hxxp://www[.]cruisetronvivapath[.]com/

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-es
resource tags

arch:x64arch:x86image:win10v2004-20240709-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
09/07/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.cruisetronvivapath.com/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 1472	3868	chrome.exe	80
PID 3868 wrote to memory of 1472	3868	chrome.exe	80
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 4116	3868	chrome.exe	81
PID 3868 wrote to memory of 3920	3868	chrome.exe	82
PID 3868 wrote to memory of 3920	3868	chrome.exe	82
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83
PID 3868 wrote to memory of 1952	3868	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.cruisetronvivapath.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ecdbcc40,0x7ff9ecdbcc4c,0x7ff9ecdbcc58
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3324,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3436,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4644,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4712,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4772,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4484,i,5331411175317312373,9792488709109508543,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4788

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1d4ab6a19b03fc17277ad6a42609564d

SHA1
f0c919184467773a54072f4d836f84c952120e90

SHA256
27c06f9e2aa1b3c76c41990c765918bfc7b13285f5062fa4acb3dfde98fd5924

SHA512
de3ccdc02edbdbb1849635fb5625333e6d08c30091cbc2b239492b604c348c10a7a100a19cf894644b0148c7cc7927ec525f96d783278d0f3efec4614df58b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
68c67f1bded5ab986de3344ed206e3d4

SHA1
5f1874b62dbfa89b5c3df9d5c25072362715d5aa

SHA256
bbaa7dabb4a2473be74cafe1b8a8498b307d8290745c78a8c40eff9f227ea4f7

SHA512
15093c6984952c6d5ff6a66e153aadc2f3e5d31f9b6546875a3231d3083f3d789f09d66bd8630a308e7f9e619655ba5fbc11d24df0eac04c33655f46820da5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
18cd957e0a2d5c7c1659bfd780abae31

SHA1
846874a8d00f00088b18c6f4cb586823643ea9e4

SHA256
b3d370ca5120d01b0033b5bad52a1c01675c79b6b68a45310e89b655cdd15fa1

SHA512
01378baf03ec69dec05298d4826dd4acb76818105fee375dda9707c6e5cb01546bb19794b0ef01da898ce97640953e7bbce07fd4fee3bacf6766a7f1973e8425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9219485980ef76286490539ddb9dbac7

SHA1
235d049ad88d57c6ced8fde6a5551f8bbb419e4f

SHA256
775a988b35ab9237e68871d3084ec07c6d54c575af058fc52ec95fdfd09e0f79

SHA512
5b9cc5accf1b361192a2a1546e46e4015dcc4b2bd98e9fc823db9b95060fd47d586fba0af06ecded49b422909d4c87780197137d96a8f7786e51effe935ffaa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7b961b70b2fedf0bd1ed089139f19655

SHA1
926de9697dca267730995b2a500f2423c02b2f1e

SHA256
1e8239203ec85148b179b4b845ad61f90001a22855df1a12f2bcbfc8237849f5

SHA512
bebc567b72056141f3e8c018368b7f6983490668317c9fd25039bf0a6070a2f792c161701021849d2dc94db169338d4f23897e25f166d9e994e6dbc24e09f1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
06bf8ecc14c708e086cf9886184e2849

SHA1
590fac7cb515c679f925fe95efc39feb8ef50793

SHA256
d8b5e4a5f972399605765d883f3feaead046b06ddcb0c4e63a691d32efbd9f44

SHA512
66b23be014ec5c5128882291b27a7bbe0fb6500a591f8893fe1e1606a0c9e932de7ca3d5103d249a9654773a171d0157ca8e1e244f83b5ec01a0a80b273b7ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ddb7308004e24858497714c567aaf5e

SHA1
565b5a0fd57cd4d5fb04f32959fe72d119411bac

SHA256
ed42a09cb05ac81642864c50c88761a0f0d4d1b61be3933976dcbd2c8bd87483

SHA512
ebb44892a8195cdde8316f6189012d13228197d87928c535a70bf4c8ef438de00c2f119313dc9c732f5cfca80d1c815088364f3140c7fa2ab950674238184088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c47ba43f-f951-42d5-b8df-f5e6bf8d62da.tmp

Filesize
8KB

MD5
09b1382b1c0221d81a54df7161d59c08

SHA1
65c0e7417a2c177106e04081b6d9a5b9cf56539c

SHA256
b7f0ab026f89fe6b016f0081e28a7d1cbc1d3563b48b091201f9dacfa5e7909b

SHA512
756943d15f45ad960ca3859ecd770d30a798fbe103d0785402a08047fe86fcc019a3ecb354d0a99f57e2812a84c0190f072cdbdc215222affa284f89e8253f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
cb2fbb4c5211d5474b0cdc3dee3b59be

SHA1
5a378e7e6bad2b0e6598c05a5ca23f1fd4966992

SHA256
8f3c2a660dab0a82f274aa0738b33562244a1158d5322022bda5a5b3ae5286c2

SHA512
b6f463b44ea8c25f6ac84a541dc1763d3ee8ea9f28e52fd36efd1efa4beef633adcb74f009168ee04da124659e0d15b75bbb149cef320113fc4d13b2c5b0a148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
5f87264321c97f3fb484762a1ca549c4

SHA1
df9e4fefd08ef3e51b169e482ef0b0922b5c65ce

SHA256
df079f3b484476fe36fc022f6e5a4b7ecd092f1e0b40a05d5f66ea64c87e9123

SHA512
aff10f082fc7f55611fd2520855ed9984693110c3413e837ffd4db416d704a69d176544800334e10b225aab90795ba36da1b0d05b7d656cb760d28ee893962a2

Download Submit