hxxps://2n8w[.]app[.]link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay[.]google[.]com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom[.]thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes[.]apple[.]com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=hxxps://LGrBB[.]msmcabogados[.]com/c2hhbmUuY2Fyb2xhbkBpb25ncm91cC5jb20=

Analysis

max time kernel
57s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2023 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://LGrBB.msmcabogados.com/c2hhbmUuY2Fyb2xhbkBpb25ncm91cC5jb20=

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444995252373403"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 720	1300	chrome.exe	88
PID 1300 wrote to memory of 720	1300	chrome.exe	88
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 3344	1300	chrome.exe	90
PID 1300 wrote to memory of 1148	1300	chrome.exe	91
PID 1300 wrote to memory of 1148	1300	chrome.exe	91
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92
PID 1300 wrote to memory of 4592	1300	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://LGrBB.msmcabogados.com/c2hhbmUuY2Fyb2xhbkBpb25ncm91cC5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecb0a9758,0x7ffecb0a9768,0x7ffecb0a9778
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4752 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3820 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5096 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4668 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5444 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5080 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5772 --field-trial-handle=1880,i,3818700933155505512,10952801224585334597,131072 /prefetch:1
  2⤵
  PID:3600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d740707fe6087c3960b69d33f51e5808

SHA1
d374d657430457574dac5e98107e0f1d0f333e07

SHA256
6a399113949b77a3bd99280d70d9f1add6917bf037eb958bdadba9d625adb955

SHA512
ab844fa4c6d7e83a1b41859a4831f4dd0a6546bb7265c6313904a5ab7fcbcee27ab9f6fb787e08c44160f9079f790b7b57e97ddc622bd4dd777f777654820a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
368c1b0929c500e805e5e6b3d725dcbe

SHA1
323cfa8d98694504eade5fffc855dfab1c686ca9

SHA256
2062d63d7d2f23fe8df5478b63fbee92f441c7d25dc9b67d294454dc9ee9f466

SHA512
75f605e4cba682dcbd8632cf25338cfa8f5c32a79775c71c26beb1009fb88b37b0b5ebb8ab686a66b396103bd3a0f6766dc5c35baa76d0ec5a063adc3265b741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9aebeb55da686ad5c708016c46c93c53

SHA1
d5903c09ad1da86324631c6c85059dd3f34d146d

SHA256
5a6e0714940bb96fb538822451ded72340e2c2f1fdd9ec303a5728440442056e

SHA512
d4e1456c3138357603e88b0a896864c8016185f3c3798ce2b3b7e181880e73a85640407270b79f592b29ce49260fbbd8d52405be27d2da04669a843ae033af46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1930a6c0f51f3fa22c370e2ca46ce8ae

SHA1
486ab11c7ca9dc516f920a219559ccfe379a74c0

SHA256
1f675134099c40f3f1aabc211d06585f3a57878ce5e0e76798274630ff73f33e

SHA512
e7794d05a7a4b82afb1a88d8a55b7294610b368412f7054d581588d44533f02f4bf71bbf355982636ac9ba3e7c5156baf3a13e773daf25af0712adcd12827935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
180313b68592791c791b46e228be19ad

SHA1
2ccacfbeaee6f7c338b04cdaa76c1a6db86e3581

SHA256
532defc1b99243a2454f81dd577b462088c44fb5c59b1d06df7d9d1c8114976a

SHA512
62a86bfa4acf9b62a2b05377516c7bbf455d0cc5c60d845005176af0969c362e7a28d8bb7f56fd06005ca584c3214f15a924da12dcd51a707264866f88a9e351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a87a09265535d8801bb65fb67b71a85

SHA1
892d2197ec2e4b7e0df849fca3d7ec3b9e9acdad

SHA256
83f46d3793e709af8f3d8802f582e8565e131b42c64de0d98aaf9dc7180f194e

SHA512
251bfedf7fca2493ef883819f75fbe64c7ec1077c7f9351bd5a66977144d77af232a14f314cf7e6b44a3542d18582c304ddb38026387267150fa0a2c293f3cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b0ba9c122e0849b1a0b51157f0aee4a3

SHA1
ea306bce294114b97d4e70b26476a5433f4312a9

SHA256
a002ac01c0390a5e0d9c8691c9164f92d4cd3ad79f7967b7c6f493fc6f2d9274

SHA512
f2c45f87c0fa28bf3a422ce1a678144c0e3f6eda6c69e4c4bed89d4d2e4bb41991fde452ebe5fc5d205b6e2a7b5558e8864d8dc4f0ec24f77bcd4dc176421a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
e52828a34f8e21599050266774947da0

SHA1
8842f24a2c6cba4539b091542f8b4b754c56db1e

SHA256
79bb79c1acdcb101105031a48d97bb09b85635e39dd072d0569b2ed7b56be244

SHA512
b590dd2bdb96f27b5c57fbf2596c52dcb58ba096e99bb6dd95b544659caef2fe4fb92ea97a1a725b30dd3e1a1679b24cb3a5a61bdfca0d1fb26ec224eda6a513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit