hxxps://app[.]lahar[.]com[.]br/email-marketing/redirect/Mjc1/ZWJkaV84MjUz/MQ==/NjU3MzE=/Y2Fyb2xpbmEubG9wZXNAc29kZXhvLmNvbQ==/Y2xpcXVlX25vX2xpbms=/aHR0cHM6Ly9zdW4uZWR1enouY29tLzIyNjYyNjNfX0xBSEFSX191dG1fc291cmNlPUxhaGFyJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPV8yMDI0MDMxOF8xMDA4NTBfZWJkaV9kYXlfX3ZlbmRhXzAxX19wdWJsaWNvXzAzX2ZvbGxvdw==/QVBQTEFIQVI=

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.lahar.com.br/email-marketing/redirect/Mjc1/ZWJkaV84MjUz/MQ==/NjU3MzE=/Y2Fyb2xpbmEubG9wZXNAc29kZXhvLmNvbQ==/Y2xpcXVlX25vX2xpbms=/aHR0cHM6Ly9zdW4uZWR1enouY29tLzIyNjYyNjNfX0xBSEFSX191dG1fc291cmNlPUxhaGFyJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPV8yMDI0MDMxOF8xMDA4NTBfZWJkaV9kYXlfX3ZlbmRhXzAxX19wdWJsaWNvXzAzX2ZvbGxvdw==/QVBQTEFIQVI=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559347907858886"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{0D071F95-D6C6-4241-A0B6-E3EE94D11E7A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4280	chrome.exe
4280	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 4760	4280	chrome.exe	78
PID 4280 wrote to memory of 4760	4280	chrome.exe	78
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 228	4280	chrome.exe	80
PID 4280 wrote to memory of 3296	4280	chrome.exe	81
PID 4280 wrote to memory of 3296	4280	chrome.exe	81
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82
PID 4280 wrote to memory of 2804	4280	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.lahar.com.br/email-marketing/redirect/Mjc1/ZWJkaV84MjUz/MQ==/NjU3MzE=/Y2Fyb2xpbmEubG9wZXNAc29kZXhvLmNvbQ==/Y2xpcXVlX25vX2xpbms=/aHR0cHM6Ly9zdW4uZWR1enouY29tLzIyNjYyNjNfX0xBSEFSX191dG1fc291cmNlPUxhaGFyJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPV8yMDI0MDMxOF8xMDA4NTBfZWJkaV9kYXlfX3ZlbmRhXzAxX19wdWJsaWNvXzAzX2ZvbGxvdw==/QVBQTEFIQVI=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd60d09758,0x7ffd60d09768,0x7ffd60d09778
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:2
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3944 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4544 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 --field-trial-handle=1812,i,10098431233134428173,2600299530551447848,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7f1bb3720864956ed05964e539ff95a0

SHA1
d4f578ca0b37b1ef60fc9e87302b754cc7ed34d8

SHA256
63acd980c838095848d3d5a8378e18e74c155458f0038651d38c5839717489d7

SHA512
460c2c618bd4312d14bc23cb773ebd2dbc3812d348e709b5b40b0e6b1c2e11577214099f4ab14a6dc069dec832f858b9917ae7b83effc8e203223ad4a69049e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
69c93acb664f343110608a32c21761ab

SHA1
10ac7bd38e6d3592ff0f2cf5928d382f6770c46d

SHA256
b4f7393c872021f0f8a98a789e11059ecf2bc3b23265229dbe31f771eae0e3ff

SHA512
328afe17d07eade7158c4a705a906ec15077e3b65131cbb684368744a731eec79cba259065b21f235d5be96072e9175c78445fa3c671d5db1b942e3ac1342d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
03567b33fbd30c638fd01ef6dc424e64

SHA1
c3926c9406cdcf04e7306f049887140ae46a04b3

SHA256
0067f2742a732ac729cedf290ece39d127524e4c9ee819a2e5ec6ca42ecdcc38

SHA512
8d4140f293a50cda06068ae40f1d1030de11bd4a3771f3ccf1ff9e64e90acfb0c387a67a5ee03c5fe9c41173ae56391c50c5b81a72c5c29f3c09094c5d327d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48eea3a6e9ea667c94bf2fa9550a8af5

SHA1
66cdb9f7dadf9100056ceba21199c163f32d2be3

SHA256
d83b440e1baec48a5c4cea9b2bd884c5434c2d53a18e5e016ec5b07466a3b1f3

SHA512
68078dab9057250373138f83cc7a579d2eb515e4b3e9cc5b0b973a8064761f5682279b60b07155879e3b1413e8535f07be17a35067b55b9ed98f1ee0d561c53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3ff651d5521a12b3aacb009f3cba74e3

SHA1
5ad0015ff876bec2ee587072756cc59c23da8306

SHA256
dd1ba84333cf90d7a936fd3a4e1d26bf1af8a983ea978d7bd07d96a1ad591d0b

SHA512
af5cda3934f0927a0b9faa40d634220cfbbc3aef999744735f90b0ba3898897d49cff18b67877773724dfcb03f1e13dfd31bbf7261fde63aa392602126aba3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit