hxxps://url[.]usb[.]m[.]mimecastprotect[.]com/s/dGfRCqAW6phv7EnjFZfWuE4ip6?domain=canva[.]com

Analysis

max time kernel
114s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.usb.m.mimecastprotect.com/s/dGfRCqAW6phv7EnjFZfWuE4ip6?domain=canva.com

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
64	api.ipify.org
65	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{B5B78E3C-2272-4967-BEB6-5729B84F5327}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 4552	3580	chrome.exe	82
PID 3580 wrote to memory of 4552	3580	chrome.exe	82
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 3612	3580	chrome.exe	83
PID 3580 wrote to memory of 1528	3580	chrome.exe	84
PID 3580 wrote to memory of 1528	3580	chrome.exe	84
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85
PID 3580 wrote to memory of 4392	3580	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.usb.m.mimecastprotect.com/s/dGfRCqAW6phv7EnjFZfWuE4ip6?domain=canva.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffca933cc40,0x7ffca933cc4c,0x7ffca933cc58
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4628,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4440 /prefetch:8
  2⤵
  - Modifies registry class
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5136,i,16469538279801736716,4456277400885784042,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
18KB

MD5
ba9c619e1ba6a9272c44084a93375283

SHA1
dd234bb0c04dd07529c042f4af4416c49c2f5d7b

SHA256
c2ddee50c6c2527c6cc3c0a42f42da348e85f63ead35e1272aa943756d4e9c1d

SHA512
85fce6bc841b1aa527794e12e643e9d294405434e8ce2233743ca0dbcb673504b07dd6deb8c03972cf4d1a65780dd6d0a719bb4394580473b7904a6418add7c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
b511dd852d3451e2b29c1a4b3fd402b0

SHA1
4a8a8093f230e25d8c68f5e864399bf97a24aff7

SHA256
b72cdd75ec88c508649d8c5ce45447ed7c39814ea966bf4aa9dee09afd74716e

SHA512
78ef45616a1adcffb2bc5315e077eea46db840b0c05051afe91ab478536420465c4f5c64161eca9fd0aad6549f24598738b0fb427fa044200f5d4c91ba2570e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\87068a5f-ff2d-4c7e-b8c0-5eb002e66692.tmp

Filesize
2KB

MD5
a8020c023406a8089008336182cfa2cc

SHA1
a0119b026264b59c9d94933a26b135c91bf7a4d3

SHA256
d23a534ec9a917986d29589a29f48e871e9569c068f8c5653a83dfe72ec61a20

SHA512
e39b920963b088a78e6e0ac3ac4cabd6df98c4308eec3f7458c24d1eff3839828c3df1f0508bc165d52aff411d4bd9dde4dd6590a02b070a442e11ba4ae7cc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
59e38a92e349a5de028981127808141d

SHA1
00c26626570a14af9b231ab2f93d9f54f29c52cd

SHA256
d647473df4b1f12ace9aa51df2ef289c1e9b2c99dae69e418928801d1f2b7831

SHA512
ac7100d43497340562b2ed2bdac92ce88846297a5befa540d59ffedb0ea31a3c63cb76cdfa3e02c696abb0270ab51d98500c4afee1af1f48787ce53da0df3da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
25cc39352fd40acde35b24e47a69677b

SHA1
ff860f68556e8756458b560d5229662d15d3afbd

SHA256
122efdd4101cf6a3f54acebec832252ee43e8d4faa5ebf4409aa9e0dafda68b3

SHA512
f1df154b09f5b9b398311aa83863966bc64f90de9fbabd1be6c46fa4307ff3e64871f687d7361818af2ab94ff9558f51b791d6b594f3971edb6f4147c40a3ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7abaa931f17a70576ea377a6bf51283c

SHA1
a7a912bd5e47fe4334ff6157cc5895a4526ddf0d

SHA256
4629a2ec1957befb7b7185a7ea9c21575eb38515850192d8bd6a11c14f7bee02

SHA512
d01407186476099fd83ad8ded7062a7c3e6229e7becdb81c6c71107e02765c3828cd5f1f2fe5297f58a2096476cb97ec3cf19d382e533350fa8b9b376176cf5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
67fd9891b43a90f1fab02332fcf99d28

SHA1
9391a84251b72c65804df946234a685682f65b22

SHA256
5521a2531150525fb8b9a51d99964bda51e9fe771bbef12feb69ef3ac033fda4

SHA512
7490d538e49939a57a52f382e38717049785158b569ab71dd76d9b8080386940cdd5ff61f8ed278bed422f5bdb6951242077440110bcecd20d6e5dd38c56fc60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7a6f64f3a09bb0bbd7b6f329a6f500a0

