hxxps://www[.]canva[.]com/design/DAFlIaFaEfA/hLMiEl14riSFVZfBQ9ZEOw/edit?utm_content=DAFlIaFaEfA&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton

Resubmissions

30/06/2023, 14:27

230630-rseq6add77 1

30/06/2023, 14:20

230630-rnlnxadd56 1

Analysis

max time kernel
65s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAFlIaFaEfA/hLMiEl14riSFVZfBQ9ZEOw/edit?utm_content=DAFlIaFaEfA&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133326088434382819"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4152	3208	chrome.exe	85
PID 3208 wrote to memory of 4152	3208	chrome.exe	85
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 2940	3208	chrome.exe	86
PID 3208 wrote to memory of 1328	3208	chrome.exe	87
PID 3208 wrote to memory of 1328	3208	chrome.exe	87
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88
PID 3208 wrote to memory of 1536	3208	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.canva.com/design/DAFlIaFaEfA/hLMiEl14riSFVZfBQ9ZEOw/edit?utm_content=DAFlIaFaEfA&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffb424a9758,0x7ffb424a9768,0x7ffb424a9778
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5760 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5212 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5680 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1660 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6120 --field-trial-handle=1832,i,4371887489562742854,12568715615604487984,131072 /prefetch:1
  2⤵
  PID:3364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
656d8d1780f80060a9fb99534b6ec2ac

SHA1
880c5c1a121e1c102cadd1e826fa1d0240215fb2

SHA256
d1b64c59cbcf06d7efab6494b3d6a8b28da0dacac3c2a53922120fa845dfab68

SHA512
c7c852b8d764f775c73bdf668ec4d9e30ec2a8a5cae8a9190d6726af82bb914c4d5b5fba3e8fed4b09705e21b8f9dc85724be4dea4db5798d66a8ee6ca6974f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
22014ba2a192953a24a80ed5ae0874f6

SHA1
bb648f15bd1bdeb60a927e72f8c96ab870022691

SHA256
5e790300ed7d08cdbcafa6df6aa8d46f13cf5cbf3b2e8cacd4055ef777a6fb24

SHA512
3cf53983667484f1c64ef7c4bcf078aff95f734686464b2a521b039b79b802d22d09da8a67ed029cf83fcc40e74980f24df1c60b12c2398ac512d1c5f435f986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6f7047429d78fb20d717484d86011365

SHA1
5838edfd33b059889609cdf2e8be2d95bad9c679

SHA256
bd105ff1eb2c3dc0b6d8516d51091fcc4fca1f5d83abb71ea6adb7fb83265f00

SHA512
1f455ec8e74c23f7dd7f85b10cbc455d5f63432a329ef185069c4f8358fa4e7aeee217d8cc6a629f969150c22a9a9d5b5948f609c8b92bc93ebacb875276a5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55580361519473278c5b39c94eae2a35

SHA1
05c9b429bde569fb2c2c0e7de1b89614c78d9b35

SHA256
11902f579f642344862c884cc03b41ef051376e0e1a5c1c37c629766f8e48b8d

SHA512
eca6d824e7115f76609ed94e06578d806d0a2457200fade7bab60982ea794616b072c7ec9168b5fa219ed3122cca233a85dd5bbb64ba7e6c714ebd777ba66f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b0c74fbdfaf37f507fa0544126dcfa8b

SHA1
e433c183ec0c96fd63b9259b4214d9df0162de66

SHA256
10507cd4bd82d012ec3899c30801607682c1d7be3499bc56a1b720268d55ae62

SHA512
2053fe7324f51b5d92936f19e5cff233f7010b2b748b8402bf906d40ba9ad3f79421c54c58bdf396e463d7c1cdbad4c4995ad5d2779355cae1ca0d08131c89ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ac0d2add21281fa345b7b973e2c28c14

SHA1
663cd326f26f4ea5617fde332096b18d48d47a0b

SHA256
dadbc28f81d6e5d32c55b48f5cc02b22450f5a53c416e8400d2ba7dfee1fefda

SHA512
bdbe65aedb9fe12ade8ad4365db2beaae447dce67ff8fd0fb97cabf6669af5c0299d7072c154fca5c248a03698fc68f050812540a1341be0b6959d664ac5218c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9d7885220016d5689c2fce39ff4cad4

SHA1
4faab5e67f6ceafbe44b6add534a59c6da26c234

SHA256
0520e2f761a49d63757913db3163f6877e85fde731d6ef0ea6b40483bcebf2f2

SHA512
6a4ac8a29e62b9641a023478620eabdd7dff1e35ffafb8a225b8810feef9e8b78c492c868397e32abea28b094603d2e9346c9781b9cc1b443ecf3f09784d8d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d0569a9efed53e6f668d9c9784c8bacc

SHA1
af5aedd54148592c08269be22123f2a7f87a71ea

SHA256
8e71aab96411a2a41b9d5c6b5e6f9c9286e9827e9909ed6cf80f92884cbc8582

SHA512
01799abfb234157db208f629dc8e40c23cada5db7248655fd5a86fa31bae150d056f030aec149d83da55a638ebfc19dc13ebed4c9aa498f4c69ffdd84c25240e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
05b4415c53873ca64316452a835a0d01

SHA1
5cd1fe3b7941380cfdbf9cd7aa25b0b5834fdfe4

SHA256
1f78897837d2778c98166d14b07e5c538b6d65758006e067fb7db76e44b559c3

SHA512
20f083426e0970ae291e71580589cfde3e85cc72335747b8ff237cdde7a94a9e55ab262ec87fa2a46a080d9052b568cd4f54cbd3ab38217b1b7f0682e49f2a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b309b80f756929ec33bc7c599140460e

SHA1
8b21ad8244d770d3976bbf50b7e3aceeaa5f9091

SHA256
46bdf7d7474e2159335cab99bb498079c0fb12e4283a8b313172100dd5f24746

SHA512
b91df9bfb698208a3b7740a2eb86e8ae0418b3ff47d0b2ba61a11ae36c09a567e1bc4c791b0a87886ade96a147802354673b963d4fdb1e0214bdb13aeaaf48e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\c3a3b5c3-cde3-4a3e-90d9-154d44029d7a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
168B

MD5
d2af134308d5c52563db26416f514dbb

SHA1
016208e6db6d7f7a3d2469d5425ecec1f77d3731

SHA256
6dd52e1432f87bbf2e113cd2ba94f345c1fd699669b2edaa8cddbc93de6e1347

SHA512
7542047e432d0fb7828512018e4b8acd242919c81951d5f5d4a587a15c00734e700db8e89dffaaebe8ee2347c249b631b5ee2404eeb2a5dc4ab44292843f64c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
294B

MD5
8ff69ae9345f53bbf2943856ae4f5bb2

SHA1
6b09771462949e87fb7234532f62c7041443a20a

SHA256
430f7aa3645cab0cbe4ad9614e587a4938961869628ee6511818a922c0e21eb3

SHA512
8209b37d1e6be6b37c9053e61dcb15898df4a216c19edc750f3d56b42dde7357b32636bb1b54f3227b674a30c7c8ef625038da880fec835aeee793c8efe04103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
280B

MD5
10374664467ac8281b2b5bddd8c0ea12

SHA1
e308ea2a6d407ded86d32284c5b12671567d2e13

SHA256
acf7a6b223b9f121ab6afb6347c99853e478e559b76e971d4f3655408d3e533c

SHA512
7b353eb06e8f8f561d98b2de34a73d9332369a9b12f010ab55b633da8b887e18f87fbcbeb7ad1fab7a76869eb74e745eec39165faa906d230fedf8605a31c22a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
221B

MD5
0ac66958bfdaebe8f85fcab98ebc856e

SHA1
1a304836247ac08815a0db1b1ac13219649a1d99

SHA256
de4a02b3840f505c2d59f97bb0b3c70c0dfacc49f010b80f34086ce2e513c47a

SHA512
85acd795753eda9a725dfd0c78bb832671409dfb9f137178a0ba82dfac4c7c92cc49c6a810d43bdf06c7b30d8af1287c034b655527c623a38ad9c80e9c87fd0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt~RFe5699e3.TMP

Filesize
112B

MD5
036a36e78e8460a337c52d74c8b08e47

SHA1
b27d8ca865c7e3da5ec3f036138ea7d07b05aa89

SHA256
5798284a86d65711bf5042a90c9e199a2ea1f8443e7268d9fa9742ba65b90d93

SHA512
448202f0440d38b10669a792a422ec9e1592a12591f1eebafaf1ad9b74c31ead251c56ea3f674cf4671605027bebdda4295d797aad561ff04a29cccb45ed2f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
1fcbd5cdf535d3624ae14d8aa4ab2b8f

SHA1
97590a9ba0006acc136ff7d2795ee3e8f6e362fc

SHA256
1cba1f357be7bc6fadff6072aaffdc91b5c42fca6a0e97de649bfb536d44d313

SHA512
255a551f3c097e68d5c4479c3e52873d84a798378fb3e4b713584fcb5e115da17307d31738b6fd0a2218ee8d6424196ac63461242e2ae165ae0b149b76d751ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56e803.TMP

Filesize
48B

MD5
bbbbc89a9eab3f64ec741010e69aa39b

SHA1
d2f9f25e4be156a671f337ed9c8911c8813341d1

SHA256
671fa581bfd89139d2cb0d870bd95f04bc242e06c27385fa3387cad71c1fc481

SHA512
238bf63c72192383f2441894056eecf017f40a545bb23bf4ea6ae930c24cc7bfac81178ae06f53919966f6c0ccc467a6e02cb17bb064185d7d62f455a74cc22e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
79e9d5cb040ebc792ae2535fc51212e9

SHA1
f7188ef3c4ef92069eab1641049a86bb5985eeb4

SHA256
4f2289f7bb674d19462499d14564a3eb047225547c0f8909ff9455c663e3ad0c

SHA512
c0c087e02d7bd50cf3884ca39d54ef12a084478417f7bc6b7400ae4c3cf78c69fa4e9e925b11e4451c9b31abf584132c915c816a62bc661521491ca08cb7adc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
15e961c66011f13ba2ca1f0071db1997

SHA1
58f61801d3081a5453add85e5f5abafda9484924

SHA256
fada57c69aea82c95df9969eee970bf9986821827ff9eae622297cb7d9becb39

SHA512
3ca3d853df84af3db8f55e38ad78b633a3e9305a70538884b5706c3ef0317b0aa88baad8fa4cd4c019f6592579ffffe56b2bec9a213d3db5ef8dccbebbd51984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit