hxxps://www[.]ups[.]com/uel/llp/1ZAF86298796713554/link/labelAll/XEML/rkA6izv96r7g1aZ10Gzgh9hrLsw5K1udu29JgWjxPOYe/en_US?loc=en_US&pdr=false&country=US&WT[.]z_eCTAid=ct1_eml_GetShipLabel__ct1_eml_uis_electroniclabel&WT[.]z_edatesent=08072023

Analysis

max time kernel
300s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2023, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ups.com/uel/llp/1ZAF86298796713554/link/labelAll/XEML/rkA6izv96r7g1aZ10Gzgh9hrLsw5K1udu29JgWjxPOYe/en_US?loc=en_US&pdr=false&country=US&WT.z_eCTAid=ct1_eml_GetShipLabel__ct1_eml_uis_electroniclabel&WT.z_edatesent=08072023

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359704928365757"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 1848	484	chrome.exe	81
PID 484 wrote to memory of 1848	484	chrome.exe	81
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 3816	484	chrome.exe	84
PID 484 wrote to memory of 2152	484	chrome.exe	83
PID 484 wrote to memory of 2152	484	chrome.exe	83
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85
PID 484 wrote to memory of 4432	484	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.ups.com/uel/llp/1ZAF86298796713554/link/labelAll/XEML/rkA6izv96r7g1aZ10Gzgh9hrLsw5K1udu29JgWjxPOYe/en_US?loc=en_US&pdr=false&country=US&WT.z_eCTAid=ct1_eml_GetShipLabel__ct1_eml_uis_electroniclabel&WT.z_edatesent=08072023
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a99758,0x7ffd67a99768,0x7ffd67a99778
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5020 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5324 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5304 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5712 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=6036 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6280 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6640 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 --field-trial-handle=1880,i,8084174726822207297,7644926566100355916,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9380b9d69a39193d7492dedffe7e1e20

SHA1
7b3ac1606c506f7e020e54f7dd1a60882d941384

SHA256
11c1bbd5f85f6b8bbb722d488d2ca0871ed1d2160355bb68d8583cb9d870ac8e

SHA512
e11e2d809380ee1a570db7a79e57300aee0700d9ef83e8c3ca5d5e2a6ebd0dc18e799daa9c2b08f84f9d467d7e02cdce2a53cbe9ddf0ae606afaaee27432bb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.ups.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9568e3892f270edc70196f93fd479d6b

SHA1
46e5b04576d3960df7639636ae0f6b842defda71

SHA256
bdbef00bd50e45f6377e76cd15cd08677ce0057f69e365062c8f33f6e0810d3e

SHA512
935dc77d9186e7fb0cb79e3e73389105d666e7450c3e5a0b18637af781fdf5a69f3cecc3a9836dacd7c9cd7aeb0a81efc4e6535acae795403173bb8c94d897ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2253ef794237a8ef81005af8b2ce98e7

SHA1
8d19a4eba99ba6f6b8ee256fa53c3d011e1000b8

SHA256
c29902effdc34e669a7e10ff30c7c22e86fd6af690bd4cf336cf91888f05118e

SHA512
abd997d17845b59db9707e863a59533193401ecfb6abcc6f36864f006090996fe727dfec4df20759172535d44a666acac956537012139dab4cdf684dd388c038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9c337a3a022e00fd0a08d2c2512ae2ce

SHA1
22cd2e1e9f1b943fb46bf9907c29ad0535f3c0a2

SHA256
8c0b00764f9c5729f323a0c5951d56b87377c90f08390379f860a23a44897ccb

SHA512
21b83cce9d061cd3d77c4f720559d6a19f343ec56cc8a14b671709f059f9843d9072eea77606dbdbda1fea87d183e9bad90f5c617ec46b23b5f2fb1f4f2391b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2feabc2668e96518886ae88f77facb52

SHA1
f87ddfa527843e68812b889306e39c915efdde36

SHA256
3c23aba852275f119f5085f6e6ad723c50290ba4301d81266b5663e1c6e603da

SHA512
7fb7a0bfb82f1e3ba99cb539591c1c2336a864405d2ae06e7372db0caf5a1934ca88e87c3295ab146129475f9364448721f99cc2f279b28d9011beec8fe32e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a3eed5cc-c5fd-42cc-9163-180d3c3f9659.tmp

Filesize
2KB

MD5
0c8054a88f6997161a191a56dd68a442

SHA1
50254d3691d1c46f34ffb0d8df1f5e8d02840470

SHA256
b4bf128641a36d30992dcb49e04d1e5c4b2d987a947d541b551e261168925f41

SHA512
1982085d855acf621b1d24dc01f5b0df185bc7878242b73118092b42aaf64348810586c45f0d32bf308e13e40bd7cb6de1d6eab82741e2c25f0393d9f763cbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a22678eb3c1665b08f772736cfa3020c

SHA1
aa57b34de41373751fbca555eac179be871084fe

SHA256
a9ce14bc4a3a665c21291dcc9bd49ea6201b937638a3ca9b22198c2c903cc515

SHA512
a9e059b14e9c9d966e576e8d83416662328d204b03596a036ed46df1e9b9a62d4f505a87127fa9f44102498df347ef232fc097cd00f2fcebcb35f3d0125b12be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7efe1155fd82f19a1ab387516c81dd2f

SHA1
79d19bf59b20b468c1583f6a4fd8af1707ab90f3

SHA256
c9ee1c469f8b6bb35e1bebbd27406000d458c5cc756284d9e51d6f71ef0721cf

SHA512
b789738c204793ab634bcf36a01c9eb9381c449013f705d98485de786f27512f862b39b8d8bf133c9ec56550c96b1ffd1a1d46d5c8bd943c2e0fa2ae07a788d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac0ef707c90460eee7b7d3ffe09c40a3

SHA1
5ccea70ed69f41e2efff675751364ea950d9803b

SHA256
c73aa7a14701e580c9e5ae04f299627e1644efc9817dd8a5cd83c0339b59d6a0

SHA512
294162e6fdae4c5fffcb1d28c3c2ac2ab916f3785dd828196c35c74a22da730478921784c37589897bfbb50665979897dcbe7c2fca862efa993d0135b95b8c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4634f95dfdc2f5a85d536dd3ba191384

SHA1
d2068328b0ecebb6845f0d6dd1eb23dfeaa9530c

SHA256
80b99cc2a7706d4e3c2f3188ed2f953c59040aa74ac6c00a9f06093febd3a457

SHA512
8a1f53251ddb3b21a3f877225eb7e5581f1136e1059a44b9b2dafdc20a05e6a79e6a8ceddc3dd55ebc17b165bb62351375ff26bf5bc50abaff54f42c68a5fe01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c6da.TMP

Filesize
48B

MD5
9134b46be89bc397b981e655ac70ff6a

SHA1
4540f43f415792bd72fa1b448ad4e35d9075d9fb

SHA256
876da8becb55f8b325bf9e8c9719046c089060cdb91779b7c7d3afdb6fc8586b

SHA512
5cb604cbd9c07832f97aba2e77c43ac4b6f6bdf46fbca4692c3a32dcf80332d2b73e78e9bf61602d18689f5a251447c4cf369e5c16ec95e0a1644994ac38874c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
76fc487a585e95c08b666b233051f40e

SHA1
33b806b8580c7e4c62c3abe679ccd4576eba3634

SHA256
b32bfb8c8f56cc4abffde98a49176a91114d8a609eee15e58073d80529289728

SHA512
d5c91b99e6578a5e0406f0ab9b28e8b85c31cd0678edc37314e31230c72083a905d8fd169e8ec21b899419cc1d2b682e32975514505e0317c311b8eb17f07a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
04ac772cb998462bebb71b29d0cd5a7b

SHA1
5bcc824768e96fdf8e040949b87c7ef74dee51a3

SHA256
6fefd07b5f25f5fec55f5814088946fb6240e73ec1429b088a0a193e5bf7e800

SHA512
1154f01fe7ee86cb3827cc4905ccb8981dbc3698b186b81fe0c5a23797c8486f5bbbfe4e51d320382cb22f2938fca3d647f6cad9c22b3d648df1b33c5ba62558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
6334e1a0f0c13fea5f69d80829e50462

SHA1
61af13f0e13e0cd1f23cf4195668a7bc1661cad6

SHA256
7515af7a344d00564ad92ab2bda181ce72fd37d9ad125a5e365f2fa03a8bffa8

SHA512
394f9aeb4cfb644f1d89d0d84de1cc8ae9478ae8f14d07f049c662dc72b671b3f43bd642d49e1dcd0c94c07fcb67d0a5f4a4c23983ee684e1a4e45f0eb108474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c09c.TMP

Filesize
113KB

MD5
b9408c6899b081716d1cc2129e5acb68

SHA1
df8b465fb5add0e5c6486676de94fbc6b773fcf3

SHA256
72a7674c7332b5cabc73a1330fb9aa00e006b23f65baca1f6eee0bdc6d22e0bc

SHA512
ab9f3e48b484d57edd3110944137b744cb8adecaa0e777ce427bfedab67780cee10a9c2db3b1ce8dc3c1339f4e8220082692d5ee960f71c0ad5d4ee232e2ec6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit