hxxps://t[.]sidekickopen22[.]com/Ctc/W1+23284/cMJQ104/Jk86XcqBW5BWSxg6lZ3lKW4F7qc-2V-GD7W5Q9VPr6yXJH-W94JqJ189Ylv2W3bxf2P1NPTN2W85xJWb1NqFrSN44hxDvTYnRbW7RxMsp7_J8CnW7G3C4h8H2GDBW7YxnyH5kjpZdW1h7MyW1d-cgCW1mD8sG7gyyxNW6ywp0s8cwDMpW1lrSC57Cz-n3W8bzDvF3YkG-gW4Zgxsv5WFw-fW4ppQ2w61W1c_W23k2688XJ0kxW2w7pzH3_k7HwW7sZbKb7m4lZ9W1JrDNq2Q-JwYW78KwNz1WtPq2W6ld9MS823292W2CB8_h5MP2TdVdz5lt4Tm8x4W45cjN13hQCxzW8DsqNB7G8VsQW1TKsPB4RvNtcW3qTvKT5cDkMcW1SwSjY5WJSQyW2fJfKh8qgyvhW7k53mG1zQvkMW8hB3ld2cbz00W2Vl4bS3rBgh1W7d9hBC4v-sywW82x4YR3WD7TgN4r9PYB2DZs_W2Y_LDV40zXxXW5Mq4Xp4RtQcKW4gn3Y_5pWC0yW6-Vv-w4zYhQgW5vXzZ51Gq6qjW34c59J4hVR6rN6mC0LcJd8t1W7L1nPq3XzFwgW33p4Hj1lLwS_W8cL9l57HFC8gN22LGmXnc3lsN90NgvBdy0xQW1QyFcn987SXrVLSVY439TWDGf6DyCM804

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.sidekickopen22.com/Ctc/W1+23284/cMJQ104/Jk86XcqBW5BWSxg6lZ3lKW4F7qc-2V-GD7W5Q9VPr6yXJH-W94JqJ189Ylv2W3bxf2P1NPTN2W85xJWb1NqFrSN44hxDvTYnRbW7RxMsp7_J8CnW7G3C4h8H2GDBW7YxnyH5kjpZdW1h7MyW1d-cgCW1mD8sG7gyyxNW6ywp0s8cwDMpW1lrSC57Cz-n3W8bzDvF3YkG-gW4Zgxsv5WFw-fW4ppQ2w61W1c_W23k2688XJ0kxW2w7pzH3_k7HwW7sZbKb7m4lZ9W1JrDNq2Q-JwYW78KwNz1WtPq2W6ld9MS823292W2CB8_h5MP2TdVdz5lt4Tm8x4W45cjN13hQCxzW8DsqNB7G8VsQW1TKsPB4RvNtcW3qTvKT5cDkMcW1SwSjY5WJSQyW2fJfKh8qgyvhW7k53mG1zQvkMW8hB3ld2cbz00W2Vl4bS3rBgh1W7d9hBC4v-sywW82x4YR3WD7TgN4r9PYB2DZs_W2Y_LDV40zXxXW5Mq4Xp4RtQcKW4gn3Y_5pWC0yW6-Vv-w4zYhQgW5vXzZ51Gq6qjW34c59J4hVR6rN6mC0LcJd8t1W7L1nPq3XzFwgW33p4Hj1lLwS_W8cL9l57HFC8gN22LGmXnc3lsN90NgvBdy0xQW1QyFcn987SXrVLSVY439TWDGf6DyCM804

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
1636	chrome.exe
1636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 2068	4748	chrome.exe	81
PID 4748 wrote to memory of 2068	4748	chrome.exe	81
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 4588	4748	chrome.exe	84
PID 4748 wrote to memory of 1480	4748	chrome.exe	85
PID 4748 wrote to memory of 1480	4748	chrome.exe	85
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86
PID 4748 wrote to memory of 3240	4748	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.sidekickopen22.com/Ctc/W1+23284/cMJQ104/Jk86XcqBW5BWSxg6lZ3lKW4F7qc-2V-GD7W5Q9VPr6yXJH-W94JqJ189Ylv2W3bxf2P1NPTN2W85xJWb1NqFrSN44hxDvTYnRbW7RxMsp7_J8CnW7G3C4h8H2GDBW7YxnyH5kjpZdW1h7MyW1d-cgCW1mD8sG7gyyxNW6ywp0s8cwDMpW1lrSC57Cz-n3W8bzDvF3YkG-gW4Zgxsv5WFw-fW4ppQ2w61W1c_W23k2688XJ0kxW2w7pzH3_k7HwW7sZbKb7m4lZ9W1JrDNq2Q-JwYW78KwNz1WtPq2W6ld9MS823292W2CB8_h5MP2TdVdz5lt4Tm8x4W45cjN13hQCxzW8DsqNB7G8VsQW1TKsPB4RvNtcW3qTvKT5cDkMcW1SwSjY5WJSQyW2fJfKh8qgyvhW7k53mG1zQvkMW8hB3ld2cbz00W2Vl4bS3rBgh1W7d9hBC4v-sywW82x4YR3WD7TgN4r9PYB2DZs_W2Y_LDV40zXxXW5Mq4Xp4RtQcKW4gn3Y_5pWC0yW6-Vv-w4zYhQgW5vXzZ51Gq6qjW34c59J4hVR6rN6mC0LcJd8t1W7L1nPq3XzFwgW33p4Hj1lLwS_W8cL9l57HFC8gN22LGmXnc3lsN90NgvBdy0xQW1QyFcn987SXrVLSVY439TWDGf6DyCM804
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e1ee9758,0x7ff9e1ee9768,0x7ff9e1ee9778
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1880,i,1877428501964324507,9589260355384562877,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b18d49763afe8f94add97deae3b7fa25

SHA1
9a9928ecaed87a3176fcce150cd10a5eca98d046

SHA256
3c53df8c1f306db648f5caec895440052f1c4fb5e5b4e0bffb2a2f1e76f68131

SHA512
04e17432815b839f28375c99107092700b92ef1384ef576947139e04e3335a1f71982391876a173e0a47206c84d7cde9cb85d4ff387f4c1e1542131e8cc4508e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6008965697e2976e6b9367d6680a2a6

SHA1
9afbccbea1df7f88775846a5e279b24b7c68e255

SHA256
a95de066ef2859b7c262c467f415f582bbbdb17238b7b54aa4e0e8f112c40291

SHA512
d0f0997e0942b7c7cd55dd2d779312fffc9d89d2fedd4b39c58d4c47d21b45f196fa317295885d58e33ca403d73512b7a6b0655505f36bce307a3d38ad7faec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
ddadfacc2389846fbb3a1bae5b5ad8e8

SHA1
b699e1e218c27924f3b60618604b9589d9ebe415

SHA256
ad46d613745ffa2447cba7ab1933eecfb9827ecc9b7b803d8fb34cfff5ed556d

SHA512
586bd09bbce17c41accbdb8bdd0bc4a2e12f9f595495711949ad7ecd905f8a38c2fe1c340b75b6d8c8254caafd0bd2277bd1962d47d2d8613a7bae2442da75c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
9cb20c255846ad7b5195924ae9ed02e5

SHA1
b08c5232b769d0ee239959628d5d98cef696b889

SHA256
ec20787649d284b413f692a90d514741e3023c38e006adb93bfe072cacb828cb

SHA512
f8a61d3a315e824c3384cf3f493092f357497c40a3c94902d97156c44aaca2ef9c7b2744941d74d34f04a7aae7dfa5613a6db980ad749bf96a02afca1f29e30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
fbc8a7e12196550784ab4aceb9d95f2a

SHA1
04b549852d3e690d1569afbea7e0cf33204025fd

SHA256
25de5e9f334f8d4bea60e355e32a9187bc302b210b53eb9cbe7898dd9affe434

SHA512
6452427baf7cf24e92dd9587c95f60d07a9126f5318370f74b82dfe19d1e7c0b8328f22739baf7f86aa104121112b0c4cead78424b61ce05ed72a0f8b44e77e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b782108d7c09a799a8538fefde5624c

SHA1
80670e655d38163f43faa526cf1973c761b71e09

SHA256
865fe7d65ebb2e9921524f457291c50b4639ccae4d93fc3fd937576d017fbe34

SHA512
d5a8a4065dc6207c74d3b19b41c1cd8c7c3b633e7f8c8585aa0ce42798cd108fd2600c87c118243b51cd0b7e67740a26fb149c8ca7a0e3604f7834e673933118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
87eb122901915e151925e867fcdd986e

SHA1
d6c1c9898673b5f507a39405a8f331bdacde6ec3

SHA256
94e0e9b628f6e20124d4bfeedb61e33817f380421dd7e43e21c1b1da5520f909

SHA512
651029678c66dde1c45d47fb2cb0e8fc48181eda23000d4f6bd6f6a8eb721da64159373894e7225904a9be816c26102634e3d27d71ea02dcf542c3a1d4c0ac03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit