hxxps://www[.]canva[.]com/design/DAF8mCVl_6k/Dbpvo2rzvqUAxCw7-gjEUw/view?utm_content=DAF8mCVl_6k&utm_campaign=designshare&utm_medium=link&utm_source=editor

Analysis

max time kernel
170s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAF8mCVl_6k/Dbpvo2rzvqUAxCw7-gjEUw/view?utm_content=DAF8mCVl_6k&utm_campaign=designshare&utm_medium=link&utm_source=editor

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522363427828863"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2420 chrome.exe
2420 chrome.exe
632 chrome.exe
632 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2420 chrome.exe
2420 chrome.exe
2420 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeCreatePagefilePrivilege	2420	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2420 wrote to memory of 4284	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4284	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4224	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 2356	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 2356	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe
PID 2420 wrote to memory of 4276	2420	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.canva.com/design/DAF8mCVl_6k/Dbpvo2rzvqUAxCw7-gjEUw/view?utm_content=DAF8mCVl_6k&utm_campaign=designshare&utm_medium=link&utm_source=editor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc9949758,0x7fffc9949768,0x7fffc9949778
2⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:2
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:8
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:8
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4908 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:8
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:8
2⤵
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:8
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5260 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:1
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 --field-trial-handle=1792,i,16802104338533482771,14181302222011845072,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F8 0x00000000000004C0
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
1bebd53ccff2d5806d6267bd6c10d801

SHA1
18d5f605090178c10b9af245c596c3e3d64c448e

SHA256
0a1446c153e29ce51cf1e59829178fcee6c98519ac4ea21132224f42435d830e

SHA512
25851e65fb4cfe863d9fc9c6abef4d56873ef0f9f6c0e731d1b780160812a3cd5e13cef5ef1b29e306a3cc4db2ea339d210a23c8b23c5855d903456cb677d592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
88957e3efee58fec6ed0da2547713a49

SHA1
0966749aec3ea39691ef7a5ff9b7ad960cdc100b

SHA256
3440a99f2067099fb94714e77f1389d3d427bef37f094fa675e0db114dd52aee

SHA512
563a0ef25fa425e6b600c2428a18a499013ad479712f2d7d6159eb7e6782a09735a6dadf3db2ba4e87da0e5db187f805c8bc0abf8107b5a3ea7421b631c13e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0c7e8ce3d8b63ca0ba03cd03025d10ca

SHA1
6c507bcaf4ee99e734b5ee4c29ce36c22cbe803e

SHA256
377cabedb3004556050ebb01027403ccb4fdddf8df89a65db404fca846988f29

SHA512
eb5af356bd1ced555a77778d98ce0f72c9dfeff95c338756e14cd08193ea6bece0065d3cd6eb5d9a95f02e5c561a8b172f8a4861a67e3c3864488a737cfbed82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0ce967cc8f4bd704c00b6c572cab05a6

SHA1
5063917eb0e9a800a60fa2e10bfaf990703bf192

SHA256
3dcf747218ea8b49390a0583e00b2c771faaccc034dd9ea70a222b3f636b4cd8

SHA512
16360686758d282d8187bd4757fcba424b054b7e0de7ff3db905cec5540929cfc61e56b6aadf96e14ab9862043598a28e2dc66243e59a429903b5d80976d7e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa523be00f8ce593129dff862200d990

SHA1
1d21d2d1c06739827aa3cc0b7cdfc47f3a6c8dfa

SHA256
b6df6da46d9d1a114651d51dc499563175fbba338ac1670f29489cfced436420

SHA512
045dc59b933c0d280695ae1992aaa2237ae717f364e92fda7549b7a1c630e885be445a9cb5d088bb30c1d3d63aa9d2a8cd1903d8050442107ac517cc4b39faf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b93c6e60b0ce11552ee41d316d70d7d9

SHA1
8935711f482058dd14251b0d6e01565352a0b86d

SHA256
b59a6ef31c6a7a4b95d87441aceaf2efbe4a7ee4a7f43b92d4431f6105e69a8d

SHA512
1a52ba5e535092ec51438069af5eba29819b3f5e149c93d7571146b73c83474f5326876d4b2c04cfc33bf54438a88fca1f438a57d597679d29173aa748080a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
384B

MD5
6d650017b89b49b8ccf11920cfcd8322

SHA1
3bca230ab58758afa108dd0a3b9f826ebdd25161

SHA256
2b11302f30f0f668664304bc9cd5b4b7c2ff64e5ac4f6e342b52e13d5496037d

SHA512
5b67079d8ae7229d308d99eab866bbb8c56aefe4c74079381f362ace0ca59e3793e39a871c0274db72502a04dd960c4defb1841aeeacb9834a6169e0b0460f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ae41.TMP

Filesize
48B

MD5
9a7cdeebb15b13063ec8e4bcfbf862d5

SHA1
e9d0e048cb3b8cbc8ef5f1ccb0f5398f13f1e632

SHA256
76bea84ba75b65a275d4311332e524d280c0e531babacfe7f4fd76171529bf46

SHA512
7857e39afde8f0ba30b04ce16421ea6a37eafa967a76e6c4c3866cd503e6b40c9e98dece2a27788f8677946d2082c6ca2b8be55d0548cb7ef76865d36fdc62f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1bc317b0f3a326a7f1361e6920760cab

SHA1
6775c33aa98c0a564a97883aab7ea3af85c8c2d6

SHA256
813c2593b3198dca70f54610e8fcd44051730dc164ed56a6194d0552ae8315d4

SHA512
df6f2b660dcbaea2502837308b76f92a70b98e034e853b2cb46f3d14b97103eea5b03d2c0035244e2a3469e87ced38f9af756e830c029bef2a21909422767339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
8e86c2d20ac30c32e152ac86510e096f

SHA1
7106307bf76e69e8b97dc38bb04e4e3b8eae5c5c

SHA256
ac053ccd0238e32d61932f87faae6c96b9ac2ef4b63fc4f1421f40561b40bcc3

SHA512
ee472cba887e6af2feb5899f9076283d2b4528b9cbc32496aac91d0abcdbbd2d68b261421c285d4cb00fbfbcc97aab563104b21dfbd317ff024b781514cf59ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d699.TMP

Filesize
93KB

MD5
b5671e9e13759371404de57ad55b9521

SHA1
d5f2df82b41128bae93c70ead7d14842c0a7c525

SHA256
2a70d34d32cffd374e45b1e6af084a14e85dba5e5f01460426e9abda1ac06668

SHA512
d9b6d825f09de7feed1577bd567bb911e1aced89ec7d8100d7d70dcc341a22ed98b08963f434217d4dbc3212b69520a18d1ad3221be394a851d1929d33611494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_2420_EWKWNJKHKWKPBMWI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit