hxxps://www[.]canva[.]com/design/DAFnysT2yiI/LlZOKyjac92toge_enA__Q/view?utm_content=DAFnysT2yiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2023, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAFnysT2yiI/LlZOKyjac92toge_enA__Q/view?utm_content=DAFnysT2yiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{04226A9C-C7B3-42B3-94D1-9CD0C7B4EDCC}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
1808	chrome.exe
1808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 2656	4400	chrome.exe	83
PID 4400 wrote to memory of 2656	4400	chrome.exe	83
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 4204	4400	chrome.exe	86
PID 4400 wrote to memory of 712	4400	chrome.exe	87
PID 4400 wrote to memory of 712	4400	chrome.exe	87
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88
PID 4400 wrote to memory of 3392	4400	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.canva.com/design/DAFnysT2yiI/LlZOKyjac92toge_enA__Q/view?utm_content=DAFnysT2yiI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5f5d9758,0x7ffb5f5d9768,0x7ffb5f5d9778
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=364 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4604 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5844 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5820 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 --field-trial-handle=1920,i,13563351900214816723,14641134737423842679,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x4f4
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
84fe556e6c7f9daaabf5bead3bbfe38b

SHA1
4ed93265549a60619f237ab295aafe5288d76620

SHA256
653023e828dd0177b5a11f952c72abc8b76cb79fba8eea18d85080b3561203d2

SHA512
6c6da72571f1a0781b6a70fe80da687b9afa14d6f8d174e900c83135456c956fce3df1281edc2ca193e64e2cb9c75ab58121be2060603438ff69c5e1a2104bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9d9df41a-7143-445a-9550-0fa95dcb0da2.tmp

Filesize
2KB

MD5
5a58739e0fa545db447986f216a04587

SHA1
1a963937f2121e6d67a6b444235b95ab80f05bf7

SHA256
521d11273e36db5d077d56d4c1840b254d0a6ff3b30a99c3811dff25c000d96c

SHA512
5aa6efe9595285c152b8f15704a05123e402bf8296047b9643955b83546a92abcbd20969292c4a43a4ec4390e7dfb9f410e158c1a4988e9416f7e57c6159bf92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6163e78fa9251f3900e3173323c6d232

SHA1
871734503e6c272109dea32705bb20608ec6f7c1

SHA256
ba83f8cb4d17dca540274a48e13287cb6bc33156d35d4dc066b7567b227fb210

SHA512
9febca79fd4821ba03fc4d798d6215a06be97c75b8f10e4adb771b6a52ad53958079c5435ffdd585bd9893c8e8c6caa3d5b7d2bd7b608755d107880298d04345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
813adafe542f2a6297cd4fb99882880c

SHA1
d6bbd6a48ff1800b6a29b4ba995412e71a735866

SHA256
0b427cf918921fee527e56a2393d5fbbe4d571072a55b611cc69148f74b3fb8b

SHA512
ec627dbf4cec308f248c316353b837d5e394f1a5126ba78f4cbe3370edbf0cf45dca5c730151afeacaeac74e8e0cd405959f60449c62a9e9867c57b9bc1ebe93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
68109ed1192ad72e860fbe926a7a74d7

SHA1
9b74ab70ebea0cedfc0eb27d0138996443f187b3

SHA256
4560b3ea285616bf5514ec2483b99d41deb2946c60fc0c1cd2e3d52153b4fecf

SHA512
1f5dfc113bb12401e8827f7cb26136f20ee09192680d44ddffca5945f694efe0203ae2e85bf6e5f3360e233da0d2ba0156809cc85c016fe395d04038b0bbe74f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fd0e72f2e3ad7ea9e3bc01f4821b2c3f

SHA1
57020db7c2cff8a1c0d24a27a57ce592314ea19c

SHA256
cfe713d0621cf7fc10556b10577da56ce38a41e2543fcc6e1633e6c094dc3ae2

SHA512
d9be181e98324cd50f3d21e1738881557838fed07111de22310e1e198e3114a2d42da4215dfb6b2d4034ea3c03622ff56f1a7a5f824ea856ca47e148fc2828c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
27c61cb3133f7bc1d95c5d4e56d95837

SHA1
171e04fe82e8870b7be5b8c2b5111475a246eab5

SHA256
0f16b38906e48b9869a8a423f15ee48f880edafee194ef64250a377e82740f74

SHA512
0e0ef8bd0758680b636bce5fea3f6a5db3c622ee47768d85b1b3619c3254e979ff58b53ef6ad8c7165f803de92f8df4ae59302126fb539c769e0b8b33fda4079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2755ebbeedc99eebdb0cb38a9a82a6b7

SHA1
cb9a88f61d7b63a41bcaf6ed8e9c8cdcf2516066

SHA256
1e6b618eefe143588b0f107fe8bdcfb6ae07fd13779c1730e1400b4111c127d0

SHA512
58b6882513ec2f7204f5b63a0f8127cbde6ecacf83ef526ff65c094d6ea2474e2a7811e12d493c3a82d894fda279dfbbb64a1374423563f844456e88e1c1f759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
255522a0acd5c55d4dc01c2c9b12883a

SHA1
a3e7720b33ad267ce1cbfa80ca36420c91aa6740

SHA256
6befdeb634f3ebe7291d537e281d57cf112d35f710a93da708b74af3be2f634c

SHA512
4ecc78121dac0580cda5efc1a753257353926b0e66d5ce8b4edbaba7930ae20445086786bd8f27318ef3c84757372c20a7c3aef45ace1ebe99c1fa38d4d4daac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90b3c31ec8777b68fd0945e2284005d7

SHA1
40e24cd4ebad4c662382f22727301ffc65cd34de

SHA256
da84dede2c776f231df36b6ab069573434a85241bd1b9d0fc6301d7f4ccdd520

SHA512
f28fd62899d8671d6a9277aafb731b37ad08b00d29b701dad1161192310361ea983d81c2c857edf67f7bec4ef6a3a89db2ecd8abb7385458b5b50825f39833c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
12420fa5e04e3d87ba5b70fca7df4dbc

SHA1
d425b27b3f864139c8770fe89d7390df1a344ee2

SHA256
240cb5081cd6bddff6c9055290dec96489d330fc53b71612fe7e56527636edee

SHA512
354bcffbfec6e514f34222480b69c8bda1755e4205236402a4ac87d4378f6af9f0d189836016f46589217229f6f531ff8c76a61d98ed178f9e448374eefb402e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
178B

MD5
e6dcd49765f70cebbd016d0acbfdb0e7

SHA1
920c01ccb4ab2bdd53c44e910d2e0b2a3fd965ee

SHA256
21cb4f5239af0b229548fc2c989470aba782e1e0e598f5c45199eb79965d2300

SHA512
822e344fb97288301c25a8073f18f9215722987fdf2fe182116966520ba84d204066fb29288ee41048c667f686cdc4896e2868ca001d60c2068b7198c7a969f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
234B

MD5
c3c32d476ea0c59c492153325c53200d

SHA1
aa901a48cc00d34051fe36e11fbed79b019dcafc

SHA256
93cccd5c2cb95965d6600bbd2c18c1cdde8e3c7bf239af7e27011ac654699114

SHA512
290f15c7b40229064f689de2e2d0486b8b068d79be6a1e1a5da3e601f63ffb409c64f1149aa4f752dabc44d405d71633b8b121e15bc4c72181e45150e91f10ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
227B

MD5
18bbf84303fcfa2937a9e602f65a0b86

SHA1
9454c08c4786d0379314faebb285e7d34c2b16ad

SHA256
45dc4ce5b14b189e535aa44ed251022c2231e0e0911734ede8f736b7802254e8

SHA512
87592d953a3f393fa8523b9ec9838f464d3850acf3b326494cac7152dd7941fd76fa2f36bef993f28dace0e385a9074ed50337845722c232acdf873206231c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt~RFe57a8e2.TMP

Filesize
112B

MD5
bb519dbad2489ccca999e9732ea31d64

SHA1
2777a6b06faa09ea75f8d58e51421dcc5b5ee98c

SHA256
23de71eb20620d3bca8ee10e74b8dce3c6807114b0bd36e82dfa62e9c8b71649

SHA512
e7044f92527aa177b5e417ee551f7cbc3aacbd2bdaf1a2840eabe1e44b48f6766841f63e60e1dff7a282d8868a8b51797f94274f34fbb592f7fb8d8a25908287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
2033851b8dd3822f5687366f39c5016c

SHA1
2a3579aa0635afcf90842532272e3c3d9b712f57

SHA256
21ed8f8181bbc3805a2fdb4aeb985b9a1aa8faa4da47ab4d6d845937ae23aae4

SHA512
cd7a48e5e2f5d8c3f4b16c5fe2b2af222024642bc902ecde0d93d75be89a55c85ac366e2df61beb357aa0816aea9878a1e3feae8d4f6686de8bc252aa7b6a454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f6d3.TMP

Filesize
48B

MD5
fd08b1c9226eb6873e7692731bdfaa20

SHA1
278ea9180ee0618c44c88ab583704461d3cd679c

SHA256
f9bfb7282fe423a852c37792cb15d013c9e243ef00d757735ed2dfb020669dad

SHA512
05dbaa6431fe46a0218475fff61ced3930ce5f3b50db3c398bf7c128a937cfaa1dca362f60dc468c29ffa3f8e9541f1c673b7d4436620ec1ccf8b3bf7030fa7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
2097e5bc44eac01432899b29366fdbb8

SHA1
87f3e101f3edc2cb9383fad5431ad4471a4cab5c

SHA256
992dc94e47b1c6cf175c13e489690b4ce1f81cffa26c8754c24403b4f068933e

SHA512
2c8010514ebb4d0eb0dce8ea70a2cb66a33d9f268d0ea8adb286c85d220c84ef814323738d741cab15aa2b29b99ef77f6de7c7ca583922465bda649568023bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
18ff241b5a0db19ac96633dbb4c488e5

SHA1
6d17abb53ce7fd366e55439feab0c68d3722fd7e

SHA256
fc834cc260a5d8a8beca44c3c5d11f7cc1f5c22a12943c259adaa6faed422753

SHA512
622173e63dc8c9674361d8e1e1c438484af4d508168636ab1b72334f00c41da98199b92af57839c47ef715a425a6fd3aaddeee45b237a1c82f9a3bf67bf175de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592c75.TMP

Filesize
104KB

MD5
549cd054087effea7ddcc11f6b77f648

SHA1
85a16a282e3dd76158cddf716ed1c01cfd2ceb19

SHA256
a069a61bbfd169e62c6cc296d8360917ea53ef400f5507fedc63e1e7fb0c34c6

SHA512
378a688027237ad8daf21354a270937714517510e6f78aab81fc2f6a6ca2285aa2a6393c559e4e55e09917978c3385a4591a9ff4eb59df02f7c801c799a6d35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit