hxxps://weda[.]member365[.]com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fmannatgoc[.]com/[.]bin/___8QSW___bmlhbGwubXVycGh5QGluc2lnaHQuY29t

Analysis

max time kernel
209s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fmannatgoc.com/.bin/___8QSW___bmlhbGwubXVycGh5QGluc2lnaHQuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602602824330600"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 3716	1924	chrome.exe	91
PID 1924 wrote to memory of 3716	1924	chrome.exe	91
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 828	1924	chrome.exe	93
PID 1924 wrote to memory of 2212	1924	chrome.exe	94
PID 1924 wrote to memory of 2212	1924	chrome.exe	94
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95
PID 1924 wrote to memory of 4468	1924	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fmannatgoc.com/.bin/___8QSW___bmlhbGwubXVycGh5QGluc2lnaHQuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb063ab58,0x7ffeb063ab68,0x7ffeb063ab78
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:2
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4424 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5116 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4980 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3912 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2380 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5100 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4576 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 --field-trial-handle=1800,i,9131290221824106071,15148234401142750438,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4116,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:8
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39f7349f88a8308d90d354a3d4673966

SHA1
9ded89d7257c58025c9287c52ee2ee4ad03322e5

SHA256
65156e5520019618e1c7ac5e8ec0366fba7674cacd64ef2b830bdc24fe44789b

SHA512
896d72f097e5a826e7b9d9fe1da9cc89aea51c1cb01a18cace3d52f6198f4691dfb1346834b5368118f5b670e75aa572bae38f4f822a469877c6a1bc57dc4e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
958c99815f64884625b26bc88e04017d

SHA1
1e1ba47342ebbbb1817470ba34deac40c967a4b7

SHA256
bfc953b65efe9b1b4655c077a89145f0463c28508b8f2b4508c0620f95270b41

SHA512
2db6589787567ea7330ba8077538c432b0447a63950e31a66c2a3d33b869d05967d9cda58388647421225df526fb2cfb867239253a6f08a3ec11d80c66c77817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
99b1ce3ff79116e921cfdb32ff9deb8a

SHA1
b6260a72a05955aafea9068005a6a9f8d2187f96

SHA256
0ea1edda4343107c8db3a1e264e456394edb047be3020b9316c7f902123c0a20

SHA512
0b97281d6e9faabfcb216a556b4dbad571c63ab689a437ef48d0250dd6d906fd1e220150a6f1a06b8b7d1f3953c2295b0d3a6b3908a0133c01c5c1649fb8338c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
ddee6a5b2f13309f071ef8ba8192e492

SHA1
5da4acea601134af1b4e03f9fafe0e778fb23f73

SHA256
37c95726d686c4d42a676a21127f8b991834c8b2bf33ff828b51664c3a4b0733

SHA512
c089219bbdb22d11a2619280f28f5073fc930176de6e1f1188d33199e699f3a2ffff96d5038c54221d514bd02789ce0b9f47ffee304908089a56704e35bb8298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
752bd3d08f1c30df8710b46e9c762220

SHA1
933c211bf0f537c8d87500eabd904d870b0a4519

SHA256
6edc9fae228f35ef6ea0ac0c238678c838fd546f98e1a2fbbff5aa47ad053290

SHA512
ace0e8c74e9d0dd103491beb37bebd356c5c0c56014f3b7e693395b3b3bfcb462cfc854161daf75589037038d67f47361c3335953cadd361a38ac18d7d5f21e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5689b7f2025d6ca36ad61113ceaa6a16

SHA1
30f101b7177a57a904a4daabad23171c6f47853c

SHA256
5a7a42b7663de774d49389351cbd6c2a0f94ea6b55b63b9f0fdf9132a769177c

SHA512
f379277676a9fa71fb55509b92fc2abae9972e2ea3088552db955affbed3f3bac12806563292a6ebe478d1cc8c9ca963a9816433dd4243affc91603075f50c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d1abc3796256ddaf6b9916e12cba74ab

SHA1
2433696eedf63167e93b7c5db7e3bfd225c6dec8

SHA256
781e5495a4172be093ef45a314d3397be6b266870e9077ec0aff507c9fd9867e

SHA512
46a5bced4a2ce3e147966a46865eb404ae333b8460df2a33edaaebce06d0244d1eb46d59483650289e07c51393405aa65f57187b9912a157f04ce6bfa580b289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
e1f061cc9df77181949112a8566087b4

SHA1
1255af0db6b0700da247c956b94d3fef1ec14f8c

SHA256
9345ecbed7b8c04e16f5efc75fec000df8eec7a4fbde4c9f0657d9994dfd971d

SHA512
3f2bb571b15a9fbb59b3b36249cdd69323efdfcca3a0a79b839db697637c9b039f4953e405955f7d010b1768ab23e8b51ebf611ecdcde39a6e910ba4a2b49f0b

Download Submit