fsf_rand_string_lowercase6%2F%2F%2F%2FYWxiYW55LmludGVyaW9yQHBjZy5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec619758,0x7ffcec619768,0x7ffcec619778
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4960 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3524 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4924 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5704 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 --field-trial-handle=1836,i,5374272133381991873,2755833242251649850,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
073b8332d6e7ccfd1f59c03d007094ff

SHA1
fc72fa674901b53c3d561d345bcd31f5387a18cf

SHA256
a644f787ca63095daa9a9c208f20282ecd735197c652c6bfb567007dad554ec6

SHA512
ad46812b1c8fdc4e68c69a8bbb7901ef8f71d3bde6e25b495d08c3eda975c69acf2e41f516afc88e499971cc89d284a2dacf9ffaaafc78296063a068ba592a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
efcde6d732ddae72419e59303aaa2f05

SHA1
27bc7a1771cbaf335e1f5c0ca7f0cae86eefcf82

SHA256
0524906d829fd1e076a3a95039e58bb6a18b51704a2a10c60113cd378105d41c

SHA512
ca1f8c32675b1afb0b64895fe024ebb0a90ed31051cc001b96956189f1869009cc20e947ed912f5d2fe4fa9cbbba755b3ff35f35d274e06a82d3ebbd3c668b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
87e870d457980391a3562c53038c36af

SHA1
f56a35c1538c6090b14809ae0fad31db16c81478

SHA256
5c2332a7981a68c82656b2f8d60a92446fbd0af84b157518e34f99912f5234dc

SHA512
b8d6560b6b1a928c8338514e5959c616247cbdcf5252684f1e4d3d2b37a926eeb8bb6a919588e64d856d626600ff4d4f44c05e624b7f19c6175aa47e6243be46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
3e74afa8dbabe13c0c517709440e5416

SHA1
f948fb13e5ec1d0713be63272c8713809ae5b889

SHA256
f2e17cf90627e349c9890f484cc332f901c80369984da7cfaa4b351e6ed70b57

SHA512
446d1c0c2848ec5e4d4ad42c6d80a6342df26170fc466d811e1703f129369d10884c8c44f40133f637ed6ae3c4ae6215bd1922cd645bb02ceda1a43966d1e80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fee6fe32a499ad3774416d1702e5b765

SHA1
0d71e7adf063d999a8f4eace85586f02e28334e0

SHA256
ae9227d615059322c138973578b3a962d2a6276e74d538b782253995c556e16c

SHA512
3ff601a48e6baea926469cb9b63af81a1e60d26fea7e77e5925f8d436898c34ea0f0e455ae97031cbbd322d6a925526874e0789674c3adeced66fa6118342a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c94201cb35a2ad38f1a958355b4da87a

SHA1
a6ab8505b89dd6183513fe8dcf374f8200af4193

SHA256
0067f2a6516ea47480f687dcea59158a5cf2a3666cd9ce031bb632baa11f91c7

SHA512
7b5871d4e19c42e496dc5e3840d1c4b0f171642a96b7192ffa0953e21e822e4e5d4ee9df5c5cb496080500a4bf0d422bb6859b49f82648360c34bbdfc402bd71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
4dc159503166b566cf94319013fe2c48

SHA1
3ad3f28d1d59df0901f81b1e0ca0ac490f7c9085

SHA256
6e1bb087fa885da9527590f75febadeff7623d7b5a2defd2cf4aacc9b814194e

SHA512
42d4bc030c4e68bc2fab58c62141b1776ff8a12e01ece9b8dd9f32c40528c3d00322e9c66a5db806c1fc3039cf787c9bfc0c3d4481a3d2698b5db1573b64a0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
762cccec4468c2653096c762e70f31d1

SHA1
3f5cacde8eba9f9b7036e0c80601cbb71143ed4c

SHA256
8a9060e851460bf5e43780b9086ee3eeaa0f17a4dd72cdd5a208babfea7e49b1

SHA512
eb5bc895a06b2afd8a61ab01fac543decbb4bf28a01282dc47fabbadc58da47bdba6fa201bdf22761f3905119f00a6d170f6ff29e6a112ae91db35a3c5db1304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
83a74ce66aeff386565aafcc6fa55865

SHA1
23dbb3fca01565ec8f69f6104a5b865ab5daebb6

SHA256
f6ba05f17340c68249b3aaeff96def4c7958e79fe231c21e0c4275203d4cbf5d

SHA512
7305c88e5ba5d8b3792b9c01936700851b9f83c5cbd8d1d7a0ce593fdc82c2941ebb1bd9533a51a8495489ed0da723d8a10a94a7578fd7c7381040a3c3b4e41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit