hxxps://www[.]canva[.]com/design/DAF9VY97yys/C5nzzWLCZKBg0uuUJa04CQ/view

Resubmissions

22/02/2024, 11:27

240222-nkybragh62 10

22/02/2024, 11:25

240222-njbrcsgh46 1

Analysis

max time kernel
141s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAF9VY97yys/C5nzzWLCZKBg0uuUJa04CQ/view

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1356	3004	chrome.exe	79
PID 3004 wrote to memory of 1356	3004	chrome.exe	79
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 772	3004	chrome.exe	82
PID 3004 wrote to memory of 5004	3004	chrome.exe	84
PID 3004 wrote to memory of 5004	3004	chrome.exe	84
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83
PID 3004 wrote to memory of 4420	3004	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.canva.com/design/DAF9VY97yys/C5nzzWLCZKBg0uuUJa04CQ/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5ef89758,0x7ffb5ef89768,0x7ffb5ef89778
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:2
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5024 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5408 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5436 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5936 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5880 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5392 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3720 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4964 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4892 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1772,i,14745674519782301411,14644189842122359281,131072 /prefetch:8
  2⤵
  PID:2400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
4c1ea72d595bbed43848c5243bffa9fd

SHA1
d6a113eaa173cd281aa5295015ead863f7fa0078

SHA256
1c9f5498eba826e88f025d62a37478f24d20a4d14d32ee0de0ea11b8bef7a6b0

SHA512
7c8604df15f593ce0c0a966060db54577ef06bed2957bb4de8ac9425b5da06130e7684e65a5f49a4aa4ab9ae14981c2afd5f09240c4f7f55aed1e508a144f390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
4d721bd1021b55d6fd656a9ebe2d581a

SHA1
a27d3c4e3ac77bdc98bde79c31e8665d2fc86e7f

SHA256
df4ac5bd87a3608229ce473ca4d412cf90f9d974e9d654cc663b1a2e0dada13b

SHA512
0238de44398901ac53ee82b0945273f692c9f20bfc2bbdb975eda9753bc299991720b1cafb8a2924e52d8aa38b23afbd8dd9b640b50df67707ed2b0d5fb4fb45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
6f40241d6a4b8b20e62d8cdc511c8c22

SHA1
22ee0a0f593a20a5bdc219445a2494aded50d136

SHA256
ee28b6a1b84bc7f7a66637fb7846719731d5e4e90a3a7db17d3c51cc95c96259

SHA512
fb7d20ccf2b83c006b81c32ecd9406405988984de36d061116bbcc3b8c5d56a00f3f92f079dfc529f7d1282bc72256d3b17059bad37194555d07268f731c453c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b98509f2b29fb1fc7ba50cbe0926b236

SHA1
31181c086bf6dda414c9b119738b9979c0128676

SHA256
6164d4e5226b62987ef10935375ca58dc78a4825b26c4a95b8b0434b0a9da49c

SHA512
5b5fb2a769fc2723f2d37b68b73d407b9cab9d82d58372ce5b59cbb6a7025398eade627fd2e5ae52c967865568426cb657a962b634d0adb984c61cb2bdeb228f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
43f0258b86061ac4c2bf1315b9d5c1d2

SHA1
e2226dd05f0ff32838a436f93677999337fac089

SHA256
2fc53079fe3a3d32b67e83eea7e841f3a8cafd9eb352bd5dfbce907d4e36e922

SHA512
2627b7d61964c9daf19f62f7b8893306e3a15879ff965b0797a969203f625b7ec69dafd9738c1d0ae6ba4c714ef96b3f7bc10dea4262554c8bc572b32f7ddda8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2ab2751cd720e6d263a93183954fb64e

SHA1
e12823230b95c8158fba47e219b02cf4778d4075

SHA256
d5ab84e15a61669f107269b12c690ba05cb53a5e798373e47293f2a8e4032a8e

SHA512
b1ca7be66c470307aabf768b33cbbc8f0dbd7bab0b18c7ea7e29aea4bca494ee8e11f27fbf50d7597d7ccb374b2f78a6e0a186c54e152d3875a3d4b61f1ca1f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4857829d2ea02bf4345a5da487543fdb

SHA1
2372a1f71ce0ace7a6f5f63d66f0fe9fa2d85a40

SHA256
91bc8c848ef2d2e4031f1008198f0899de2f2e57ca96a67abc963a4920de4415

SHA512
fd280e055a21dff98ff0d031951fdc063a303c2f3bc45e5222bce8f68efbf5a707515bd78ce0744b6eb0d89f2bf6f02fb0b17543922652bbd61ef96c9ffb95ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
510f19531f28103c0483f3fb660a0003

SHA1
60ede4a00285225c3fe4a038b349aaee05731daa

SHA256
1a7a8721db85772ae08c63ff702e389b8fc9beda784d385a195312563c17ad6d

SHA512
4e301800d5ff5ea4db5deb159ec232b85ab82d87391a2b1fe7cf98b01eefd46ed1dd3b2460c6415655b9dd8022a1f2e91dc86084cc50e52c502cd50d8ec28f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f340545169c24cae023d648891ed31ea

SHA1
51e0ed97cd3eb8c25656ead0776b5f0d27bf0665

SHA256
5354ae2817c297bac301029d31a7999f2c1957849101cb30951ee5893516eac1

SHA512
4b92c8ae993175459b39c6c26c6f4d79ad32774ff3d1a518decc939eb126af475a30e27d3f70967cb2b469e429052a02378fcebe65c5ace9e1013bbeb5102856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1534eb114ed3935cff8d1bef1c734b1

SHA1
fb005f28e5b1429a284e337ecd5b49bb30e85c10

SHA256
fde070c22e1fb1f9062c85aa060de7a713b6ef99489e968aa49295678d0c0ac0

SHA512
ea3105de46f080f7f4740ce65cbbb30e91f65d1868ba46a6bc65c16e2cf9ead428b13db3ce520b84c5a9fcd006a4976d5cd24397a85214e6d832676b7f8404ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
633b898728e80c60a14683e4e5d9c846

SHA1
c520058e61e88b46bf20fc3306e02cb98ad965c7

SHA256
eb8d62ca24ae9fac75c4c70a25e91d0465e4860742dcd2abe7539490e01b0292

SHA512
d6fc95df24f37c9103b5c8f299d0e16c7870a075961398771f9304b5243a20b9c8426221067acfddf0186b00c22355131a5974e23fa1e417a3f155ee8b0f8b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
edc0232f7ea549d87557b250a981d131

SHA1
5c9141265e39223264dce7f1e54239ed478f3b59

SHA256
05b7f6451fc3edabef44a227294f2b7d3f1136c93b2624c4790d2f71b9827537

SHA512
16c944f09ba31ab423c7a2f76d54b9e0b35b24f3af288e213638fef956f669fc743ce8bd4336077fde90dbbe0d7a6976cdd9a3e5482c803801cf6bb628e78361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab681e3b41929f8ee4b6053e5b4d2dd1

SHA1
dd9d0cc5bd93de500b15fe209178526fcd90cc71

SHA256
a07faf3fac638004326804665069c8fe2ef699ee646eb76af14bca03e0832363

SHA512
40d9b7d48604e20359002a2cc1711b4967daa658a8ddb43ac87f65a93a5cf3619985ec9aa018df6bf65ae80dd3687df1072994fcfacf20e37602977d7f93c951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7284a0bc0a6549e8413919c54452e5b2

SHA1
4e6477e1b5b84ab4bdf4b1697cb865e7682101ac

SHA256
d5df324576afa5a80a0adb7e70863bed55cf58c3a5f4993b2218e224dbac1c2d

SHA512
2485de070f853b8cfea948fd892afd0d183ff80ef9712858676e6c33d931937abbe621abb702997364cfd0b1827b6a5dfc1e0022e3a12053ed325baea14d72d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
07bb946f067a0ed8b911eb820ce1cc72

SHA1
9f7c4babf140026cf6c7b3826083e422319ab555

SHA256
30677d3b9c45428a50c988194224e99acb1a4577585f6972d76948d05dbe154c

SHA512
49a47ebbfc14d92ca8022f2cd58531a0ad1dd631f64d70689b4fd64adf2ef71ba97078ce6abdb98295acbe6b03066f4705bbb71e1af799ba657aa7306093b93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bd266b2b272ce3e8fb3c005c2523bbf5

SHA1
4b88f0d445117afdfcc65a5bdc3fa02929ee0ad7

SHA256
a42d75c0802beea94fe6cd68abc87baa8c7c0c3e554c7100f768ff60c0461fed

SHA512
1aea6605d40437928cadf7eea786e309e427988bdf5871aa885c662192b6217268965d29cebf0a184ef852b3a5959cd6328dfbdfa32a42c065986fe09cdbebf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
291bd72ac1f39aafe452b321e6158438

SHA1
547f081f2b9b49d77bd8c8a5435241457a559493

SHA256
73ab2b83b1bc73e29aaa409a43c0e370a9f9e317724f22555f6ac9e9009614fe

SHA512
c9fdb7a555a2e43a9ad96c6bc70bf453644dde595450e9ca400be361ad39f81b732b00f7abf48c1fbfd5afd2ab9fd0f2b273b0f2064bb87db161ed030fa37d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
384B

MD5
4f3c1059c7b93579ae107327b1971b48

SHA1
81df08dc32e98a53de9421678123408b1490c127

SHA256
e49d3915e0af1b57d252709adfc2cf11dae223e8ff4fd5a5d007159acefa5164

SHA512
5087bac3ba7aa5b88aac01033a8ad6ce1a1954950c3e98a564b9b5b81c38e971f7629d9919314f524ecf93c350a0a71637bf8dd90fb1c05f2c04bc287e93a51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58074e.TMP

Filesize
48B

MD5
9d0d34800741e5e4029f54b167e4414a

SHA1
c49205c18bda741fa4695bc734f67eb5a26deea0

SHA256
6ebcee57434a8841cb03fb794bf09acd75586d27c6631328c6c1c8f3b78caa8a

SHA512
55a16a0b71e85ddc50039e6320e9757f2ce9d56e674f36855ea93cf05e1ba8d5d19fff09cc3e04c0bd48aa3a6648bcb664d60343031af5899e8388e453b91615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0c5a7a5eec995480bd6a6c3f929e1017

SHA1
158cea31701605c4250123c677c44437fe5e8cd1

SHA256
9636fa5e318b96c06cb48fac8f5759c46ebc5d9299683fd77bbc2f4a5fdd6ba8

SHA512
143f3d96717f5c761bcb1add2ec9b80f7d23e22660afed4d778f6ac76700f6d297cc3d92750b9a42d4bf4afd6bc9a5eb0166ad38e2fb056ad311f2051679a7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6663161c88ade72feda1cb1d42550149

SHA1
57ad71c8c5b20647e4929c1e050d9bcf128b4923

SHA256
706051f349147d512aabea4b0d19b1d9fa2caafea999d748decf680b14cd8de6

SHA512
ec62dca791bbec5245b8426a8b2d5d3544505e3a4ecbdac4370f53425c44095ffb331a826e947565eb2afe4ef1a848a7259fe7949785835fbbc061b84faf319d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c796cfdaf050fd69fb543d30449e0714

SHA1
786e1e67fc5c1045f2e3dcb30a79177151870fb1

SHA256
7fe9d09445dba1ff4ab6eb928af2c590ac9ca872da5ab2d4d0286a314ecc0d4c

SHA512
2f1420383d20e074ebc455c5fb471683b7ae439790963cb8eb5d2dc15951d66bc7eb1fe3341ac56463b353b142cfd82edf0cae87623127ef8f09df57ef886127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d2dc3646f57dcce81e1b92b53e62c2c6

SHA1
6bb9f39beec7c02ef88c8b1484c832e5cd9f2f8f

SHA256
5168dcce530eab81a7b9f2a1cbe7600c4ff2baad93c7973bd770ee7516ca1391

SHA512
2b5c4e725f63a2386c5e9b8681ffd3a044ebae0aa95200bfda82c921b836b39479b9be12eeed8c6e1faf38ad9aadee91b84ac85f49a8b3b8e5505cb1349770d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
a540ea4a1531965bbc38c07f504667a3

SHA1
7a2248eb8441a57468b3b31d5c0b190c43ef240c

SHA256
0df753004c26b4cd8287e1f692f9467edf4225a6cc305c27fe9b1d8ddfae6170

SHA512
a24908baf4bc0f6faca31327f9fb177dd1936a32e31ca3db58c19e3c1d16b28cda84f8e9724ba97cf1b1728dcae1c3e165483faf856cdc3d948c115f17efd26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe599783.TMP

Filesize
93KB

MD5
89016d2e68f4d99b1bb46817483ffb69

SHA1
8904449f4cce26ab10af3e75fe4e50f7b4c0ddb8

SHA256
a1cc47127d5541a8f76124a6b2b547af8a8cb4ac1422031bb81b4d5cded9b34e

SHA512
31909b5921edeb2aca69a367e3f7fb41bf24d134b4c4f9722f14abb24f129a1277874be129f6608c2c997db39d44fc67f5be5a13f4bae7d7e81106ce850ade4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit