hxxp://141[.]136[.]60[.]14[:]80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin[.]php

Analysis

max time kernel
299s
max time network
303s
platform
windows10-1703_x64
resource
win10-20231220-es
resource tags

arch:x64arch:x86image:win10-20231220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
01/02/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://141.136.60.14:80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512865003064531"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 5092	4668	chrome.exe	74
PID 4668 wrote to memory of 5092	4668	chrome.exe	74
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 2180	4668	chrome.exe	77
PID 4668 wrote to memory of 3148	4668	chrome.exe	76
PID 4668 wrote to memory of 3148	4668	chrome.exe	76
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78
PID 4668 wrote to memory of 1104	4668	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://141.136.60.14:80/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbeb369758,0x7ffbeb369768,0x7ffbeb369778
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2636 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2612 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4724 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4768 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2256 --field-trial-handle=1796,i,13028299510777322666,1612009454517859753,131072 /prefetch:1
  2⤵
  PID:5112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
648B

MD5
d7f8ff9c952eed935d5416f6bbebef6e

SHA1
67b44622474874956b877f858d034daf716aa611

SHA256
f5fc02334d9a2c80ede15f76bf276ca8e822c784c8536b90710960364c6d2c58

SHA512
4d81546a878cc48e0c504cdc0b662ab0467cc1708e1c3a873766ca8119b93c22dbc46a7067c9abf0ce6f9ba1d621d426a9cd18aaed9d87655965738ca0cb7d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0d819d82ae0fdfc7b2f96914f5bc350c

SHA1
1bf358cd15d4ae5024838f9ddb331ec391ebece7

SHA256
805de10eafb5d6bef88a7c7d396814148b4893325ba44547c08fddcf4bf52be4

SHA512
e483a1b71cb3346f240dd8c2e9c3dbd28cf4334dc52d9dc94006c1f669f13b4485aa285a6ab269252cefad362575639a8ffc1dc35b53636f72787d6bf3a0accb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7be5dc8950e0c808368ccfb0047180d7

SHA1
6501fef93dc3bad54c9495fb03272669c9f22198

SHA256
01e8d87f69410a51e8c5b41ba7b4232056251f255121825b699d8579ee859c78

SHA512
8b8e9520204efac448148a989cc24a428382bb8fa4b1eff3ad2589fb2f4f324397aa7b83b22e8eb2a3219e067f9e82e0fb22c117dc274391a5b5d69bfc9950fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a317f56ad8799a768d4167569cd891b5

SHA1
5bab30a331c5c28eac5b3e46862626ed8d3feff3

SHA256
f5bce396006cf01c80dee920a45fdc408fb532e72b731a75d4f107c55590ff47

SHA512
76ff66c4edc2ecdbf43a8ea76113cfbb430001277aa18173173a8f75f433673a51c47bfee5d87fc9126b59ac1320df879fe4e7ea7b70d3aaab0379c0f9e89c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b23717ce4f686032c4bbd2a6ec8e2da5

SHA1
9028f1476de7735d50d7604704b40aa59d44c9ef

SHA256
caa60031539cb447f00d9ec0468df8e8424a74f03aad48e55982ba0743ea6d8b

SHA512
bded4fdf8b6917afef3897a3e57847ef0222f766d468a2313586d1a253d76aa19f22173dabde11033987c80eaf408a71fb6b2d9da003afc01fb4b27aec5f0d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
42dffa47ed4b7f7d16d856ea3f28f8ea

SHA1
fbc1783227acb50e3ba3b330ae39735dc641e1e8

SHA256
e65d3a20d3f38f627b73d3fcfc54678bf08ec988484d3c6a4ab2d353fc173613

SHA512
b9b26d2af82f5169011ed1f7f0c09c6c680fc411b25ca0499ec97d4bb53f5d00c3f010014a74900a8ba4171ae779eb06bf97ea52a0c6af3ef3109e4ba706c99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
28433370f78685a031ff3349d3ad6de9

SHA1
907c4fa70cf64fe354adbb5b9b083e5d768368a5

SHA256
566bf56f992c9c272ddd1a35a52b1fad2566fa1f6a65b5ec40aa44b6121159ae

SHA512
b27d8add036367cfb1b1e36f956bcbe49de981ded620753cd217dcfd80929edbf13ddcbe67348237ee49405d31de01200f46b0e8a49cc674b41f8443431bb9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90e13f2697d6cb522de44cb7ddd26634

SHA1
70f87de0ddb770d87e817871fa62e59c9adfafc5

SHA256
32ce084f5fd840ceec5bb3a80d9198980ee0018f85f24bf6aa611da104f54938

SHA512
babeafd90fd0ffc20282a24a86cc9d25a5a958c92f58159de116aff87e23e214a8db8013c4f0359bbe32a07a0b57e14b63ccfc4ba16b9c30bc44129d73d4a272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89e6314e24bf3a13041ce3743a50621c

SHA1
c4d83b7b5f6c1fc6f5c7f6b5d692bf08643de2ca

SHA256
348835c53ade0178253a7621e6ea783b4eaabc9fec407665cade2fee97f6c2b5

SHA512
6dbe547df15dfed8fc093e551c5460b71cc472e19fc75c2a749e858cae834c1c105b26048b2f791bd77aa7b1b99093ca3117b992eea184d5caed54ede1ecf584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c9a7ab50-903a-4956-a58a-e1aa21ff7704.tmp

Filesize
6KB

MD5
2a72509b3d9380044ad3157b6fb55749

SHA1
6515e7ae4b37cb1f7388935b4646b3587bd3bbca

SHA256
b76f12caeb236a86e5dead96be6d8c115a8a1c8e417500fe9fa44bda47b32c33

SHA512
06d742f68d8d006750f7bef08f4318f56af528d2bd05b83fc331eb2dc2c0aabf2236a74cb02dd68d205f9044e0caa77d8757d66c0907cef4c6ac9090e76d1a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a4b95b6870c415f8cf26bd4e77ea3128

SHA1
6f774461ddde4c32aabef7a2512c76451b3f40c6

SHA256
f4349d672445ec537ea5cb0267bf2efc832fc6f35f10534f8c606f9f5a8a9558

SHA512
89b314eec704221c1567ee396641adcf901118bb7405bc5e97e5f23f2878204a0f47353e07316543bf6a02dd0a4c1f4dc2c13dc859c209efcf2a81c1e077b085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e2c049f4-be22-4859-bf6c-57654b22c34d.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit