hxxps://www[.]canva[.]com/design/DAF9VY97yys/C5nzzWLCZKBg0uuUJa04CQ/view

Resubmissions

22/02/2024, 11:27

240222-nkybragh62 10

22/02/2024, 11:25

240222-njbrcsgh46 1

Analysis

max time kernel
151s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAF9VY97yys/C5nzzWLCZKBg0uuUJa04CQ/view

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1808	1344	chrome.exe	78
PID 1344 wrote to memory of 1808	1344	chrome.exe	78
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3056	1344	chrome.exe	81
PID 1344 wrote to memory of 3908	1344	chrome.exe	80
PID 1344 wrote to memory of 3908	1344	chrome.exe	80
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82
PID 1344 wrote to memory of 4028	1344	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.canva.com/design/DAF9VY97yys/C5nzzWLCZKBg0uuUJa04CQ/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xbc,0x10c,0x7ffb98929758,0x7ffb98929768,0x7ffb98929778
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3536 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4632 --field-trial-handle=1956,i,7962443626931588,6703583410934003713,131072 /prefetch:8
  2⤵
  PID:696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004B4
1⤵
PID:4736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cae742b91ce1033ef5730bd69978a6f7

SHA1
2004def55d3cd6b3dbd7fe447b2de9b465bbe182

SHA256
abdc9470b1d4685a6ebe0943977624d8d0e08caf9b0cb606caed126729f8ed52

SHA512
2c6f74cbcfd3051a019441aa8e8e688a792f54a12e9cc4a2b5434299af32cdbdc103135b9c199cd4aefd2ad3e27b220aab23504a28d4234b934c5166b1c5c261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
64b47707cdf50ce5ab1cafa3e8020ad7

SHA1
7c1a06c2beb402c98b34aefa0d8712c2f7087538

SHA256
bfaf857f31623e307b278114932de40b4bb6e7e6d87b88d34c13bed9ca70833b

SHA512
8953d67d531c7b3232ea1ac6f7847e8a81cce6b0c7cd642ca59cc4260bee245e273ece7be59cc752e84df7f00f5adf847baec136b2b12445a0308808869ff3a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
fc3b4166d49968665000300c3839792f

SHA1
e4e52c55d6dabc44bd1535cc0a0eeaf52979ac91

SHA256
322a529520437011a186a4b7ba9ebd8b06b3898b8ada0a460bc73f336509de43

SHA512
88b6a9be448fb69be86ece4d4f1701e7a63fbc9741370c8976140e85a303125f67bcb1e7d14f2610961e90c22fe6ff00f4191f8267adaef083f1e231219938b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
95664995a383941cdd0d423e0a509ba9

SHA1
63696c475fa4d9dc8ec3d3dfa11b3fabdfa1f682

SHA256
3e8f800c8e3291e41ec34d1d15ee90a8c17e66fa04b7011399cda36de9b88f99

SHA512
233c632b992373cf3833bd85f26dfebd94359094ad6df0d574fbcf4afc683a5a799454bee01fcddef63ddb39f27f926c27b7a00717b638fb2c3b7d679d195dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3138acf3f588c5ab2c534eee37597ca2

SHA1
808c2d283f880a29ed87ee93a0235418e1d29e75

SHA256
833cd61eb329ab27e0f6307ba4346c13728c276e5006b216cb8d266637dc5aa1

SHA512
6096330e2c7daedc1942c7b0a9ff21e9e5344e60f2b8b921e26f3cadc69c0d655c8598b94d6dc5787bb2b1f94c09ac0e5e60568073ef13b55cddfaa069e7bb63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
9c7a038bbf4047ced8c0d6e6c4fd050f

SHA1
739827d71bc781568caedc171e482f21e6c2fd07

SHA256
aa08d52637750fce19579bb6877f11082e34233c4ac5514aa21f02ad778cec3d

SHA512
8026213c0008f42151128e5e2ccc70279db55fde242f59a1db4b0926df49b3db5c5b18be1d0c73f594c0c71c6fb3cfc7d5979c0d64406ac990d1f0b02652522b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
d2b10267b643450522c42023c58f4dc8

SHA1
5a571acdc6f0af552c32e4417afbbda7e4be985e

SHA256
faa4f8470488dc572687e1b52026d7831c6d17b503c13db6faf5c09584466ed6

SHA512
a257ffcbb826bc34b82340afe58217b109d3e051f37fe4994628b264bd710ca4fbe1bdf398f7b56305c98f7847c3e54036781a24f2284433211d22955e058fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
178KB

MD5
0f58fad75132d1ecbfbf05c95179e99e

SHA1
175560df0d05819fbc93ffcac5bbaa43da436692

SHA256
afb1537114bfb5b51134ac9f979507693882aaa11bdbac0f9cb1e92585b0bfcf

SHA512
6989f615d87a51de93fdee7ca23f2bc149be76ccae9a502476169680df471ebf8bf89df6657b6e4f4fc8796a4e1a8eaf462ac4474972772e0afbcda2152edd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
6b499bb612065761811cc90217a9aa8b

SHA1
d4c0ca8da1090ed1308913b9b0604cf2ec98be8c

SHA256
bb6ce13b6ef7b04231071aacabfb2f3e2c82b6f7de437674e7c14df8b142cace

SHA512
439f5f3d606678bdbca8221398cf0e12b2176d58cf986f7055286b383ce80a23b8d30c43aec17f82838e19bdf2ffb5c3bd2fb5e8fbf6f3b2e03aefe156bd6b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit