hxxp://xylem[.]com

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2023, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xylem.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331562507490496"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 848	3732	chrome.exe	82
PID 3732 wrote to memory of 848	3732	chrome.exe	82
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4968	3732	chrome.exe	86
PID 3732 wrote to memory of 4120	3732	chrome.exe	87
PID 3732 wrote to memory of 4120	3732	chrome.exe	87
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88
PID 3732 wrote to memory of 4556	3732	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://xylem.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd69f9758,0x7ffcd69f9768,0x7ffcd69f9778
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2992 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5200 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5392 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1728,i,8114786467786965699,16505603974531309460,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3244

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x310
1⤵
PID:1556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
107KB

MD5
c5e3e7d7169de30cc1b0924504c26170

SHA1
66253afdf2b74ac040529e0cf3c3c865392ec6f9

SHA256
ee4dd15ed4f7e6d6e6e52b7e352e5435cc8e795c1e2e8a91f439515720a3087e

SHA512
e46f15c0201b375739c7173cac31363aedb133801ed0985289f793cbf538b4cad0a468b4ea1132d31779f4eb752aaada4010de6cdb7c34fc7f16b7597f3fec8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0424edf48b2814b9fd644d4fc69d5062

SHA1
17b127443a0ddce8fd1fc0dede17dfcdd56b2956

SHA256
5f812246efdb5380f17a9aa50f57e8ab359cf4f95c29bdad42c72f3b8000752d

SHA512
1db8aca45969256333db5472bbadf02fe79330855376010d5159a463895028c0dc60a762434a48e61e51f257fdf5e5306c02331778c57c3b30fd312254006155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b071a3afd8408aeaaa1a9f7cac3c617d

SHA1
1a56470040993e64f128f914148b39efdc05d70a

SHA256
80b674b22aa243ad4969746ced3e0d7311dfaa3d93347f90b907f5bb8660504a

SHA512
f33e4b95772f1360afe9a41ff543c52423d37760d95fbc9097108fd278dff52574ec279687eea87ec21bea47cdd18bd830efdc8d8ee3e98852abb7d825998251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79680971e7f5f2b640239d6c486d16a8

SHA1
9270a3f42de757ae657cddf32aa8ed8b1c7dab2e

SHA256
c901a7fd97b30afb24023a01ce02534127ad2c607deea697f5e63412a4ba79a0

SHA512
d0c86a8c0c2c63db2e488d32e83255a4692c9b9f0bb90a8f8fedf5ab3c4b5515dc7e2de583c35ad509061f488ac8b4b200113192d62f170f767b51b11473ffa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ef99976988baff04d983e4417247ef0f

SHA1
2c2cb1482db87da6f96197ead6f9ad07fc9297d7

SHA256
21657cf6ed1daf5673573c6b59317cbb88b4d0631234eeac1bc991f5533c6c59

SHA512
bab61e79aa4f74d4ee6ea2a1f2825656e452e3399d1ed66f8c2bc5b1ac5b19e26131b5566cb091706d6749377af412ef55660150027f079ae1ca14a2a0dfbe8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a02588125d49d65c6d60e68cbcb180d

SHA1
215fac4046e773840d48491a2227bdf7f68fd494

SHA256
d8791fdb72e599331f69a6ab7f209103360b763e0a6299a80492709db012271d

SHA512
3e625f872396a76552a248d57776a87f9059e02fe69ca9188af7fec6afe4c043c8be4ac928e7fefd94d2673f58aa05ac87af42a7648744c1a3ea2fa110897f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ecd1ef69a52207ae445072035f18476

SHA1
2eb1255066730ed33d8194fc42c5692fc5f371d2

SHA256
a00bbf55a4518305d4b942644e5f5fe0f45696aedcf4b29c97e1e710c6d44894

SHA512
13e7bb3e9da6230b212e0a9260bccbae20ead6c99230accd1f51334cb5ba4920c1d8e2d50167468c940f8c2a1ff85ff7a08bec2aa845ddac28a23ffc28676fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d297a347caca1e8d6c4b26c65babceb2

SHA1
a7521d753deb531d99521eec2a1877b5f9d0e979

SHA256
238cad2cacda8775891188ecadb35b5ff65e9e0a4de0122514dff9f430e1e2f3

SHA512
621e61490c2364bc0ba84ddee63f0051478cf9c3e46e0b0f11445a01e35cebd73744a64be61671933b7778ad5783c6bfeacd492419de875d8b26528fd230b0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
90f67d26598b846e5c17a90d07dc7ce1

SHA1
bbdc1dcc99af3151787ce6be34e338cc8a7d9ec1

SHA256
9ac204511ba1279fe2092340f8e727debdd3ca5864f01faa0bc981aa0b1d968b

SHA512
1ed662d0fca6c92db753ab7501cdbc71f969d4ecb68d1dc0030422b5ef748af669e7e1b7fc4b9594c0002d6feb89a9f14ec25a21e6fec2e0999a3638ee0a750d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
f73b028e6c8699c7a5d8f422f92cfd84

SHA1
3750a7dccd34a194511723095356adb5933ae2de

SHA256
76430af08d2113602c520fdf02366879963babacf7fd79e35aaa947e6171f7f4

SHA512
d8c832edbc1a2102d95a317f2037f8af99b473b3a2df6d80def4db089fab8149383c72381319d62de4f3a4df55269d41f9d1357e81780d420623daa6b6b4d1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit