hxxps://underical[.]cc/?ref=sorryfoyoursorrow

Analysis

max time kernel
599s
max time network
599s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
03-05-2023 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://underical.cc/?ref=sorryfoyoursorrow

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133276155282326258"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2456	2468	chrome.exe	66
PID 2468 wrote to memory of 2456	2468	chrome.exe	66
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4208	2468	chrome.exe	68
PID 2468 wrote to memory of 4116	2468	chrome.exe	69
PID 2468 wrote to memory of 4116	2468	chrome.exe	69
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70
PID 2468 wrote to memory of 3060	2468	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://underical.cc/?ref=sorryfoyoursorrow
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa03d49758,0x7ffa03d49768,0x7ffa03d49778
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3560 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4352 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4480 --field-trial-handle=1728,i,1950177768835950477,14191413444192906185,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
1fd17001c1307ff798899000d95d3a4c

SHA1
859f281f09df37d0390e03ddefa635cbbf73d253

SHA256
0d5918cf2f6a57114ae94856786e015df4e7bce5577908d59fc241fb43bb8212

SHA512
ec5e20e7c629d861f4636628f9ffe9accc95e0fa1e94cb2633176f28e229f46cd48b1e2c01319ad7facfb3503b0b596aaabafd849793a7a93ee4dd10d631433f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
740669b066ff1651737db23330b3eb55

SHA1
a5bec9d6641cd0ade3e2a5e29fd3ef882c54cd60

SHA256
9b17029e09b9f638d835fcd6b789daf17371bb9f0c8966d06070ac4587f666f7

SHA512
c426e7ff30734e9529f040e1ac0f2ff453eaa30471e9def6a98dfde0a4b38228d5fa95906ce81513844391770b7bc11e0dfa67916ddb6a1170904a382aae18f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
5d482b4661374745965580018b3db73c

SHA1
012f19b4fc810fd5da762c40330dcf33f4162c85

SHA256
afce9a999934109f04dc6d60cf60e0d2fece500c5f851f2248b04a96e03a644d

SHA512
76ec617d951d5df262ef0a95adf0581657f885278b4996ebe20922d79cc518c774659837a984ad8dda6ba509036fb4a0ceafb4a233595bea743f9c3778397043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
757d46502d4e4f81fb302efd20136f38

SHA1
9a78d0ad0509905c13e914e2fdefde02e14f1bda

SHA256
38eaadef48c235888131db313aefb97c7b9651d8eb90181d92c34164173f7e25

SHA512
64657a3ef8d34d60346705be5a0cebe7a5a8b7704665211f975f38698a67171f46ec55a4a5e772b41ea65604461081f7680b3bb4bdcd6d375186148c361dc47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8abd834a589de9442f14027337a91523

SHA1
ef7f64e9690785f9dda55df60219add6b134627e

SHA256
8281fb5d12e5a9020c3ab0696dce7a534f8954aa29d7c6055f7dba0f61cd07bc

SHA512
17b8d4beca296fca183ac3bcbdd1f13a8c94495561b941bbf035be92da87fb00770e415516ef44250269369c65c9d826bcd8c940b4b6160f428c5ebe392a0d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
39137d36d34eedffea5e3df6c78342bd

SHA1
8e601b51c98081d6edb85a5e674ac5fb09583720

SHA256
7e9f93ba35d230f26a5ca8f193b0668e4c0275b926dada0dc812273223e4f489

SHA512
c50887842125b98e21b8f5aa3bd6050c77c3677f4b505400da64bc77c00d16254b8b54ed3e0c65f4ad3a0008cb0f0c6feed1646ba69584e0b3e53d1dd6a3d520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
7c201beee31771866cbd10455d63feae

SHA1
eb5a0ee50151390a8860d2ceee6be242136c8fc4

SHA256
2b7aa83d083c7534c8cdf3c4526f12471bd3a79c0bc128d14e51f8a0fbfbc435

SHA512
551bf4bbf3860eae608d04bed5e3154eb12726f959daae49e2a16dbfb3ac61a7774698bdb20bae386eb7d40f826c9d89bf8fa87594e346f8632c1daf693889a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
75368246f527492c5c1959edc4d58592

SHA1
94a9c4f85b2b5e2a0b5414ab0c8c05980ef97d16

SHA256
26265ce8c4f00f46e5f0a20eae9cd5922c8cb4d7cdae06f90412983676c4bbac

SHA512
a8c8a7321099de570c31dff34cc358b11b62507933c5f4e750d8d6b6f69e851eb71f2a551bdd99ada2e55340c7a7fb872c887ccd28e79334c5bd71382268a2ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b03ba334c383308523a2ec60a645e352

SHA1
ead0b4181762f4d73d1649cbe13b9f38769b3e88

SHA256
d4f5aefb22d138f7740834f43897d4819327910e4874a2dd1bf4b323e3dd6b87

SHA512
715739c42d3775eeb9b4fd580be36f04deaf025e80c67dbbd3d81a4d2ee8ff707a9f16a8da94dd6adfcba8f672639d37d1948960a8374fea024dc2fb0fa8877d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01e41d2d9374746496e2dd22e28bc7e0

SHA1
aea2f3dcd3edab5167f5e43a9d64bb8d1a16a440

SHA256
da102de0a497785c59fb1433be63b4b062fad809c801a93a2a697f646c269742

SHA512
b001f44a96aa158e57481cebb5c7a6154456358ace03a26046bd9a8958a4b149d27a28611fb2e72b69271b2e47b9627d87916127b84d90ab0503c091b307d4e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
ecf8cfa57e40b7376f872a1d37588ff6

SHA1
a351b270e8a468cbc6f53bdcf401bf0977780466

SHA256
707f14dcf819f2ea81043b841df42a8cab8304a2d820534accd5bb0d67c8bb8f

SHA512
b9689a7a4bc29fbfb0c478b75282cbd53ae2c63b24732cbb852c811d03def43d621b80e5506d1e57be941afae16b2aef326098ffab695ae2adfe491f3654ece7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
dc5c71ddff9dda18a248146b50d0ce17

SHA1
5da29d03978439abd5e08a9a371041bd4dd0f6eb

SHA256
9b1a175c279b44bba182e642b0ceed51a550ef92f0fe3cc08cd881ee78d4d515

SHA512
9eafe74a862a181a139ffa360e3d4551be21a91cde3941bc5ec53181097c2bb64d6c0223713483b10e61e4d0d94e886f2f7f0c239fe4f1a7fae446dff0fa9f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574a28.TMP

Filesize
100KB

MD5
78ce8b4492919049b321c8e301b7d571

SHA1
fcd49ee4e0281f227b0d4330414aabb72d914489

SHA256
6dbbb050ca29284680fe15697b2231909ab2b5700a1a25be6ca17a6adbd3d34b

SHA512
1ada7d41edad0b9bea3c64f4beeccd918de0c00b43fae892280a821c0cd413ef8b3798fd0286b3b526fbdfbca113d1801c6977e4f03b66d7fc31c6de81dd407c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit