hxxp://rakbank[.]ae/kycid

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
26-05-2024 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://rakbank.ae/kycid

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611796748513813"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeCreatePagefilePrivilege	1636	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe
1636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2920	1636	chrome.exe	73
PID 1636 wrote to memory of 2920	1636	chrome.exe	73
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 2536	1636	chrome.exe	75
PID 1636 wrote to memory of 4000	1636	chrome.exe	76
PID 1636 wrote to memory of 4000	1636	chrome.exe	76
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77
PID 1636 wrote to memory of 3840	1636	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://rakbank.ae/kycid
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff1c899758,0x7fff1c899768,0x7fff1c899778
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2652 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2660 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3136 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2240 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4764 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4668 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 --field-trial-handle=1800,i,2324415334730142368,204105563218781798,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
ecc37a46876a297fdc9c3759587c168f

SHA1
06b6e2c2c7dcfd4a25017314b76170877345750f

SHA256
2249b44312c1b8276fea0b768bf6de9bd773fdc83ecf2ede24a197917dff6583

SHA512
eaa0916db92042c94ca2ee7f7758e5e264a92fbf1b0684c1f88b9526563fdd31034d3b22e81097a650ad07daccf55d8e3ab43c680df53c6f91c1ed8a05ea3089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2923b95ee66304e499aa2c49c1020959

SHA1
7e4c3770a2a8775a3f8e5325ecf745eb43cbba7f

SHA256
a1b8d4be2149cdad7d48944a42ba837107cef12d0280b3f43e2b4e11e6c7dde8

SHA512
f7c6cbda8cf22c5ef7381bc7378a12a198969542a9ded4208b6576eeabf6357c904092d02fdc18c082bfb04eed655b25f48143932b679b29080df725ab4530b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d77aab5b2a45a07f4a5f685df3765da

SHA1
be8b851f3c1a07dc5738a1347ec471c5d117bdf3

SHA256
e910365c26f502c7b3a846f3a6c0a6e54d58cd7bf8e53d27d3ba666740dbba9f

SHA512
5b24cb19d98b41119d91a8e6121645674a731544adf62b4a3c0b1baadad9c30ef5bdf3d05a00a9cb706ec68021ea45529955313ba787de6346d6c97b2ea50e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d430cf7c933dd97d1c6c75fd4a801683

SHA1
fbc9c8a0313ee0259e8bfc348b96434248c0b193

SHA256
6c9d3439a19c073f805b7f9da799ba9850cfda8f3f85501fea39df750a4a074f

SHA512
d07e7832df17cf1d49c0c892c999b1d5873994f7cd5856fdd19d9e1304f37a7b38934720d521e7431345152d92f6c2720aa50ea48c97af0a9747ec7635c5e47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3080ae8aab85de9175ef8bb4600ff44

SHA1
02564735e990ce60aca588f6b7196b52b9dbeaca

SHA256
8839c6dbd4512451f1264c914d12f8a0adf0ac91f41bbd9a1792549c45b2e006

SHA512
379763336946aae8d7e69164dc407390a433600636c8a33103a6e049a6f1222927232591bc2f582e3e739b4ef2cd3a852529d73ecab4e467ac92ef3377eb8a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
41c4199483d513b3c5bf7c1d267818b3

SHA1
9d7bb24d49a31f51ad4cc4770636ef9b09249c43

SHA256
a6d24609cebe2e7c4a1604767c4d48887c242ce5e4fc2f5c0f5409eee11056ac

SHA512
9328d19a522daefbfd9455162e59e3a5118f1c9d7795089639becc3919e88f928286872bb7ea7a61ff14786d5a372abba979e029902cbf669a7a68c51bacf3ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
3923e529018b99a170c581860c9f4586

SHA1
772e02a4da30278a39d84e56b26def7434bb9b4e

SHA256
5edc1666770a9a584b9c57d6d8dea937b57127da61b3a78290b98d4b07bd2154

SHA512
7684220f8fda2116cb405d6280f5a51d3fea290aea098bc080cc3323536b3517e714573dfe47c698463521d42fae929cabaa0c3ad121a86da5f1392fabb21c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
d810f85b71be4f2075de973ff6eb0b07

SHA1
f3821a2e8421a2fe9659eb6afe77853bf0fb46f3

SHA256
2a6651bd505d318311927068738f84af68dac98e59353dd991a59d35001b8a0c

SHA512
6458f59d058bfb398b9139a6ac224d60a0d109031695a6fbb3e1a71723d08fc54cca6988490792e6e341a05a67c131f2803599ebdb6dae1ca19f8654c2fcc400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58338e.TMP

Filesize
91KB

MD5
279453e8984672609907f5abd9b5f974

SHA1
0c6096695694e0547a574e2f0dcbbc5fdfc1407f

SHA256
6d02f7443fbba62e022d2d00d4b467bbdc8fbafb0330a13a2297a628cd922e85

SHA512
f118c4cf15f729a0e129c0e522a35645ff324faf5140378116d41bf2edf7bdbe20c583c3f670d0073c1e96444a323b745a82a02b7a838122e23ee576376132ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit