hxxps://zelenka[.]guru/proxy[.]php?link=https%3A%2F%2Fdisk[.]yandex[.]ru%2Fi%2FvEx2tJIK5Un93Q&hash=df626dcf299568b7cac75001e7924454

Analysis

max time kernel
71s
max time network
80s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
29/10/2023, 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zelenka.guru/proxy.php?link=https%3A%2F%2Fdisk.yandex.ru%2Fi%2FvEx2tJIK5Un93Q&hash=df626dcf299568b7cac75001e7924454

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133430690588184358"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3192	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3512	2600	chrome.exe	71
PID 2600 wrote to memory of 3512	2600	chrome.exe	71
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 4196	2600	chrome.exe	74
PID 2600 wrote to memory of 588	2600	chrome.exe	73
PID 2600 wrote to memory of 588	2600	chrome.exe	73
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75
PID 2600 wrote to memory of 1100	2600	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zelenka.guru/proxy.php?link=https%3A%2F%2Fdisk.yandex.ru%2Fi%2FvEx2tJIK5Un93Q&hash=df626dcf299568b7cac75001e7924454
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa78879758,0x7ffa78879768,0x7ffa78879778
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:8
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4796 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5316 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5548 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 --field-trial-handle=1760,i,321416616854643233,15318250625119456090,131072 /prefetch:8
  2⤵
  PID:2820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\shably_ot_iwnttoshoot.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
466cd824fc9799a7ee39904543265997

SHA1
35a16b91dd9bdb853e963b35dee1e49c67527710

SHA256
e92b8b160e8bd4507eedf2e07166c7c422425fc8243b060bef4b206fd9c39784

SHA512
11c3d62b7e15dee604b07a15e25080e8a0cf33f7bf4c80451ca536606b2aa397761cfbeb157f6ee272806892c5721d5ae52302b5079f72365771d93ec89358d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
55KB

MD5
aa3e4658750b6ce619ed52230360f82f

SHA1
c7d0801afc1f4823c93648e7dcf7385a1f781a3b

SHA256
7293807636ccce08bdad8409dc4d8ea2f0608106dc992a7fa6f6fb9e69408159

SHA512
cb163da4474df49515bdba2879e65b5707b54ec557530a57e8a0f32c4570c73cf71fa1f5c2a5e141b338be60945480ba08619993ccf79ea585dd76ea8b93b25b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
184cb1cca687db12fc18f959b6063d3f

SHA1
8e1befa62701796c881a9d0c6f875677be197df5

SHA256
21f0983e0af6f047fed203ce39cd035365af0d061d88170bce6bbc86483a3584

SHA512
50bc3106e3b87c2ac3a5d924ac3fd0ad4a546959ac321a3bd6bbe29dc09ab0e3f900fd84480eee43bf8e4d8489cfec0050242f5b12bd9994253bad7064b3cc51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a2c8a588d896d280c39b5bcff7d07d8c

SHA1
1af0b356c82d92c0ed036d9f42611d6d67d2ba53

SHA256
660bd8538ea4d568f6298589e1de2f4adc0391e606e9c9385e1d642e47fa9fcc

SHA512
bb96085ed51cc085aed60f940d72f572da5e912e06459eb4d108ede10c634e1e427cf26735bd2dc3cb739c119eea36f7d4531289de53d59f12e9ba80ffef702b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6019e1d5510df9f7c0d4f3a23b5f4087

SHA1
7c9efc657b13c0c447e68545c6bc9c9ce5a1058d

SHA256
6fcc0db9bf12d150987bb2e401c5279edd5ac95094259f0fa2c00185fc27bff4

SHA512
f8c64ab1f180afd1fda94f4ccda8cbc317bcbda08b805b30d54dec4b96e50246759c2f14708af13b5c37f5c622ca27c4bdb41c3fb0438f723ee8f1b28da9ff64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3afecf796af92c117b66c9a263c095bf

SHA1
dca3b428af0750ecca9056670f1a1a3a73824f04

SHA256
46a06b4d0ded75c7b0679eae52766ae2bbe5f54b9280c252966f590840cac348

SHA512
5cd3980fae951ce3343ad4e48f2ec3a031090993912ae67f50bf0584304d684d0f14d63822600b3b05e6b49dce365433446be10a796845a23a45756aca176f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bbd92f13821ec347893ac4f75347d97e

SHA1
c65d17a2bb758d1c7280aa20b24b3b6f4d201e19

SHA256
91ce2b355b831ba96dbad0cceebcad08ee03e1f4e2ad5817fc3f8d61a8121c94

SHA512
011df170a7effd792b627e23c3814da263572d0bdcab28666871077850afaa9da2709e1fdfbcacf943cec15bcc7cad5ed8eceaf96f4edffe6f8179871e7d90d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4d9d9534ccde79b403fea4778793aa9a

SHA1
76c5cef04b32d450712ea1c7cda323925e70829d

SHA256
aab4510bb94d20fec95c4eb6b86f38657de6334067121b88eb65fc389fdbc296

SHA512
20803107c8a1b3d61d516ca4b81041563b4fbbd2c76da8e5a854dfa0c2c657077d1fddc74739d7a5f2178a7c255b153211c09755594fcdd3c023c3fe12e9ec49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
209KB

MD5
8c12db526010ed7be339bd1691eaca90

SHA1
d4461ab155ab9b3d3208064defb04f2d8544d4f2

SHA256
2ed0cff9e5969b3710b618a3bb68467d27acccdcc935dd08d023a9bf9caefb28

SHA512
62166d0e6c1a3dcf9b5f6a0d98761d96293d942def2a7edb940f7f8262b81b055a23540ce7118e33ad2c65812ec1ec379ab847286b873f3be8f86d59ed4deb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
209KB

MD5
e1e375454aaf78117e53300cddcfb017

SHA1
46ad96ace2ca909c1aa099b8d50881a54957f0db

SHA256
6677acfd407a5806bf25eb8694a103bd945b4d9b7ffa28f205a8ee007ff2cca0

SHA512
9aee039268eed925e2863c5108ea71dce314af270ad7ee93ec6c0bb7e447b3f75037c71607de4ed50ef71165d79d6995ace139e7cded97eab8001ec724b6b35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\shably_ot_iwnttoshoot.txt.crdownload

Filesize
10.0MB

MD5
771312f60fd6d1aa7892742f4f9a691a

SHA1
af4b682f1e42211fbb921922f61643bfb6ae315b

SHA256
a29ae1fdc6258953a367a6df534cb408fa397c325264c0a2244c0b8ae398ea5e

SHA512
2bc9a5c17cdb469297e7da48e356be993d9b6f936f046251ada04e8ca3018086643c12308f4450f94fb88768bd58fae5f3165b981e3e6d184b7b4f23e08f2ad5

Download Submit