63162ffb71e5b39e4dcf61b2b1e81e1d5b6db3fca4045e81cf3aec82e828514e

Analysis

max time kernel
132s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lol.txt
Size

1KB
MD5

8f7672caf166f104b44c52a6905659c1
SHA1

8cefa43538e2480e320d2f7c03d891d3035ede6d
SHA256

63162ffb71e5b39e4dcf61b2b1e81e1d5b6db3fca4045e81cf3aec82e828514e
SHA512

79c8c8bd2c48decb54a820b4797e3fdef15a36654d99f05bdc597e77520eda25565d7f3edddc07c04ef46dd28ddceee5f2aa6b8db03dd977ec0865fd076ad8ac

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712354944670855"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2120	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2248	chrome.exe
2248	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2120	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2240	2248	chrome.exe	90
PID 2248 wrote to memory of 2240	2248	chrome.exe	90
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 3972	2248	chrome.exe	91
PID 2248 wrote to memory of 4616	2248	chrome.exe	92
PID 2248 wrote to memory of 4616	2248	chrome.exe	92
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93
PID 2248 wrote to memory of 3552	2248	chrome.exe	93

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\lol.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe1b61cc40,0x7ffe1b61cc4c,0x7ffe1b61cc58
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4708,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5068,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5388,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5520,i,18103383092560111977,12521564890409864450,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2160

C:\Users\Admin\Downloads\XPLOR V2.2\XPLOR V2.2\XPLOR V2.2.exe
"C:\Users\Admin\Downloads\XPLOR V2.2\XPLOR V2.2\XPLOR V2.2.exe"
1⤵
PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c chcp 65001 > nul
  2⤵
  PID:1996
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d8484a250941039f477be19148826388

SHA1
8fcc933884c66534f69b0b71bb819f818c943e84

SHA256
cbc8f660f8894c1684c90cd3e85ccb2c12d3bbdde2708a66b5516be062864d7c

SHA512
3c15c83e51f60501d558cc34063425675473e064c76f6aeb2a914438cdb754d4609c350403523b485680acf26791e993f85f06100e8013fa27e5d09de865c1ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6f3f85dc1be5b828d4587ff26d34701e

SHA1
bd6533ae3ed90176f5113223d9ef6b849b526a83

SHA256
9fba508fa7ee7fdf1c69e186a804e191ac72cbe69cb5957d37fdaa90c90b4497

SHA512
f01ccf872f0e9d65d92e77c853389b552ed53950f963cd4b5d94004f1292b405cf4a79fc819a7406b14a57d2901c49bfd6c48e102894f03e2f643571ae64e927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c9cb0e9f8482d87cff00e0248cf39770

SHA1
e1a04d2ae76dbb1f0f9336344f2c28615bfc2196

SHA256
70626ba25de472d94eba7d03f552031ffd0f66d3dba71baca30143d5b18b9fba

SHA512
d8588db3e534d2b5a94b3d77fbb9a8f92c67a427ae10720a8bfc33857ff7bfb3d16e46bdd05e273f86359192f3a74ab638b39f5728fa0ba2f7193a27d286c400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26c0c2faddc7687dc7fc6b8a51219b06

SHA1
153c3e4c1c104c87e57f62b3547131d8256360c5

SHA256
5cc3e237c48258ac4b3ebdbf5f9c49251d5d0d467e09ba66411784aef23ffd5a

SHA512
5a0a0f7c12acb2a301acab914507e659c35c2bc2d4752f8b76c633279514d3341b7014c8e727bcf444d9332b273e92606c1b321b53f75bf9b6452c2e4098ee1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6d69a83f35f52a8fc1f9213d0cbe347

SHA1
c730b39b6280751bc3b7fe9c3bda3ec86c530c35

SHA256
a588f902e858f446416bfb3a8dea84823c3324835b118361e2ce6338b2b4f205

SHA512
c2aca3daaae153d221f58981139537ba2c9a10424dab340b8bf2bcc8382b759de5f285c12e70d37ac98e2105b66e6dffc79b7fd0775f4feb543a4c4babf01b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e287fbe0511e20385e9fe60389a0ec25

SHA1
56f9d5ee08a333de3548f640632d434c05940332

SHA256
3aecf0e140d1ec253a06c7c29e8be69e62229fef986cb8f80eae344296d8cc44

SHA512
5cc1398babbc4b463930e11bfea392e10416b4ba9bc16ca94824c3f1ce7938bcfae09d8f87d2f0f0b230b382f4b012ec53ba09a892d0f79d56a3b716273a9b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d13bccc993201dc898b2024682b253cd

SHA1
b31e7a7ec32651cb20facaad438250ffbecd735e

SHA256
1bf5be958140b56453819d19b9b956729e636de6d27513e296e6d79a87335776

SHA512
a0fa298a28912192d49b957fbda8d9d16ff8b61521982853f4c05f43c9fe46a8fcff0c87bac3900ef043345e98dd7ad5f66bf63b91487bd05c3cb3969df26a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e16328f4f959aa90f6b02c4a230027f1

SHA1
b1306bcf9180aead5a6a7c4185d47a288563a4a9

SHA256
af998fc917e351ad8a8f03d54f486f4d8cd2ce0239a9d76cf66b6eeb223e2f2b

SHA512
e5c0f4b420a3ebd9dafa77f730a7c3e53f80d82f8199d219d15447cbd9fe6e97efda78fee271da6a297feca4eb6de6270089e6169358c37ee05c6a29d7d47771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8df82669253d040e5f3e1b830b886901

SHA1
0fb06b4082f64f01d820154886b8fcca8ca06e79

SHA256
e05a1ca2ecbfe4c5f65e619be7eb2fa34c9987e33c94d196f97fe1d6a763e240

SHA512
5a1c264156f92ed47a4079632711bdf165af51ae7096e8dd521826c57f4b3a4926b46d92a2e06da4fde2d3aa9373ecb1903081c19f650d07717f0bdcf52b8e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b065a38287faccb3f0ee2ce3a2f49ea

SHA1
57421d7b97212de0d1668dba2ab85e6e2b3b782a

SHA256
8babf8a6e4f66737b468ce300245a9fec74fbd174ca7ff95d7499a680d2354a7

SHA512
98f6836e88ed0bef36fd6eddace0e04133baaddecde76d0d65e896bce55e30da43971d292c0c3b87308677b6667a488e2c7c39feefab42f11996d0120286b17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67f404370c1b572926395c6cb30d10f5

SHA1
13682a56509fcb5e564cbf0a5e4f418b5f2ccf00

SHA256
f68dceb17ba341466cdede455f1b09f880b5c83b4089e174b02e460941b8636b

SHA512
16127cc2f2dc0f722c1a151d80e9d255e306b6c0dc6c4cce6da2d38bd82470bac2735c18d76e5206e91bf0f6bb461619544499ab8866b178117d25d9511f330c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
38c217c59f9ec5316385edae011cc5bc

SHA1
f43e5bb606803de25a25699284b2905cab2355a8

SHA256
38acdaeb97d3dfe4ee27b209a8caca84631ef6e9810d89cc499f0f4023817bca

SHA512
7732bb92be023af1eabf2bab82f6ce75ca10d7d11188ffe6c33e9f2888a13dbc746ff8c7babf2c6788f1f21ef92ddca0a0119a31020110df8e8037456c69f5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
9d457acf61999161d342c159a10773c8

SHA1
912a783e9bb80d1dded64eb63a93ee5342bded79

SHA256
ef938a4c92ae93479a5bb0e9d301e4b5e767a6da08348502a168ae83f0c82a3e

SHA512
eadaa5287b39f0d78cc4ea1c9083e98d294dec0a71beb5ff06f66617e09699217eebbf012436055e12255807f924bf3afe75b26542f2d343db06953a215458ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
dc8c8fbb9798aa0611fc1fde7989ff4e

SHA1
58d79cdbb55e236c0c46f352fa5f10a78d3ab294

SHA256
c78fad7d78cb6708ad16f7dfcae4b20df55898f620868332f64b3af809dd00b2

SHA512
93a0b24a151a4230625ea6b181f35d2fc406d01c9464d263a4a09fc4b3b9db4ee5ab0543d7869edbcf5bdfeb4cbcf943fef4cbc0c41c146b2256208200f4857c

Download Submit
C:\Users\Admin\Downloads\XPLOR V2.2.zip

Filesize
26KB

MD5
8e8bae56b2498ff40fb8724554ed1e17

SHA1
9c577d9b58e2cdb35b793200866aaf1bcdb23b8e

SHA256
f7cfec221ccb1e319d737b85bb03288da3f4f3d86837d49f8304cdbf5111025f

SHA512
4447d2fea549818f236f0c158951791c5313decd648f1de85f3cecf2d5d308f591fc5cd22300d8c103424a2ff462f8e2c2a6af00aaafd6d04275223e170365e2

Download Submit