hxxps://t[.]sidekickopen26[.]com/Ctc/GB+23284/cl-6X04/JlF2-6qcW8wLKSR6lZ3pJW4R6S1_7T20LnW1TGL4w14yRfsMVY7BvJS14nW7TvfG_5zfcGWW1j4W932gkcLBW33ZDV641MhlWW6pj2Hn4zY5zSN2y6VGscBGpQN2Qpf61Hkv9HW3S67-l2fCJDGW6tXBzg7SzlS7W36SfVY4DwPPrV9WXbm8r9V5LW4q_HJx8-n1rlW3_5zc97Z569sW7wnNZ31D_wmnW8JWhKr3lwW79W3WVNjV2spmMYN2XJzKNjJdpnW6LF1H27hrQNTW7ZySCf7r24d8N131ZV7kCQqmW384sgc944bT9W5VH1dK1s6f73W2m5BLc2MtCwnN21F8SBmV_50W97cQTv6_JqHPW7tgV8w5JTNg3f4dVg4804

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30-08-2023 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.sidekickopen26.com/Ctc/GB+23284/cl-6X04/JlF2-6qcW8wLKSR6lZ3pJW4R6S1_7T20LnW1TGL4w14yRfsMVY7BvJS14nW7TvfG_5zfcGWW1j4W932gkcLBW33ZDV641MhlWW6pj2Hn4zY5zSN2y6VGscBGpQN2Qpf61Hkv9HW3S67-l2fCJDGW6tXBzg7SzlS7W36SfVY4DwPPrV9WXbm8r9V5LW4q_HJx8-n1rlW3_5zc97Z569sW7wnNZ31D_wmnW8JWhKr3lwW79W3WVNjV2spmMYN2XJzKNjJdpnW6LF1H27hrQNTW7ZySCf7r24d8N131ZV7kCQqmW384sgc944bT9W5VH1dK1s6f73W2m5BLc2MtCwnN21F8SBmV_50W97cQTv6_JqHPW7tgV8w5JTNg3f4dVg4804

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133378775663417985"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1160	3624	chrome.exe	37
PID 3624 wrote to memory of 1160	3624	chrome.exe	37
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4124	3624	chrome.exe	83
PID 3624 wrote to memory of 4776	3624	chrome.exe	85
PID 3624 wrote to memory of 4776	3624	chrome.exe	85
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84
PID 3624 wrote to memory of 4680	3624	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.sidekickopen26.com/Ctc/GB+23284/cl-6X04/JlF2-6qcW8wLKSR6lZ3pJW4R6S1_7T20LnW1TGL4w14yRfsMVY7BvJS14nW7TvfG_5zfcGWW1j4W932gkcLBW33ZDV641MhlWW6pj2Hn4zY5zSN2y6VGscBGpQN2Qpf61Hkv9HW3S67-l2fCJDGW6tXBzg7SzlS7W36SfVY4DwPPrV9WXbm8r9V5LW4q_HJx8-n1rlW3_5zc97Z569sW7wnNZ31D_wmnW8JWhKr3lwW79W3WVNjV2spmMYN2XJzKNjJdpnW6LF1H27hrQNTW7ZySCf7r24d8N131ZV7kCQqmW384sgc944bT9W5VH1dK1s6f73W2m5BLc2MtCwnN21F8SBmV_50W97cQTv6_JqHPW7tgV8w5JTNg3f4dVg4804
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04fc9758,0x7ffc04fc9768,0x7ffc04fc9778
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1244 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1848,i,6806199331399283219,5078740998272915825,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
75adc24736adde007eba3126312b3ba0

SHA1
81e8b1c398b19f1c0ab8fed4fc007b0fd0c24041

SHA256
1a7f0a519fe7a730a20a6b68de060f4771cb64cfd88160089acd0f4de92995ea

SHA512
34d6e938f15aa8d3830438f5dce6f49d9655459b73956b752c829dc1e6ed8f06624ab5cb770b574b6b129b2bd45eeca10ef996e49d2eaf26f0d96a22e80d469e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
33d6a5976a90fc935b4aafb3b407b1b9

SHA1
1df55a28e50f3365197af9d058218ff2bfaa9881

SHA256
5a68e23b5c5055dc54bf9f877e552cc1802d2b6023e1db23b146464d404132a1

SHA512
ce24d17bc253bf185786da1b150a6c1ea396046a2a091a04fb9d2092def56046f92919656c00b3fe13870050547b6ff1703554ab35df118c5d438c4accb00d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3bf326d9960cc9bdca39ad3310b963f4

SHA1
6875f7c6e58ea6e7c763cc5fa5699a61f31ffb78

SHA256
380757018f161f8c1ab4949558d8c70fe030a6efac60197a791eb513f6d7efe2

SHA512
86e25f2c03c7d88960e182a01321f1b2d740be48ca41587eee362346ab8fe47e86b2a4207d29c2a02a5ed596c08ab6a3b88b855ae65daf1ef28362806013d45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dd082e9e8c08e9a782d57cfb114046e1

SHA1
e30dfdbe28a9339a82e8e49e3efd1c39e0f47395

SHA256
d2f62a8b7a66de277262d10c68f5bfea2848ee66fb9eebcbf32103514cafcbe0

SHA512
877737ef60bf4c3712f4d4fb2df838f3fb75c9dfff79e0f13cf15a454909cd96793b81ba37fd4f517b3b621c6474f4aca376cf84428f147fab4f299f3f2f3ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3491b884bb1f7c8518df2612a8637fe5

SHA1
53ae9e87e27a551dc76f7a7c89f85b3e091b3311

SHA256
173004a49559472c97dd3b3f1034f2a3423994d0fa0340a766ab85f6f772921e

SHA512
ec0054385710d64d7a1d6997474a234b469d485b76817727bf6b0c2d76814099a6997dd7e5549f47df9f581ffb4f61a06615d622514c56b88b9499e025064536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
79e57f56c5f99a6abebe926bda8c801a

SHA1
14e51eb62183f141575f06c57bf586d701718b03

SHA256
ddd95d49d83ce4da963114a46008b04477a1fe4f478820b33e53f402fe0378b8

SHA512
831ff41eda42c4c3f4096cc22d7025c298934b72ceae747ec2ef204115e9e97965b01c439b4be0af78b5480211fd28d12d95ee7f536eb6cf0f467d923b92fb29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b5aa7b1b8c8e3716e662839b6b13027a

SHA1
a30fd3903746b426c5c4b9af06df67eb2a476060

SHA256
4b400d013f41012a7cf0b4a1563d93bbf1a4a42befa19cf1137225ea6cf0b4c3

SHA512
846ce93e4cb01c82dd8cffaccfad85e0c18b92cd2004e10d4fd7fa4808826a6f97859a8ce4f0ee5b6130b9a27d725ce13e54adbaec21ca52adcdc67d68d55c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
973f38aa283c38c3ed731d454555a92d

SHA1
adb5c1d6fd41e02d39ac90ade7f0c7bb3f116aa3

SHA256
d5ac0621f8ab621236e1ac965accf097072220a50fbc604a4a9f55eb1129fcfb

SHA512
b984b866a9e94e33998ce23bb964f456f8ecbd0b2ab19cc1e0b8a78f9f335ca06e89ece6ba59884495a3e542c5b78cac2b63622f6046340a886b109fc52846cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dcd9db1c3615d85ce8820c15c6e6ec19

SHA1
c701b0638b6df10b473eed763457bb162baf8b3f

SHA256
80bd8471e706c0dd849636f56f33ba0ba1f95d535aff457393be9bf286278efb

SHA512
fe085d80ac2932ce85dc945de0e920540ce340b97561e34a48c0fa8e8f320f6bd29351a9e17a35c1f7f3a3377f2f97e233c938fd49715b753476dda652e1eaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
03c41c2e0e05ad6e7adcfe51110ef34b

SHA1
96b77af041295c3df7f766868ad683c1e722c873

SHA256
5241989ad736900545a01f439776ed4cb8da0151640cbad9956617811023c6d5

SHA512
f320bf17dfb6a216093ffa4fb6869360258fd9f593f454f45093badcc9cf6bb1808bb9dfcc91d02e74d5eabd18aa30df4180547cd071e1776e1d003e68c6c460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1cd3bca2f272519d5690425e2f1a56df

SHA1
3f78682043331f58c00a41169da6db352b4dcb68

SHA256
44981414657b5e8eac5dcfd940a2cacbb14d3674d52f09b124d60b11970d36a0

SHA512
1b4a8d4e15f356eb62355bec5471d645fd9855423933d9c601d5997904f3dd418aad867abd17da1280f95230ff396fb1abf164c7085699ccb569094258a1f27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit