hxxps://www[.]canva[.]com/design/DAFtFu-hplk/lbO1yUufw3wldCUC_aRung/view?utm_content=DAFtFu-hplk&utm_campaign=designshare&utm_medium=link&utm_source

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 20:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAFtFu-hplk/lbO1yUufw3wldCUC_aRung/view?utm_content=DAFtFu-hplk&utm_campaign=designshare&utm_medium=link&utm_source

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379872628348574"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4108	1432	chrome.exe	81
PID 1432 wrote to memory of 4108	1432	chrome.exe	81
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 4740	1432	chrome.exe	83
PID 1432 wrote to memory of 1284	1432	chrome.exe	84
PID 1432 wrote to memory of 1284	1432	chrome.exe	84
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85
PID 1432 wrote to memory of 4556	1432	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.canva.com/design/DAFtFu-hplk/lbO1yUufw3wldCUC_aRung/view?utm_content=DAFtFu-hplk&utm_campaign=designshare&utm_medium=link&utm_source
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cdea9758,0x7ff9cdea9768,0x7ff9cdea9778
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:2
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3836 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2440 --field-trial-handle=1808,i,11029457441412855562,13258052525156069934,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4a0
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb463623335877aae9ce1cb9ff889a93

SHA1
aa75fc71fa3ce72757d8e018c5c2d5036a8a67c0

SHA256
292c6a579c77fa7ef167db06c45dbc0ff7be23f760ae6dd9f2cd7f2cc571f00b

SHA512
94ea091844168713bedf352a2cfea2537bab3a5bf9aae3a939ad2587f290dd6795bc342fdaa0a65a0a187ed89e5f694fd2b9af5a8b6e11443ac719dd2f0348b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cb2cbf9e80524f2d9060d2ce51cff5d8

SHA1
85ba936ae0d094b226f90caddecf0cc7dc935d07

SHA256
f94cda715e379a2dca68be178d7d0a5eb46c98abcca7f0f6d448ae65c2cc8696

SHA512
7a3bb69e9c656c44aeb0a4520d6a68f4544e1e8e57ab2160decc8a2f06f8bb1bad747dd1286b7948b4fbaebe36a2c985f08be5e215d8925766f1ea115ee58a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
740817fb3dcb50dd98a5d4c36217e210

SHA1
29a341741fe6a527d6ed33a4866c8af344801e73

SHA256
088684f39d9fa29ac3135d3b28a1c95c6262e722e7c7d6b2e1267a5a68da4be2

SHA512
1688fc7f7d0bbc611f518f6460cffd6fad701737acc1466fd8b2817f4ba79567dbbbb03975d7f38c3a35e081fe451afdc375cd7dd7def17c8b4c560c1bbefcf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d21f6a5ddc5e35c881e8b862a913a89

SHA1
284621b6a8382a2bd05090d3535ac7705222928a

SHA256
50cad4cb82336eb73f430f0d884c88ecc09666292463e74db82054600cb52e6e

SHA512
63ecad438d06f5e82a46048fefdc91474eefbfd0eabeb6724f6c7ad898057c5803845d9b4fa955b2f6b35ecc4713b49b43f507d7c4cf356b6ad632146d7dd6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
954792113e3595a6ecd319d02766e084

SHA1
263094e530e03aa7048a364d7f56e1923637ec3d

SHA256
5322ef52011b6ac4baf398cd6e9d8fcda684daa51a5cfe7f224fa4aec04d54d7

SHA512
0094e07ed29fca97480c754011832406b76f12aba052b81331374c41a9b90ae60b17e38266596b008efd5b2753b5a82ed75ced8cd9753e0d09d77be28b711688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6842a6dad8b1146f033fab204b63298

SHA1
ca7c9900e998fac235cb39569e1434c2d18ce850

SHA256
1b0b881a842fcd7bffcc976e483575be34505c02f5cb39de48a1103281ab4169

SHA512
410a35e398080310050c7715898c86ce25b70af96ba2ad7cca23bc109d30c166e700fbb3c08d2f99305a35a4b8470b73a6606b2082ec788f6a80b6e6a7bc4593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1b11139df2e5f331eb526fd00318c36

SHA1
9eb609b0d777aedb26ec0dc1baabbeba0dc7ba18

SHA256
0071d0edd49a4002d389c4e38dfdbcfa07be4f3dbc54f9a3fbd5b0535f112356

SHA512
32d197cd93afe57e626fba4c6fd963979157638b5b9a3a99bbccb16547752456188fe7ac7d701ffbd826a2793c801b083c90c6b62ae47d2c82745f759eb1f2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54a80b39a2f36e8762dceeb85e5917c5

SHA1
77f80dc7f0553f8b3cfd7f5674767c165337b27a

SHA256
36aeddd416a6bcd38314f19e5d490217e4299d823883ed9800b93f63a0c1603b

SHA512
71ed0e5e7e6b328bfc649728d733b103b91dd9d86460390f18cc99f3fb61367d88fdb66fd45b17aaf64036fe8b6c24266973c050307c5472935ea5e433c220e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02f82afb76639e9aa50f2927b7b748a3

SHA1
40d55e84009d1898d931eafc06e79afc116b7954

SHA256
d02aa41e0a6c4cb60c9b639cc2763fbaf65ebe56c75a4af208c26f20fa73039f

SHA512
d3ff090d042d8e2f0140ef4447e2d208947633e6ec39f70b7d1c3f2d0d40507df6a92feeb22d1fb15207b64e3dd586b5b606919a84398fd2b9c359cde2d1585b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ddde4716c9dd8d2ffb65aa1d5d79caf2

SHA1
a9f6ae5ad53978fa20d697ae3d7842e90cdeede5

SHA256
6c936e5ae5067dd871ac5af9ba921255bc399e3dedfbdad3ae08fd21b97205b2

SHA512
a2e8fb2b8114ed332cf015413df07a548fb881ba91af914682d93ee2137ad2c3073be5a0b5528042ef98109ff9fda5108cf48ce9c00a04ffe53281b20bac2890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffb7072fe23204df64f0b83d18951baa

SHA1
8b72de4bea67d7038b03d7de454994ac48f120b5

SHA256
3dfd79c721a06aa64ba996bf60989e02da2f8693aee890212d431a53511b5ea7

SHA512
ce189f9c68cba8c843329f5180d91881dbf1aa91e390806341cb396c95394f1f0b1ee072ebe27adb25417da0b205e37f57eba3fb39a2af670ba247edc0c08d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93eb2538c8a361440c4434c5c5278a13

SHA1
0e6515da3b5874cebe8b791db43cf4f19930c10a

SHA256
3a0ac6ca245815f2399c7b9dc5d89e1ca728920350245df6c148488324505fb5

SHA512
f2ea2eabb90b0b5ba0deb03428ebf0be292c0f0eed230007634979d449726302997be787510ac318278e30bf706e5c0abf6922a0c387c708d4946967cb9573ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
168B

MD5
fa6bd50e134dbc8fcbe683c4f325e2e3

SHA1
5dfcfe00fc8855630189bca875042d553f4fc087

SHA256
5d5ac7dde97c4c967ff72dfb90996edfd000108b0e2d45160965e79a65ca0558

SHA512
c2f8d30b3cf23c318a2f78ba4380a9d9ef89a4b3d5117287ee33e7c9c75d3748108e19a37cb879e7c463688df3a1930d259b538b045bfb98661f2fe5f779de2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
234B

MD5
0956b114b1dc61c75cce0b7ee209baa4

SHA1
ccf3e60a78eb1debfea9b6d246956fe56b1c8b7b

SHA256
444d07945f84aa9bd5ebe0760944741d39d0d90c2d2f3a6ec7a576912218d03d

SHA512
2800467dcd5df2275816b4152e7a3a84e11ebcf617273bfd6d609d1921052b289492a0a61126b8659b6af49a2cb59a5fc47f0824e66d67271e8ae69b5ac0d9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
227B

MD5
af6d1d3c29e0c3f97a65606b301a8097

SHA1
5d642c7d126f0f11f3f16b4a8ecc2f3d8f7c09be

SHA256
f542c7c57fbac76638289dd7062d132e74d84f880b45f8925ad71df7d5086e32

SHA512
72908f4341b7abdd111f44328552da03c51df1bfb42694c7c97ed88b05873e06e7c1e6e224db2f1b8b9972e8492ddcb8d1e9e09c732a74a7b504a41c32ccf766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt~RFe578c81.TMP

Filesize
112B

MD5
ad0a7fb4b38425f68b866269385c7e90

SHA1
b94e9cd007d464044c48da8d505cf2f89ea47b5f

SHA256
92122e04243bef2ba3313607d3d6217086257ebda5134164ce4ed21b305c4c3e

SHA512
8d83d6b22eeb08c03ff0caa2c38908d74dffaf731da59dd7028526dbf2021430396bc0a29253b5f83da6fd3d3063cefdba7cbcb26b6425a9355c04028907ca86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
360B

MD5
0750b433ae8c47ca095225fb923be284

SHA1
353468478f0e99352ac712cd7153edd492beaf45

SHA256
f4151a363b55bcdaee5fbcb472a7c8bc8b625e27230221db654bd66a4a05f17b

SHA512
1ce43e47bab30307fee0f8e148a119691fd721252ba0d327645e4616cff38e588e800b853fb61cd9a7b9698843e78f202cf8990e0a1198eb952bed49bb439be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dab0.TMP

Filesize
48B

MD5
8f36217f4950946cee17acd042c865e4

SHA1
8116b91a32b83bae30aabc94be53ca26d6d1559b

SHA256
20e7423863736e2d79f6637bc19a4e0686061b9310b7cd690ca462d22c6caf7e

SHA512
ae6111a0b934724d22055b6ea5cb58e8732ce73d686bf0e2c2f6c4dc6772cb02224831b9d890a0ebd89a64a1380475daa8407316bd8b666a25aefb0742726229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ecb93980ca5691b962dd2fa85ae58aa8

SHA1
7bf5c3f3db19d75712e1d8b41ca8a13a991bfaaa

SHA256
222f54fe347ed7a51f271e5fd9f37a2a7e870fcf35e07f1827a2c2710065b7c7

SHA512
f7f9afae996614cfdd5b9b4563a9dfa59333f9ef0415ad26fcabd982480e1497560b9f419afe7d948012db826b5e4f0d8657be598c523e993b24f4602b2750a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit