hxxps://amfr[.]ru/rk[.]php?id=200&site_id=s1&event2=banner&event2=click&event3=1+%2F+%5B250%5D+%5Bindex_b_c%5D+%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F+%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0+%28%D0%BD%D0%B8%D0%B7+%D1%86%D0%B5%D0%BD%D1%82%D1%80%29+-+%D0%94%D0%B5%D0%BC%D0%B8%D0%BA%D1%81&goto=hxxps://akcentre[.]ru/bitrix/redirect[.]php?goto=hxxps://akginds[.]com/fav/dist

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://amfr.ru/rk.php?id=200&site_id=s1&event2=banner&event2=click&event3=1+%2F+%5B250%5D+%5Bindex_b_c%5D+%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F+%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0+%28%D0%BD%D0%B8%D0%B7+%D1%86%D0%B5%D0%BD%D1%82%D1%80%29+-+%D0%94%D0%B5%D0%BC%D0%B8%D0%BA%D1%81&goto=https://akcentre.ru/bitrix/redirect.php?goto=https://akginds.com/fav/dist

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698731977675773"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 4012	3148	chrome.exe	83
PID 3148 wrote to memory of 4012	3148	chrome.exe	83
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 2512	3148	chrome.exe	84
PID 3148 wrote to memory of 1992	3148	chrome.exe	85
PID 3148 wrote to memory of 1992	3148	chrome.exe	85
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86
PID 3148 wrote to memory of 3252	3148	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://amfr.ru/rk.php?id=200&site_id=s1&event2=banner&event2=click&event3=1+%2F+%5B250%5D+%5Bindex_b_c%5D+%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F+%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0+%28%D0%BD%D0%B8%D0%B7+%D1%86%D0%B5%D0%BD%D1%82%D1%80%29+-+%D0%94%D0%B5%D0%BC%D0%B8%D0%BA%D1%81&goto=https://akcentre.ru/bitrix/redirect.php?goto=https://akginds.com/fav/dist
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab4c7cc40,0x7ffab4c7cc4c,0x7ffab4c7cc58
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4984,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4956,i,13485472875548030727,9208573993110524275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
64030ae8d9b91d49248082c9750d58a5

SHA1
3588206c63dac7789b65a462ef6bc4357c63d4ce

SHA256
5604ea101aaed2ded68ebb50d9b8f94bb8f9ccb99d5762bbc325cb3d4128c1e9

SHA512
f5e38551ba44a511587ad4b9594428523811d0bee5d8a65fb50ba3578f0c4eb0594fdf7727e1f0ec3e2701d9bb21792106ce1438803d9b9e1ba9fe8989b13dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
227a89e73d05078d29ff411fd17bc189

SHA1
d2f02795b1711211199c4ff19a6744b7c72ddebb

SHA256
6ddbb9f110dca58ea118935eb899ebdcc6d9acc48ae98a688ed3f338af53596e

SHA512
fbb4635d5ebe5a746c7fbdad1fab5998f3bc8e7d5e720e16f3f7531cad3502cb966dbaeea9a1bcc5ba6fd4a508ecf5c8959d3f4c37438d3162054bc3da472685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
890ab5aff28491ca47da30e8e4e9450a

SHA1
25f13035a26ffe588ec2c8cd3842ccdebbd21f9e

SHA256
3fe63972e093e8e348f2e18f63d4b45e792ae68b4bcfbfa4c83d63819fee61fe

SHA512
0c458a3b55474cdde1362ae5243c75a8c29b7c759b7faf1e53dc91613598468b0c749818b5ee2e657356356ffa629f44e63f088cef4fd6adfa78d276044fb189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a2902b2f427252c43737a1c942c8d723

SHA1
9b5059798a8dbe37ce0b9c57a641cca95e8898bf

SHA256
00012f40187074a7fdd16617600d44fc8a5805ab78855945c5222ab056e18be5

SHA512
628f4b31af39874ed5868d1b2433c6c9d0a135044a2cdcf85826b6db28c0dbc91c53577642f4c95e1f5dfca6a8486ca045e0a73af6164ddd84b394c7edea9f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1c9a0cf0e2a8d71eea8f60cceb2eb571

SHA1
743145b885c3ecc452b2968a22607abfdaf42b8c

SHA256
a8e60863d885dcd53eaba3f626e075774815101840bab7791f0256cf508f07c6

SHA512
4e2b50557f4d2387b615ea171096e8ffff78c4ebc41ae1b0ccc258edeead999c1ff6472437411f7290d03e93b93614fc13cdc00a9c44721dae577ea7cc589200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
fc57dbd34a61b00b3f981d87b7fcb004

SHA1
1c36e6edf3d4e519b42972c0802f4de8f19a1aae

SHA256
419690349d2db6a4714c249c94f90200531007d62f7b249452a05b33d9817951

SHA512
c3cd78e0c787cac94c77a396e2e61257c451e87c7bb10a8276ae6e6ba40b312db73c2afcf08c5f9c709315d8dea4de680f53bccde7bf450fb099f0084733a17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
187b0b4323ef99cbc1338daa32e8493f

SHA1
4ceca2ee81c852848aa6c098c3125864b13c5d14

SHA256
b20a75a39097fc0644b03114d71abb8a94d14569d83a18e37f32d32453da62b4

SHA512
f38c98f1c0672f48c552d7ce251021fe529ef4f95b26dc579fd095342bbf7179e80985cd9f532302b1a1f0675217388134c586eff67e02e9bb9e3bcac35615e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5641d6e41011a30512e86863c2f844b

SHA1
5d807661301759e9e8b93f878e57b162d73a50bd

SHA256
dc2ab9e1b3e4c69b9c782d75ebad4b3c782a01cdfade5f10c8838e5b3a3ab019

SHA512
951ece99006c9464af12595315136bdb189f20a000d2bba188b125df353c7ca69fbb075b922b516194e70fd0f96732ccd17d742fc3a8f6059225ffd85838c3cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f092bb3eb003699ac12d1e257af8422

SHA1
9d90cac00a1b7a9b2930c5de4140f3a914d169bc

SHA256
66c9fa9cd3caa91c5e663283987226c7712c5ddb4f3639a66567a53f4a2252d3

SHA512
92e93856d89203f2ff12bdfc6b5df54328cab4efb0505d20d8e77a6e110c3588ca88dbf812fd793c448301fd721d1fa2515ecaf122adfd69d8de1e58b7bf8084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd5f7f8df1d1b9d852a3c5a7cb8716c9

SHA1
40b33226067aad847fd7a652736099e991b623aa

SHA256
b414121aea0a245d22ecd87b9ca94af731a409b5d2deda8f25e300ed13332ee3

SHA512
0fc18187959a9e930849bd420fcd5df262aebcdc48fe84005c639b55f4d5a1ba8599cfb21f6a7420c4ad1405c8ccdcc8cabe90a13c5132ee376422a49256c6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
772f8f462eb7f6c5da5af822d445054d

SHA1
f88d8e113ec2489c8b58c433fbfd413f140632c3

SHA256
f34816cbc20c30bfd33659ff471098886b3dc8ad78b608d143533d8bac882291

SHA512
4d4e96a925066a2f67a7ccbd3b9a135b8f30bcc0f490e58c8dd2ed30266148906f78d5310a8b33420ac50d164f8f964ee1e8c715d633edb6aa501cdac2d02e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e30ce1d4ce8f45c7a8f907a81151b67

SHA1
df5d89c9491f816468d0f69748fa124896ec4313

SHA256
2f29dd0ab54053ac4c6b8ea6227221c5a31dd840b78a23f8524f196788aaecf9

SHA512
7ede0c172e0b37e8d9389a1e1461cd906943334fd690083ccd3d9c5ebf98bd5d8ff72ec34929403e96df710826c803a6fc1e953db048447c6194c5b856debfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e84b1f0e5c51239f41424a9235976add

SHA1
e6c86176a18fd8c65440e3834ce982d6fe3552e8

SHA256
697d94f3f3deab85f0e6cff6b42edb330ae936ee7a2c34a2a077290a9fc2c243

SHA512
96159931e7fc0d0916eb82c57a8141a9f697654a84d4837260a46d5614cdfece32f552a874f1c76bfb86549089d361259d2e7a73b110b5adda091ac856ea3ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
519dc1badc953c5ea5b3e32ab0fddd1f

SHA1
8b14f3b7d819172d67fd5f91ee38e20f0d497a6e

SHA256
881cd0bae2af8f54cd2955cbbeee66a99de9409d3382693c8a9449e9c4e6d56b

SHA512
98a1c8bdf38ac1330b2731821fac7bbbc7d75ea169c4872166c2051289b908b4031dd03cf9daaf6bea161c21ed4551ea95e512134ba9934cc5858dfd19e21070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3987f5833df5612fb03d44174a049bfa

SHA1
dea55b7588b80b3833dc329436d3a0a82e699fc6

SHA256
05d12921e9a03f7834bf65dd8f46bb281cf23d90a99fc121fa845d67d743372c

SHA512
33d37dd1794ba71334d16af03cf86d12cdb1b4465d07050125dffabbf3148acb17da530c5619e0215745ccba1cf95773d2a818847aeb705a1f3e8a46ed911b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0edff64-059b-4a4a-a07a-cdd41587fc7c.tmp

Filesize
9KB

MD5
74c5b96b979c1a9530bebbe3ada79316

SHA1
d8e19e7fa1379531bdef980e3da10a293744aaab

SHA256
2b4c80fc208cf2fe9c1f1170f6d8a374db3d5d8031c9504de64b1bf457441245

SHA512
30a0965e6c28c3a022fd7aaa52550cc5b58738a69e236baa6df4a48c1372abae4c0c1c6d7b28c14d0f2daa256ee6d807cd98ecedd6e10a0c2ce396b7d26dccc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0e1d7dc3c62b5e62c569588a96b3f155

SHA1
581c9d7c6a716e3d1c291fe82d46b63dff054180

SHA256
f2c19a2b68563c3d405e84ed83592411c65cc55f250d4027ec26b566684831da

SHA512
7d6abddad9a687b610b6d7b36ac6263094307e238b350976887cd7bf4f06b26aeca13d160cab3c6f654d70d1e8d2bdf94b7fbb45cc752e6bca50a9e2b1b4b1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
878b249919e806b6f51a9cfb253cb298

SHA1
0fdb7a2c9978b36baa69840296b056581c10a3f8

SHA256
0b7fe2e60e1c223165f87346ddf8b930c1cf85bfd3a6f0abb367b18dff203bc5

SHA512
c363b2c044fc4bd503255650dde4ca77c3ccf3d720f083bf079dde856c8d94de289f1800ea0fa65d6d505c8e6aa3ff63921d941e49e4c9d4cf80cef1485e70f3

Download Submit