SHA1
97112a35ef29e9599100a8ccdb6d51b1c4c77813

SHA256
e487cbceb0343d739f2306922335b686623441f68a0f828ad21340fb167f3df5

SHA512
0205a7901212aa77983290736abcbb4c1d706ccc70790f6b55de9fa0fade9ec6749b92f602182e70ec1cb9ba416c7bdf4664432435be72888c540e56404f9f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
88282df0acc9e5c6c2590589e497b15f

SHA1
16853a9973a7df5bccd91f013bc4443ab8f81360

SHA256
8a91e7417c5fd4da857346d24ca3dc73f0cbaa2af08f4816b6dbeb5887b94eb5

SHA512
bbd8375564ab0cbc41442940cb3ef9176c5a4adba4dc6207cd96517068c543290f2e95f2bb3065cc25e6f205c4cad0d9b8b1d60526011abb40eb96e6d86ca875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1444300618a019545dfa43290754ea33

SHA1
2cfec0bab21b1a33ceb6a4977fd303fd2a71723c

SHA256
ea72d530f1c51a101a375e7b7017a663bbe9dd2ffde670d07caec14545d32c6f

SHA512
f066baee62db84cb75b6b3f1999a75b25e4c78bc6b387e67c4f08cfef1a4ece40d70ecf168c16848ba95a7aaac8ff5f594243b28e07e88b9727cc395e371aa23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d7f26fe812ed0611a47060b030f6663e

SHA1
d8d27c3dd32a15f74501dbcd96654645f1bc5f6e

SHA256
6a199dcee73b2afa3373e5a18d2a2b5d5da14970013fd91371138c4399d1c625

SHA512
6c5403c83b49d009845bf1112bdd6f0ddd475fb6e946b85e5cd70833c965e259c3c35472c1acba15b90a398b7061bc1081fecbe26e9642d464124a65af026c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
181c2f5a6d976db332981e07139cfb65

SHA1
30a0baaa4628d068292aef6b07180f62fb60b82d

SHA256
2dead743055315892a6e974750d83164218a4968d831a01989d72c2a408767e6

SHA512
8a7f6a472800525baabdffa4034e2d696643a673b68f0076b1f62f53db994b7da2d7b835ffdba2f3d2487273e499d256bd0567bdb6634b8288c5dbd15bb3cd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a487d34eb4ab35c866819a667aec6e64

SHA1
92f2daad90f616f5e0c7efa112c6f52650475163

SHA256
cd95cc6d995bfdbf54a2031fe0f416d98e6abc8820ce8452f9e74363145f95c5

SHA512
bebff55305991e8f8d349cdac42e9815a7cdd549a8480321896af528cc1497ccefcb8d3b7d759c37e39f74232e862c5e35516aa5b82924d308d14428f55c23a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9d3336a6288293c718ec1fb823eb5225

SHA1
2bce087c53e4abc17fbb6858d52ec3acbeff4007

SHA256
d54a2026e6960dccef7bc54f4d40c6cfc572fa6040fa7b349e7e23a593ef9f34

SHA512
5271da7fe0c6c8c11f3d4b56967f3453bffdc4c1775e396a238fd55afa15b9de9ea6949c6c50983d988f70d16094fe0d046d7313c29adfd5b348183defe7f31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
999588a739c08bcfb3e744dd8f291450

SHA1
9eb032d7aba4ad06b67b3c7de05a1d355cc40b8c

SHA256
35cb7adb29adb3be51bf9785a1584f569dd86e28f83569e72b189fe0004b364e

SHA512
4d2cce83a5d529ee2bda3ef0dd8e093bc25c5279f51e0e2bbd70c0d2790c51d165421b4f67fe4e8e49dabd41735d3a92ada3e638b0c7893f822c56a6aab81317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
756f0e8c6625d34a6fd8ee4d2e01ad41

SHA1
c313571c2fbe609653b312ace331f68fc27d3af6

SHA256
ffbf67e15bfd591b9e97b35622e3fa25cfb468385fc925fc7ceb333d6e64e2b5

SHA512
8062333590c9b1548b4215ccae83ff91925c3c838e80ea9132861ddba354470f2dd11181a44100dec2af5ff7fe82d8348cc21488264f4a59aa37ad4675185853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
16796af6084dbdb17d5bebba3d9a554f

SHA1
e3305000cf6fe4ce63935d581ab1c5d644fbfa0e

SHA256
63cd7fab081cb34a3ee3a36d99c1bcf7a800a24b46acecfd2741667cd00c8615

SHA512
afb9d79a2e4401e4081dde7809f388d1f2a4a7d3445d2b2535d75c1e1374a7fdfae27b5d87f9eab592e134fe7b0a21b9c41a90c167ded5864cbc24f20cff71c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b709e05995388df30b1b6736a27b2224

SHA1
0989eced116529510216cf63f0928043bb042fc6

SHA256
0a0548a905c237f9e383d3d26192785ccf7e2127cde7cd96e95519e7b8e9b620

SHA512
03c59fe47e698ff0d771f2cff211f8f4884d7a48392ac18feaca271c498123f686db1b194dcdbd51dc71a00f2cd971631dd6bf8e08d0407d2b93f5b671dc183b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
178B

MD5
3a99cd00c21981ca99c8fd3edfecf8a4

SHA1
6a73452f71e28c7401c2f261350d220fa58bf9c4

SHA256
d0e1a481863acc4a41a76a3a3ce350f43fd3e78a7b7391702622fa93b3f9d0b3

SHA512
24401e5d6fa779ace5d8ac50358a6c6b40077cb0069ed0501740cbdf82c39c70f1de3723a3dfa5edc26f7ba8a8eb9860045268ee61d882f55db0724722695d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
231B

MD5
8e053642de5443a4b0ac30fa9e7d3318

SHA1
6e0fb4b73f15c2d060222c6d6592a55f34bb9159

SHA256
5338fa1695b07c09d37f7b0bd5482ed264e545f6a7f2c5044380c40d3227a35a

SHA512
691a8045ffa2d1a07812b9f65ee00a9705a6453dccbd48cd1d1482b7306e9ed47db97b5b5653ce9d367bcab29a0bff36478e8e8dbe8c7bc99e062aaf65dc23b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt.tmp

Filesize
224B

MD5
e9fa5fc4f430369cad3eaa682da1a87b

SHA1
bc55a790015bd84f7c263fca793a7f343feb7ead

SHA256
19c37685fa3dd1bed10276d0a5012afdb17ab9df669aebf6b6c6404fade15cde

SHA512
fa2ded53f837707665276120cbdf410efb27bbb6fd4c435cc80266dff2214bbcc464d8bb69dfe1e650fb57118e100ad3c58bce93f7c774471176bbdf7a0c9b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt~RFe57be20.TMP

Filesize
125B

MD5
a9a2876ad9dbc5009549b2ea27141d08

SHA1
4fd233fffb3383bc4432d7521529728e762e1f6c

SHA256
db8efa6e0a13b88081f0364e7fa38a8e5eb33a8b8441ea4d740f165fb8e85a9f

SHA512
80fa1c89c8c5cf8c6d0e34151e443161b780671277f5b511d511f6f72096502b33685c309c472a530e9c86a5a2563738223e6f37dd3fdbce4f5cc60ee3fa6ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
0720d4341e0049d29c21d7c4eaf168dc

SHA1
9368c858f88e69d806024a23064501b85ce74064

SHA256
c083166673f6285ec3dcc00778426a2b34d34306bf82f404142ee341f650a368

SHA512
ae133b7a16efc8e33872d3822e75ef1f5ca7c1a00f004af585d6162eba0617ebd8e1b9021470533d6c326c32833ec01e289e2be8edfe488faee8bda65e69f0ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
40016d556dea1cdea768df6240aa4f2d

SHA1
bef5449c6ac4431c4fa51d56387b14d3f79b1aa7

SHA256
e772cd0376dd367433dd5312c0bb7a36c756f99a8f2b5a9f75694407c743183d

SHA512
a4952fac82d14ad2f5135962bb2a2752fbc555d0d790853a190001936bc40a5f0f67b5e3e63984a219c51ab7ff5dfc0085a14cfd52a9d1337aa79247c1dacd5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
53491e8cd9ac9bbb979df7364c65b4d4

SHA1
475c46d5233c07931d0e332744b8922358b8f755

SHA256
047cd24fcc3d797c1e50b649231da15b06edc853bd09c2686c5da27581f9ca3f

SHA512
1a4d6c768af418743f049435ab4fc211f090d7b9439311f6a0007c005d0854cc2a1ad2d01e50036bfe0960d16dce28eea01c361c16f8f901be428edf8ef7a685

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit