62cb5e77f2e98ce040f3e575bbd20135c059974a825837d62912855ffe4b805e

Analysis

max time kernel
34s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s.txt
Size

39B
MD5

f26405fe9f336feaa0a0a2741db1a8a2
SHA1

ecb7e93063d2c2d3ce26f10782af1b02f43a8572
SHA256

62cb5e77f2e98ce040f3e575bbd20135c059974a825837d62912855ffe4b805e
SHA512

600910bdcb057065940a0ebdea43e5bbee8b9b78bda3ed1848328902c7b0c496e44b92aec423663633655200c07f053f89abec05deb019989fe5cc6a69d2ec44

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712010896618463"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3864	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3740	chrome.exe
3740	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1800	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe
Token: SeShutdownPrivilege	3740	chrome.exe
Token: SeCreatePagefilePrivilege	3740	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe
3740	chrome.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe
1800	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 3040	3740	chrome.exe	92
PID 3740 wrote to memory of 3040	3740	chrome.exe	92
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 3056	3740	chrome.exe	93
PID 3740 wrote to memory of 400	3740	chrome.exe	94
PID 3740 wrote to memory of 400	3740	chrome.exe	94
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95
PID 3740 wrote to memory of 1952	3740	chrome.exe	95

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\s.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdaebbcc40,0x7ffdaebbcc4c,0x7ffdaebbcc58
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3648,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4364,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3156,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3384,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3364,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3492,i,7540668363157886081,10639077625216045666,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:3544

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0eee32c735af9a68f3a33f99e9eeac73

SHA1
55f889f892c813f593a8581ec9519d8b2b8249d0

SHA256
1b410d5d44a759da046c1d25d932ecf6afa672d3b5870dc02d4d55c290834bda

SHA512
4c692d89213c88a9863c614951c2192b271ed9f387903ef06c88fa7c34c48829d07d8c1472f2ae52c7bd7917f477c8bc891ea66b221b4c43ba5bec321e88d250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3a47a51e253be747b49c8433900b1cbe

SHA1
7b2ddee5d1bbd545b9b3ce2df0e597814f7ed65d

SHA256
6f9e05a05261a5ce9915d7ef53b568f4f6807a89415d30531fc20bd2c90fbace

SHA512
eee6d3e464cd42ea508c9f7cb329fb009ff06d5bc79599eea781a44816f9c2e8821c13f7ab03a5ec8c5805d460263a15aa537d11264452bd8656df03b55aade5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
de40dbc93459cc7988a7446712490e35

SHA1
447ef40749ad999524e18ffa59d5be2efdad57dd

SHA256
18900edc1d02bcfe24393b65837a10f181203b71cc401e2b6aa7d2ab6147defe

SHA512
b72a3d6cb0f2bc64a34a452f506a6b9c81833ee81ff61767120c62c0a991b2974f470a11397a9e30dd3183b18f11c888368b91cca5c4e472c1db25d5b382bc95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52527886de0a387bc9e08252e870ec5d

SHA1
ee1d21a24bc376741f8c68996319b0080b539e7f

SHA256
776af08d6ee40d2e9914c1756746cec7e0c969de25d238b7ae53c38e81e98c81

SHA512
f53691781bab4e09273ddbe91f6fb4f5c672d3306af7d28ec1b66ef3414ae260f00d5351a3cd639638283a46e77f756c6e4284b9c07053cdb7c0c790a5e78985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0cd9505799567b9e4dda41e9f469b7f7

SHA1
f7cbccb0598e8e4063d4ce5cb3f33e0d83ea74b4

SHA256
080f1e8cf79a6a22c371f77deb0a2d724ef7faf9c85e3242b82f50c38a2986e9

SHA512
a08847bbf1565fcc721580fc542e807815b1f415050aea0e527ff696e9df92e681f01d3428dd24b3e11690060692eff52d11d5e2dd5a15b00221ab6d714eeb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
bfd06ea5e39956ace8dccd540b11cc08

SHA1
36832471b49d5b75cd00d404bf410fb764ff3747

SHA256
fcf69acbba163655a242d391a73b96341f622c0301aef02738f544ab2ab8a34d

SHA512
a3ba1a8c77edf942fd7ad9e7c01aecf6781b5a79e641d21f87ca29563bd4f314acf72e86a17ebec99b2c4a87269aa6a92dc7ce29aa3bb4e9d5a6fe30735de867

Download Submit
C:\Users\Admin\Downloads\Sًolara.rar.crdownload

Filesize
14.8MB

MD5
630a98c5e60228b4d4c561fad0615236

SHA1
8655615e33fc2df8ffb81ca82ec5803fa6e187db

SHA256
c5da33a3b61084d704d247547eca184ff5bb45230bedd21201c08eb10130e68d

SHA512
d72189c0b285109652744e5e188fcdde363078e456d4cfd473101d0b56728ea345016953d11c241babb0345e0fc7466ea937030f2351a4097216f8d7d22ccbfe

Download Submit