hxxps://www[.]canva[.]com/design/DAFy8epjRG4/TpNgoolsIhb5pTFdldRWfA/edit?utm_content=DAFy8epjRG4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton

Analysis

max time kernel
191s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAFy8epjRG4/TpNgoolsIhb5pTFdldRWfA/edit?utm_content=DAFy8epjRG4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437542051009454"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3956	chrome.exe
3956	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4172	3200	chrome.exe	88
PID 3200 wrote to memory of 4172	3200	chrome.exe	88
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 4600	3200	chrome.exe	90
PID 3200 wrote to memory of 3380	3200	chrome.exe	92
PID 3200 wrote to memory of 3380	3200	chrome.exe	92
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91
PID 3200 wrote to memory of 916	3200	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.canva.com/design/DAFy8epjRG4/TpNgoolsIhb5pTFdldRWfA/edit?utm_content=DAFy8epjRG4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef5719758,0x7ffef5719768,0x7ffef5719778
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5432 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4848 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5216 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4480 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5404 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3920 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2500 --field-trial-handle=1880,i,4776714364721982422,15808731292976544769,131072 /prefetch:1
  2⤵
  PID:2868

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x294
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
a2198c74ee6a8a23bcc00e1ce835096e

SHA1
1f9f56c6e937887ef540653af31902f08ab2a9e4

SHA256
133730e7bbfab00e1807f30e7803f0e04f5e3042ca7930fa270ce639ac0d3490

SHA512
9a7abf33a456772f9ba2a3dfa6b7f417be73676583c42e40ea58c64cf990a0166b59fb999910158a72cb2f08ef4ee9cd8e3f6f55af3447357c16642c389b0cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1377d2c579925d0ff48089e0f063f6c6

SHA1
70d3fd892862af6617e4c67b45edd43d20e31024

SHA256
4ba48f91c02d188e8ab61f7cf1e51afccfd0cc57b5e6e6c1ecfbd88d928c95bb

SHA512
ad6200945adfe11d2085b8643dfc2b6fb54a996f13dbf81793de360dd6490648f81acd54d9a7290a217254cfe7bb46fc3ec1059d2e08a7f5e057d294f4ff56e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
10a7aee946ec463ccb16d074ea87ed31

SHA1
c3857351fe05abf9e577253817edc3931b2e3e5b

SHA256
16d4d68e1b5586c75fbbc74f5119de2466e5be226d040af4390c72318afd2384

SHA512
d0772c00da17999058d71c0a6aa05530341a437c7de856594772cde7c27ec25dd5a5058870a5e499ea8d7a19649f757d26654dc67ee927c94f07bb64076d3b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42fedcd6f87b47c006bc902f0ccc1139

SHA1
37de823f9135881de1bdd3c3c495f94c30af14da

SHA256
193941ec984fc6fe9c8161de18de3ea24e1e188b6b7e6180cf0c7faea74db366

SHA512
31ab51addcde5931e50f9d17f3a1ee8fea63a11000643053dacd07a3568977dcdd8a16f22b01202d411d5ff035e8cdb28a15bcfb6a98ab7bbd9065a01b93fa8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c2bda8a090739aca9d563c01f4cb972e

SHA1
42baa54a84d9de9fb674e5d199ca851134560bad

SHA256
c5a8d122255fbcb28aadd86a5d1715cf97a274408bdfe5b635fb5a037332ebfd

SHA512
1cd3d9eb362b9d58cafc71932532a5fbbbccfdb165c6e2e46211749eeb173328db0bd631b1ac7635efe2dddb077629e04a9ad3a9225e8b681a1b52ba356f3eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aaf0ca154228178a7e731687ecd1d987

SHA1
b99f053efb0f3179bad6a3e19c463fa3c6fc63d4

SHA256
b077bdd0722a9f4e9c8af384da0941cef1588140ca5bd18892301850b9c8ab7e

SHA512
4195d94a769d59ea4b2410a8108d770e9b93974943420dc0008d36b7dee83d6f2b681fb7efe4b3339d1c3d85c5cff7c0a5dfeed43b3b92fac511ab231280ac09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c9705367a10250410643cde1a6844fb

SHA1
40175ea79fe45998dc763201cb18380d3b315c8a

SHA256
78f7e487341b24f559a7f90174164bdddeb99158c515ff07e0c6d15ab653f2e4

SHA512
a11a6a71f383fb69f2a379e81250eea4df62cafff43831955aa67d95e2f573e93ee0d358a594240aa3ba126952768415b3537c9ccd4c676635194c1a9fd5ba95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9588a9d2bcf968db2ee317180418901b

SHA1
f5a9455e23249c90470231d1be992b826bf10d12

SHA256
068771e952d59f403f2c2808d354addbe41133452a6798ec715f236ebffeefed

SHA512
faca69e075daa70ba42985264805a68d7f2f484b4974ca0b0de4e9eb28363dc11dd3c8e1b937d415e27560bed07bc0e2355bee6879705ccbe1505a0009b4a608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46a63bd2024cddfe7b945817a1b5e2ac

SHA1
68b7e59b0653cb06bfba0d477d8f1ff03f9a16cb

SHA256
91a4486fd7d93d89149a7d4dc0a410692f8f8b0a1eb27e127dcbe975928b5097

SHA512
bac82c5e11578afa465681f5dab1b443e5a8f6f57eedae57bd7529f117902b9ee458a345e0b316d1865e42635c2f199fdf3e5cdac58a34850b454cecffd8d2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7220895581e344b2abb92c388485b5f6

SHA1
1968ae488a3c008869e408e1c4d528ac929a662a

SHA256
5cf6308c7b9e338d3b4d1895c6115cad35e40b24cfe6e4e833ea1c92e0a545d4

SHA512
c63fd612ea31d8141815359418d690a62dba000fb364fe8cf008941774d62a626cdecdf7834fd8dfcfbf9019ce911cad449896b0886f2bdfb87fd5333396f5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4d5d92c7a1555733c11dbf2f0b6bfbc

SHA1
9c72dcf4fe0ca1808b5ba64e03806f65dfa84bf8

SHA256
97811bde808e55bc522379c79284c62402ea54be9576d35afdb49ff0b4d07534

SHA512
c6c836eca33906dd370b1f3263ea3ebd944b18e724bfd67a9b8dd908111ce9dbff4c916673514abf3438e14a577fa2942ad48c5efe3c9ea2974d0e6b6ecab834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
60521ae9e47b42b54279695245ef97ec

SHA1
c6641218bf329fd0071c04a626f41abba00f593d

SHA256
72d9ca956258cffa439b6b51756dce08b4d780e8c28ea0b52fd7fec5f09bad8a

SHA512
84bb9d6f4fc3106e3d0b750fb3e5b11144983516c54f854864e121a25ac99d99e46468fccc09a7fa70b0f3e09c8e5987395da78fe03f6d7e739e136d0e292de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c23450393799ca1c3b3f77825c5149e3

SHA1
633c83dc1a2dbb6c09e6e56b5af0e0fcd044691b

SHA256
124fe06b7dae9105e5d9a10b03213a151f1bac5bb1efd52007c41f6969375d0a

SHA512
d43a5547e382767931bb9b8244fee1039465099ac16892fd74dbfc7132a3adb21232b28050a3383771b1763bb87a112934fb5733d1af2b9e30417cf5a1fd543e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce2bc3b70361cd1659511a06a9270475

SHA1
be8ef249879acf413120d33c2b05bc3fd42745ea

SHA256
28f5d381b398994b2192d1254e211474e20f41f295b669ec5aca5c56dc6be75c

SHA512
49faf4b7f04a646b17751d0135d7a83716b98396d46a30df8d0673a6866d130289ef24d9678cefd49f21ec2607c0f0c2858c2481100451a1cfb6fd764d2f0076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dcd2440f-bc00-4b1b-8951-82f14b383880.tmp

Filesize
1KB

MD5
ef5e5edf6f8a4f2cf8b55c77df208369

SHA1
9c76a2cb3ef2e22201a39adab86800d2b2d34056

SHA256
a4a14ec3d81d2a2c59b89fd13557a5e90c8b8b44ed7beea4fbede30056fdfa92

SHA512
fb042a59b2272ada4325d1bda3e33745724c5b307a2cbf68cee68062c01ab05c61607dadf0bdfbbb4daf21c45a470e028cc2e638a049ab42a7859cd06c65c5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da4ef85e98e8eb77e2a91778bdece253

SHA1
c78baf41529604856415e9eff572c788c76789ba

SHA256
063176091cb56960898aa0802cda0c2c635bdca04698fdf1cc520ade003768be

SHA512
e71f6ccf41af5238201b0a22107b74e9aec0a527dfe5589428b8e918587c8b51ba1317e34794446d81ac89553ff0ded12138e9c6ade201a4aa8ac0269b8c817c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b239c0286a9c2ab5696f5b4476c5e8f

SHA1
c3055201b483b55b91cf8e9748a5cd192f7b1b83

SHA256
7972504a198feeaf1445a71b8b018eb1f1ea1d5cb3059a3466dc720d5abe7a3d

SHA512
a5daae5857fe573da0f6f80081b7e79c291d951051ee58a944a4b7f410a213fc209e913d1678415c2ff513d4e07488df0fd43dddb0d2da72430284bb598b14e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d2f7b6203a7fe2190fe21333b28de20e

SHA1
97f183b32e18e5369fe08e99f8d3a21675312f79

SHA256
85181a91cb89b9f200e7523e39a2823b37a2bf577f4490a8147ecc666404eecd

SHA512
7977e015f6a5cc38ad0e865a2f9b3b2e9b27fb16474c273b6d781caefc82677231bc53c212dda4abd47e6385170d1da17ad49d0f5ab5fd7f7b05164038868633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
105B

MD5
acee1ce72c2ac9c21eaddd22a4f1ffa1

SHA1
aadb344de2696cc33125f242dc1cf1e5e789126e

SHA256
1d589f6b33fa822efc6a1a7c0ac2c2dbfff38353dca70203b4245918b92c0007

SHA512
54a05ad0e23426c22858a97f33c5d966c765a21f06ff0f835d9a731f27d3e1c05aa2aad54d9db122e6a0790688680be0d06032aa31318e49a82ffbe0800c3c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt~RFe57f52d.TMP

Filesize
112B

MD5
e3885176205114bb6f8c0095118e2d82

SHA1
4625930b9a929ea9f48a352e12ac723fcb3a2c7b

SHA256
05ed84577e72ad4cd011209336d3704af1fd2af9ff9104592697215ad69a955c

SHA512
e8d0ed004df2cba70bd428a6ef9bb1c0cf7bb03f1d080728c6f869112bc3beb82f07ce54005d5c3f242bc1720ce9ec090ff0e1d2754485871bfdf3910e2817f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
54d854f6e36b035e96d70de228edca8c

SHA1
dd0d5c4cf3eb125c0008fe805cb4a3560b1f3652

SHA256
b0bc12b12bb477da60f955326987ec9c4937ff5b35326a0a33afcd2effa6e0f0

SHA512
ab855254b0d6824be9b190bd2a79f433dc512f31a056a48f05a82c3f571b791ef7bf67c92254c9379c629a006deb4915dbb5e73935802e9697ebb70a6b68800e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
ff73e9f815ef58b151ca5afe1e5d781f

SHA1
232d99639dee5974200e5586421192ddc4ef409f

SHA256
1415511f629c03b3aa9297d8b99c9241d8219e09947f84246898c3ffd78a402b

SHA512
f6900d29f7a80963c45d0b4a23593ae75f7968232e98080da7794e9dc9937068d746f6b3494528c6c8a11c5ed844c8592eb81333c8bf4a19e0e6b9cb113376db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit