hxxps://trello[.]com/1/cards/654f1532b999899f3f293a45/attachments/654f15490a7351dd1d1cfaa7/download/Creative_Studio[.]zip

Analysis

max time kernel
202s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 07:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://trello.com/1/cards/654f1532b999899f3f293a45/attachments/654f15490a7351dd1d1cfaa7/download/Creative_Studio.zip

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
62	api.ipify.org
63	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597140355891933"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
456	Creative Studio.exe
456	Creative Studio.exe
456	Creative Studio.exe
456	Creative Studio.exe
2380	chrome.exe
2380	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3712	2428	chrome.exe	90
PID 2428 wrote to memory of 3712	2428	chrome.exe	90
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1184	2428	chrome.exe	92
PID 2428 wrote to memory of 1852	2428	chrome.exe	93
PID 2428 wrote to memory of 1852	2428	chrome.exe	93
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94
PID 2428 wrote to memory of 4692	2428	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trello.com/1/cards/654f1532b999899f3f293a45/attachments/654f15490a7351dd1d1cfaa7/download/Creative_Studio.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6e939758,0x7ffe6e939768,0x7ffe6e939778
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:2
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 --field-trial-handle=1888,i,15181214960291709779,16958096726300228874,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4260 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:1752

C:\Users\Admin\Downloads\Creative_Studio\Creative Studio\Creative Studio.exe
"C:\Users\Admin\Downloads\Creative_Studio\Creative Studio\Creative Studio.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:5004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
  2⤵
  PID:5048
- - C:\Windows\System32\wbem\WMIC.exe
    C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
    3⤵
    PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
787a4711bb5eadac55bfc416e22277f8

SHA1
6f1f924a405fcff8f669be457e2e15330551a447

SHA256
1e23fd1cdcbe6e3092a83730f462f4670982d0c1a64f55dbb1f68d0a48ce49d3

SHA512
65fb9d095104aee2f514906ccba746f3160e367987037ca4c0aa21df06acae3a80daac650944bdda8161173cbd18c3290c53f18987b22716b28be2c80af15a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
551B

MD5
2504fb13086c2a89e403b6567ea5cc76

SHA1
e3e68bc3012025183b831b076882df0e5673af1c

SHA256
71717b2c31a2949a1c4b49a08fcc3b5c811e3c2f640518c347a2b3676a6d9983

SHA512
336d9fa39797a692effc679c320dc74b0a0b633294550088f4444d6b3d8592c13b62470321eb1c26fe30b7b66a1444585f0bf43ac3de73806664c45c6f033985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
096809dc0b621fd75a507f8b276e9323

SHA1
ba7230fa12e479991fbcc4835b614b8ba02a8ed8

SHA256
2e654ef93439dc42cd08a8d5401ac43d9938457b315cc12a3551329dae55a3e3

SHA512
b32a519ab4d26a5b50e7bd1b51b7433bf9ac1b2d437441f404017e28bac746855460f52a101cd4313ffd43d4dd578d56166171722cb65de86cc34fa3a679a581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4ca750d76e7535abd218b7a3f0d69327

SHA1
fef4859a7a9aed898b1698eb856082a22154914a

SHA256
c7a421eac2d2d6ca683c378cac0ddcb1d6c66e80e6e323594fbe84725dc75644

SHA512
b68d69f8c5b03b2cdf8d9bd8e0a894b0c9587cca79ded0a35a6826a763313cc9529e40f08f35ca593e5dc3b45768757692451a4ecca210d30f4b931257d09762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
950a990eabb668a6e94e49347d657632

SHA1
e61cb2049f5bc191d261e053c254213140f48eb8

SHA256
b3f6d90b1379796c8c28395e15f60b8595a5a6ef6f6f1df21c067dcf06ebcf0c

SHA512
478ab6134f3872306f7da86cd557a705ac58c528cbf98a52c3ccc8a1d17aeee362468428f57cdb148907da301ff9259414a895a5c489c652b5ee11299400ab96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3212cadf426edcf985b8b586d43c1cd6

SHA1
c2d95f22dc053fa7722956d2d6f0305a2c386684

SHA256
b6f543ad0aa9276b17c3a55b0e8187bc7857f1a35831bec654de9043ea46aa5f

SHA512
d5b05e60c5144c1a990ef6aae17aad3cafd2926300181042112d641877914c04d21335327c70f38cbcc7d4ab0247e594f7f5163154708bf7ce0ab1122ea4f24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b69e892f-8733-41f5-9def-a9fc4017526e.tmp

Filesize
5KB

MD5
4e6a2b1a019d14c74fddee3e8a9391ec

SHA1
e4f6f9d21a329e849e8fa1e777a13cddc2ca73db

SHA256
1e6e9f432f8b7bb9195e9b1a4895883ed5620f09668bafa4de7de72c4fb745e7

SHA512
dd1b65b393bef573833fff27159fb15adf5e295a8b4265e1b304b6c487efe4f2f0beada9c00fc52cef33e097e5571485fc24dafe9b23640c5243c1861411b5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
06a1cef52acb31a594f995a77ab71f31

SHA1
323502e7c4a8ad6f93eb8fd64b6b149e788c25fa

SHA256
aff75c967927569a216f79eb2476c7c8647c2d1b2aeb1c5b21c21480d24f2bbe

SHA512
7baf8684d0dc37d50f99fc28d1e1a2e777e228b4893985569a1e8129e7c4658a8d6f2f81ee0367205f062639c9f7f0588b1aa4206a6003e42c6b47f630851331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Creative_Studio.zip

Filesize
47.4MB

MD5
51d481b8e8c82004fd9b3364007a4f3b

SHA1
48ad2b9b4c0cd49be94e46594219cb9e55f67081

SHA256
80b441f1ae65637a22ddac1f4eefaa71cbb05b0342ec2fade6316656d3115c4f

SHA512
6ffd1c74763faa0fefe99fae1b545d37e5a366e8dcfc5692bd435dfc0b3b601448d2ae4edd4c47850987915dafc1b59be36ec7d14f0d4d79b8215741c056723d

Download Submit