hxxp://fastweb[.]matters-solution[.]com

Analysis

max time kernel
87s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2023, 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fastweb.matters-solution.com

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133311540607519248"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4692	chrome.exe
4692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 2204	4692	chrome.exe	84
PID 4692 wrote to memory of 2204	4692	chrome.exe	84
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 4708	4692	chrome.exe	85
PID 4692 wrote to memory of 1984	4692	chrome.exe	86
PID 4692 wrote to memory of 1984	4692	chrome.exe	86
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87
PID 4692 wrote to memory of 1080	4692	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://fastweb.matters-solution.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac5609758,0x7ffac5609768,0x7ffac5609778
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4792 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2772 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4912 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4992 --field-trial-handle=1848,i,12377960300686666659,7306968034517328779,131072 /prefetch:1
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2616

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
43a91396156037d6c57f40bbf60d6235

SHA1
8d7931995f618140ad1bdc6cd99d5972d9494bce

SHA256
60ea70648fa7ee7238836a04eca459d5861caa39477f4e85edaa8cbb86c96d8f

SHA512
3ff81c8968103c0d94004ce5f571424df9c4ecca344ebb5c31e9e8a560213d01e836f3cbbdc0d70b68e1347285587405259d1f977c7de6057dfcf8b6afa33add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c36fc4c55a567223d284a7be81bd5483

SHA1
b913f12f136164f1a081de3e2e1fca1c4cfe17b6

SHA256
6de73e9de2650dbff97f1bc08dd77e8caebc83c6acac2aa29ac481bdd94777c6

SHA512
af4f68f5416f57e105ae3bd0fe14fccdf85a32f02cb5f203ffdd31fe4787d308390ac921c1b8ad15545958a774a1a687ce5ba54bdf41202ee4a4ab95f777b45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
ba8693584051c7eb783d9af6e9c35e8e

SHA1
55435be798ed28abb250e6f550e88bcb059f8cec

SHA256
1c192c1ec1218f790ed88705e3983c747279d5d89a57fe0385976968cdac5701

SHA512
fa0658c0675da26ecfacf440588b75b909157ccc8a1675122b5a38a3a585ad309a333eda0ed39538947eb6bdc1f69f0c4da7d2d644ae6a1150c39af6b36a36a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
ceec7a4536bc32c966b8671853c16770

SHA1
f490a6b3ecdde84b5bd86c15979faabd0ccfe078

SHA256
863e74138ef9d735d8126b6508b847ffe76e053639702fbd7658fb33f4ddb765

SHA512
a54ad9c28789bdb59723ba74d0529b51fd33cbfe63f3d57c3ab997476480d121597881c30d8366f8699cb0720f7ad87ffff98dc17875d9279efe92593dd0b202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48247e4ff7e5100fb0e23a05721d2379

SHA1
421d73de8b0144bf2732dbf35b70b60a5b416f30

SHA256
f2a0eba232298b04276b9d425868840bd5caa66f691706703ce56d770b468fd8

SHA512
4310280ee34b69e4bbfb8866860b3ff306bc2795981d3ca79ebe4976ab35f7a8986c0876c88e14129d57e7b9a6947bda26e39e9d53dd5e592e61da74fc7d16cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0045b8f7b849bb788c96107cf5c3b487

SHA1
c80b1005dfea3e2e6e78a5512e88b3898c6dc7d4

SHA256
edb3c8de5c08ce14ee6e25df54ff75fc718063239351155d731b7f58e7bdbc4c

SHA512
2dd43c17049a0957ba2f9d2264f5ee7f5d7bc1c23101fc1f4af2b82233d7d459e0346d6ea3e9c75ff5542dad8c5d3a8647bbaf1861b95fbcfb0c548c68334bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
029aa089cd142c2ce169c52853fee045

SHA1
85fb8d2978e8be0a0f0bec7995b3e091fef3c0f9

SHA256
119c64507db0cb040eb80122609838550665718795b232a8fef7a032d7264587

SHA512
0cfb10f95d4a7644d4f2437baf59c53feaf6bf0198cdca8cfa29c68e9f5ecbbef2144f26acd09350a18a0a5cc6f17345ea95ba7b81065c838f84c1ae0ce30cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c9e1ab877a5aa1fca5aef6633e3f86e0

SHA1
e84d0fa0cfb1ad3a395906425125edafe85671ad

SHA256
3e1dc22a67f5ead281e47195a4622a2aa3a7fe4070d27a447dd33a271110e1d5

SHA512
810a20968f88c5bdb1487c618785cda6bae5e5a5144e6230fec3ad390afcbcf4f813d2a7008019872026a7fe6ac6a69cdf176a05f96c18410c1bf9a756754f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
61e0649c6c3f426f83e5ca955d1722ec

SHA1
d509b5ffb9a1a6e29cf6ec5bf36b58f647654369

SHA256
05a91d0d64ad573806623b1a4dcaf9007d1589bb69dbd6f647b33d37105a7a19

SHA512
dcd2ff4cfed5c7916731aa7d6e722295311f363f8d6583b652df33dc0f4891c9043ee197f7947fa285027154d4dc25265e3d0b916927e01739009a8015669d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
b223f2c06ea3d7d1e81b2c74e464353d

SHA1
6da71bce506781c809e4cd425ae7fee3990f833d

SHA256
823c931bb427ebd1c7f0b610addd28ca9d8aa62936eada537546a95b1e1987a5

SHA512
91b734d18fba7c4cac5af56868d2c06269ac3b1baaaaedb2bafd50b169fa51090f5d84879a51b1aac035edc8e4da01670f218f4263366c5e4cd6eacf3179f68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
e4a2f0a90879c938ae02dd79a9da88f7

SHA1
2d87deb17f0777181ee289065a6ee4231420f32d

SHA256
b69de88eb5a658d96d7d7d87af17d43b2c6dc91a6f7a3eb61e98543f0ad12fd0

SHA512
09f32decc6d4c669766cae43f3ed68d6e4cd48b4d5923410129602cc5245ee08b203bdb8df99fbbe673b70a52504790e029db477c8c054ca2ee7e1cb7658aeb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
bac81cbb9b379fddb72e9ad94720f5a9

SHA1
de7df79ed68c4e1e8c101c542bfba02c0f75603b

SHA256
4573fd6fc7795155053df85a2ebce8b4dd2e157ad2e16f39765a915323bae73b

SHA512
bfad9160bb8467717ec788ade874dee3881eb1e10d88a830ad50717e16c6cb416c80cbfbf0134bbfcde8f4ca3e7e8f458dd44c2f676e4be337de858803e41d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4692_1255301676\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4692_1255301676\ff6ca358-47f6-43e2-bf8d-0c0fdc9b2fb0.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit