hxxp://bcbcs[.]com

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2023, 09:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://bcbcs.com

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336293859383369"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 656	3412	chrome.exe	32
PID 3412 wrote to memory of 656	3412	chrome.exe	32
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 3624	3412	chrome.exe	86
PID 3412 wrote to memory of 1704	3412	chrome.exe	87
PID 3412 wrote to memory of 1704	3412	chrome.exe	87
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88
PID 3412 wrote to memory of 3208	3412	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://bcbcs.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd547b9758,0x7ffd547b9768,0x7ffd547b9778
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:2
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4648 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4436 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3092 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5372 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4628 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 --field-trial-handle=1884,i,17214273106254514408,1133411348357203355,131072 /prefetch:8
  2⤵
  PID:4320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x32c 0x4c8
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ea51d030b0c9a835a4ff3a41433844a5

SHA1
cfd04e10f55d44336573c03f1db4de203f6d547a

SHA256
a0a890621bce63a081391b7bac438cc4deadcfe7d66f98fcecb5c4831dd61740

SHA512
36cfc93d1d1235f2b045baef903ced133d2e19d61253ca8d01a80ed1b04f9be148a351f84433369f5a83477777de8a5905850a56e79c0f6c84c83afc5043aaa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2391300cd6cd7d1415938c68b392a82e

SHA1
b90183c24ee36d037356635fc832a41e2b5233f5

SHA256
dd07d57e416229bb8437665d42e46fb1fe4a2928cfd85faff008203313566349

SHA512
da295b45ad49491daf4673687e200cd10eaf7c97389e2490f1add8ad33950b721fe0188ad589abf3584f240cddbfc9597249e8a40d93de995878950507154eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49d46f295cb89412790fca0c045f3499

SHA1
2d3372378a1908abc16f3c1030f5716365dd69e1

SHA256
667437269ca6e760949490ee69e2a6e07fb759bab42738d66a8d3dc2cf971bc5

SHA512
0c7bc8ce9e7a99c322661431381e9a287cd4a2b069c778a395c8c462ae49529acc6c0fc6e80fa1cf3091bc716a261d2c028c826fdc8e576d69c29df0b83a8894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e8b6d2c7cca2a6969717bde5d56c3db4

SHA1
be9a299e897c5ab03e9eae4d4d8d461e5c94643b

SHA256
a8372a8131d4c098f1c11b5907c6ce771777a8a3660a9af5fd2e17e8bd46f314

SHA512
3fe20392c7e34a8de5eb22b94ea1c1032ff2c32f1a6a556a5a791b1d9522ec1c017a2a8504155a42f9f2a534db285e7ee5bda1578a65447fae1d9fc614cbff1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ab2ec17fd97d297dbc5fa7f9af65397

SHA1
e6d63bb2678d86130e5404831f13c5419b93b1f4

SHA256
f219372a023682a61e17a54fbea079ec3721ed26b14b46d1a1cce6d3d852a990

SHA512
6639da4fc1e745d43166801cfe723441e1cda860aaf960254444ad49dcad17511917c7f68a50cc3acb3aea118e3c79854c3e1f2274b7b191cbe3f3344bbc350f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f3f5e55ff1f4c89c974d602fcb855b0

SHA1
b321f1aa5a7fdce37ff84261fd591e724ec4a8a2

SHA256
812b772ee3ce785fa440629255140c33eb35cca77a33ceab78fa71a0420503e2

SHA512
66e92473611af5a8c09a4c365591fad8f58d56dea08bc39dc96ea7cca6cd48b6bf645a4848ffd4389f4aa785becff97f18653f1149fb0678cdbb368bad42d36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
53e73a482aa0fcd8e7056868d6be0046

SHA1
ce3156634a915f871383bc5c0f1a989d1265fb85

SHA256
adbdc77b19b95618f7432e61958d04d9fe8ec8a738e3db44411bc0acd2df5619

SHA512
049b190ea374d7a4e11ae12fb75510293b6163edc4eb51ff48ea2454de0ccc3762ca825554b973b8805bc4d1fea63c42a6a97aeac04b6c9befbf01b11577c4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b342.TMP

Filesize
48B

MD5
1e89607e8fd4b75bb09dba2c9efdc601

SHA1
b6309b9cb16d14b79f052d6ebf5fc56fe5aaa1b0

SHA256
601f19e04a20df0f6839391fe6d686eb3e0aa7f4c34ffcbe160227be672869e2

SHA512
cf709bdefff9b59817d94ca529d5145135fce88f1e2eb3ae7d2a750f9a875c71650f0ef8e53e5b0ca6b7b94f7fb66611c91cea3687de2e5832c04f8bab03f7ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
d7fe42e57a7be332e8b1a07c30889eb4

SHA1
3633ea951f974974f66a0e6375775d7c78738b19

SHA256
53cc368db5c4e9d546b747bdc2eb672be3036fc965cdcfd338596c4a3d10f002

SHA512
c545928d11cc11d11836159aee37cf0e72fdb9d86f3ed44a4b05e54d05f69fd489d3a5fa8ca7a9a15027317d9259aabac9d82f67914456993345f50fa9dbdefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
ec1613e1ddffaea9b7fe034e747c2590

SHA1
ae66c6d5f62819d7613dd8db87228a632afcc07b

SHA256
9e1f47c269e736c837d4b26392c6a49f3f3736d92979a1c36dad673846d40317

SHA512
cc6ab8cfadc81efb5fb71d2671af94f851f5f6dbc861ad1518d8eba86f4b5abb5f244c8d5842489777f5099d7062769f99a5247329fb7defd2d84c8ff6078016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit