hxxps://newsletter[.]api[.]simpplr[.]com/r?et=newsletter[.]link[.]clicked&u=hxxps://main[.]d20r0ia4y55vxn[.]amplifyapp[.]com/Khpxa&tenantId=00D8b0000028KoiEAE&newsletterId=e166297b-aa62-433f-8b90-5b2fb323bb62&userId=a0w8b00000JnH2lAAF&blockId=block-6dMGzSLLTa42b8nar5Xdx7&blockType=RichText&index=1&clickType=link

Analysis

max time kernel
39s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2024, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://newsletter.api.simpplr.com/r?et=newsletter.link.clicked&u=https://main.d20r0ia4y55vxn.amplifyapp.com/Khpxa&tenantId=00D8b0000028KoiEAE&newsletterId=e166297b-aa62-433f-8b90-5b2fb323bb62&userId=a0w8b00000JnH2lAAF&blockId=block-6dMGzSLLTa42b8nar5Xdx7&blockType=RichText&index=1&clickType=link

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778520037168194"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 5032	4496	chrome.exe	83
PID 4496 wrote to memory of 5032	4496	chrome.exe	83
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1192	4496	chrome.exe	84
PID 4496 wrote to memory of 1620	4496	chrome.exe	85
PID 4496 wrote to memory of 1620	4496	chrome.exe	85
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86
PID 4496 wrote to memory of 5040	4496	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://newsletter.api.simpplr.com/r?et=newsletter.link.clicked&u=https://main.d20r0ia4y55vxn.amplifyapp.com/Khpxa&tenantId=00D8b0000028KoiEAE&newsletterId=e166297b-aa62-433f-8b90-5b2fb323bb62&userId=a0w8b00000JnH2lAAF&blockId=block-6dMGzSLLTa42b8nar5Xdx7&blockType=RichText&index=1&clickType=link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0xd4,0x100,0xf8,0x104,0x7ffd8dfdcc40,0x7ffd8dfdcc4c,0x7ffd8dfdcc58
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3120,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3168,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4388,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4544,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3204,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3376,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3128,i,8670506057245388937,5368758051558042445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
86dc5b7bb42f2caa9f93f24a3de394c8

SHA1
29205ad8b6696c53336d188cc7f590b7a04b259a

SHA256
51dcae8d1dc33e72a76c2851568531cf9ac8bd0826f2fb0f566cb8de2db05fa4

SHA512
63ec1fb313c70f9bc0807fec72976b391bdf5159f5bf3cbddd521ecf7997dd53ec00d44450b7a48cf9b0d18f53c5b62a4880e77c9c1f6aaa7082a4a4d4a55233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
f7746b3169ec3402692549bd67da3e2f

SHA1
7d8b8700fd2461b4f6a3e4b024dc0acca2505458

SHA256
52c275090b9408ce714681b7b96e6366c8d89941bb85353efa187d2ddb7747a5

SHA512
11215ee83482c573cd65d093ea735dd95358406cf6e82ba357f1d40755cc3ffc0f22d9cebfb739634bb236d69f022a4632c6c776bad0defb8f2dd9e5bdee8bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
879d4674b84d52bf46d450f5035d7128

SHA1
f46eeac91fe752159eee17d3f7fa4b31f3f9c26d

SHA256
ea9458b8db4785d9549ca440b3909e5662a27bdc5c8cec78a94981efb61581d0

SHA512
37882a10fd8275f91898a953b6e4406fdfd2c91d22a579a7795f6791f199792ac921c6e0212d43e80aac9a309e64f8f5990441b0f91bfd0f5abfd2e5d6af964c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
efb00b6f348b9c0b2623371473bbd2ca

SHA1
f24e666ad79f6266550b533e8c13daf2acaecee6

SHA256
8bc518acea6c2e6ab0de0548c048d1720dc54cf588160386e1d2e55dd4da5843

SHA512
ef139a51e871cadf0510c5515b53ec7bb793d6b2c2c2df5f27612e8d3737de4e3b022da6eacb0fb73cf6c189871f9f5245dfa3b5aa6247240fabdef93bdbfeb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30410c5b59654666602e7fdafd2a1037

SHA1
9d51622267264fde267679d7bb2cb2e4ba9e705b

SHA256
bf1c60f58863641f6f26367d1c5938fa25ffc5b6bd5f8c4d0ff93abce0a380c8

SHA512
8499ccecc751efb7336a5c87a5ebc5748d16bc7ecc41302ceb321581ce03a16f40cdaa0c6ac5175da9bc7b03360eeccc65769d3a4af6d64f9e1e677623fc26eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1c1ab95b121dc2bdf32148554de09284

SHA1
d5d60cb66001eeabbbc088ebff5233ee81fd46ed

SHA256
8cbefb95f1f270768ad6459c89ba030e859b3f56bab9ca42e659b8b24c2d1c94

SHA512
717bfeb55d882234c41d38e15768d947bba118da51123cf5c59f2f7b6a0497a565a3d7813431ecd610fe3c3e5fbe53f96f527b9754bb93fdf53d1e7f7a4d7002

Download Submit