hxxps://www[.]campus-teranga[.]com/public/redirect?url=hxxps://lhbroker[.]com/bm/#XbWF0Lm1hbGxhZGlAcmlsLmNvbQ==

Analysis

max time kernel
75s
max time network
73s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-11-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.campus-teranga.com/public/redirect?url=https://lhbroker.com/bm/#XbWF0Lm1hbGxhZGlAcmlsLmNvbQ==

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770959509685859"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 2252	4324	chrome.exe	80
PID 4324 wrote to memory of 2252	4324	chrome.exe	80
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 3884	4324	chrome.exe	81
PID 4324 wrote to memory of 1924	4324	chrome.exe	82
PID 4324 wrote to memory of 1924	4324	chrome.exe	82
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83
PID 4324 wrote to memory of 652	4324	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.campus-teranga.com/public/redirect?url=https://lhbroker.com/bm/#XbWF0Lm1hbGxhZGlAcmlsLmNvbQ==
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffa28a4cc40,0x7ffa28a4cc4c,0x7ffa28a4cc58
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4336,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5088,i,8023117991364757133,16254625997275111387,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\22f458f5-21f0-4ab7-a651-b31a2af3d882.tmp

Filesize
9KB

MD5
a16a740320b0fc90b111d65bfc0f74b2

SHA1
78059383c4aa320c9058fb7637ee2695761ead0a

SHA256
fc8d19e2f9e3ade516f6ede974f8912723a2de7cdabd64de3b65b442f2653eb6

SHA512
ec5ea1716aed32faec31e6ce4a83a7b21a42d4cdbe93aa51c9d2e47de8a5f5fe35af1994058b6d5b8f7239b55102e4b3773056f72800f4f5307a37ec57c20946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
22483c21a58a18206484d47d05e99671

SHA1
02df6e1aed9691b4fa0c1cb0642d6d5bf68f17d7

SHA256
d30dbd01ac2d958384ad7397f6e498e1625ae4fbe0233b81497cd68c33015171

SHA512
297118f3e7790bdafdf18e3ea6cef31072f0398db1511b700dc9bd6609410f15a82cea9e9713dec2d8a53e1b0b33513685ff177b0fd3d1f5fecd58cc2fc2f534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
57f7d71431b52fa5f053cc6defc246cb

SHA1
8d56ff26667d6eb82de200658d5f5b6fd3b27d4a

SHA256
dd3296fdc664ab33672702ea48135b1d4e649a6194480f0a46e46b63d5dafe97

SHA512
3f5388cd70666a1e5745ee4d55f1a46226e8a636ff167e343e0a69721886e3675d8ff4cf90814ca700836ed0f007adf0e7798bd4be9be03ac026a3a14e60587a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a040bcfb5be68c2174aef8f279f5cbe9

SHA1
f7c0a4b75782ca972fe21464f1433aae605e8e29

SHA256
6056b95c850c0cdf038a9f87a575cb0a6dd9ee0f8237b14448175cfdc15057d3

SHA512
ae536609a2917dc7923d65503353a5fa833fdeaf1b704777eecbe554f8c80b4cf4170088ee2a5437bb0239879bebab83a1b0138cd109eb8dfc2e488e910c619e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
40ea8dedb009d47c8f74a4e537c6e461

SHA1
fb8e6d51eeac5f13b6b630e74e086bf2645c5fa6

SHA256
516c2a272478049ad804a7106a82b4e76fa33df4701edfc9b449ec393bf9cc36

SHA512
fd8d5a712c54b56f05b8251f41a5cea11e5c8c6bca5ca471faa64df17c052dfebd517b5bfb79605f33561954315aef5190a8f7813a75960ca24e7168c555fac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a8713f15e046730d79ca720c307cdbf4

SHA1
61eab8331fe5fab0d262a3b1ab831972c2844766

SHA256
c2239b545d96c738b9ab6bb479f55b6b78caf0ae0ff9523cdf7a952a01dd5bcd

SHA512
edbb957996c698e121824c3c9a5ae3b5f278cb35a512171f5c7b54467c7e16d87f3f544b8d537cde401724f4aebd6ba32e24cc5f75b25a81528cb8a166bef0b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ea94a136eed71e3f809e7dfecb257fe0

SHA1
2b01ef7bda64a09b2395f741bada7d22f0a92eae

SHA256
a95c87f102c570cb49aa60e4e8d557fec36a9215667bfa93572396e0eeb4fec6

SHA512
e0154e21beb52a52a16791789c1eeb63626a7eeb53103a928dae165d7efb2cff36969c36ea813723cb748b4d768b13c2452e8113f87df85efeb25c4aa13bb96e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52c0e864f1626928e7c32292e2c2271f

SHA1
700c6a6069a4322ceb196ae61b5a2c52021b9003

SHA256
06c4b8d08bf345dc82df15ab5dfdf60496fd3f2868f964ddb0165473e1e29680

SHA512
bf9a566e5885a65d3d73b86e817c864964f7c3c5c750ea5cfb6436d989d5909e81c1b745f4bc088c9d576610a6f7fd7e5fe87d5a51937114f1b6b3f363d02407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
a0c43e77ee1ad8590554b32322e26344

SHA1
178f02943ba290e5540d924640013f8d7b818426

SHA256
07d6a745ac1866ad4635624e5db55fe1e22dfa7a62ea74f0698e5ffb8bafcce5

SHA512
f37a7e262a471bc2c076f4dce8a1e8d5e8db67a370b65219c194369e6ef6cc8a4de0d873f37e8a7e8fd9a9832bd523811ffa10b55fe7549c1f097717a9cbd570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
839b87b54b4c5f1b9fd1be604923b7fa

SHA1
9b0247a6b6724b642ad11ce49f4ebe6fef93e518

SHA256
59b8286bca386df468c033f6681b7ab139bdbda767f60c689f4b8456d64ebd48

SHA512
f4134759a16e074c95b3731771fa758045bd060b916ccdfe9a8866570362eb521600385d26caf76d327610a4adeea9a2690f19b2c3ceb48126be1da0ee5090ea

Download Submit