781b2aa75d9ab21381e403cdf4d6a12a355e1ae27865a88ba99b65b0614bb378

Analysis

max time kernel
150s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kopx_Perm.exe
Size

5.5MB
MD5

2179430234960bd608dfb64dea7c9a61
SHA1

90644ec6e9d67e955d08479559e0712fc66f0c49
SHA256

781b2aa75d9ab21381e403cdf4d6a12a355e1ae27865a88ba99b65b0614bb378
SHA512

b9ccf87f319dd95df5d5468b6e4980b246ab92f09085094602bc9ce86952a45c8fa7b826a06f5b42fa7781a17d37fe70e426444c7f825ff1bbf77314fafe06a1
SSDEEP

49152:/FFnhVgBFnhVSr9JkzvkjXa+FnhVSr9JkzvkjXabsBFnhVKTTFBySg6etzcwp8fz:/VrkzgXyrkzgX9orG8farRQ

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	Kopx_Perm.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Kopx\checker.bat	Kopx_Perm.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Kopx_Perm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Kopx_Perm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Kopx_Perm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705526127273538"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	316	Kopx_Perm.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 2200	4564	chrome.exe	106
PID 4564 wrote to memory of 2200	4564	chrome.exe	106
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 2092	4564	chrome.exe	107
PID 4564 wrote to memory of 3500	4564	chrome.exe	108
PID 4564 wrote to memory of 3500	4564	chrome.exe	108
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109
PID 4564 wrote to memory of 1760	4564	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\Kopx_Perm.exe
"C:\Users\Admin\AppData\Local\Temp\Kopx_Perm.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd37b1cc40,0x7ffd37b1cc4c,0x7ffd37b1cc58
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3160,i,1421621050696233501,18373669065188978897,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:1060

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
42a719ad441f9414d8ac8f4b33b92069

SHA1
b537724c6a222e8b2166c308d8228e8ad2c1410a

SHA256
782d2543451a0b33b449f3bf0fcfcac5e768654405c4a79662925cf6f549d4cf

SHA512
031863dd0031f7451889983d963c98e4be0ba5f762360f49abe8979c544e699dea5799a64e9760ba01a45eefe7ad7fd1e24e1284d1210565779a76ed8f1d3cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1b56108e3ac11733e0716af25aec398b

SHA1
6b0878614b0af350c65c63eecb00004e68cd3fc7

SHA256
0b8402263a279d38ed208dee66e1b362c78eb448ac76cbc427c8d150580dde9d

SHA512
8d6da078336b74f094f192262dcfe9f3879b07dfae6cd9b8ea9221ff1711410398ace8fdb30e1f9d631ad993c57495d3c5e28ed7b90c72084f7df69e90f51a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3df47b6555f65b9397ad6f8bbb8c91c

SHA1
66055646efb29bf3ac15efe7cd505fb05616416c

SHA256
40d4898ef28a783408820e96738f206e8f385f63da416b70429c88c2ac3463e2

SHA512
47aab45661e9805829c8fd4202d047d59f30af8f68ff41425943de6e637c1f7bfe596180a484ccccadac248554c5eb183c1111ae5b6e6ab066729b174f63ffa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37a1b79b673f402aaa9b9b0a67a7858e

SHA1
7cd0f249f43aa99def75b81d48500c08a157781d

SHA256
0d6b8f2818554ea5b7fc0c2f18babf38243d3c29e5c8c9d02e5f4a9e98380924

SHA512
946efd2b9c4b94f4257223db4ecb3d97b388eeb12eb91b37b64fe8e279132b17cf67044be27945db03467b257e1b49b27fc0f80324e6f02716e70b9176ebcb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
195fff54b93b0d47daae59550e2d513a

SHA1
0e14a17ff06c1d41742c15d530a19d1f380e81e8

SHA256
ef6a6ea81657bd5a2217b243c64d39f662ef67829bed8c7470e1a041b11ed9d3

SHA512
870aef7e882ae0379d75767935d048294d6ad70c0d26219c5da97998b750a45d6b3804d17ff381d8987b2c13b48138f13204d3f14fc898c24b9c99fe73a95006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
927bd9976c9c24b0eb8216048886922a

SHA1
2acf50d02921380941384c351a67be5ba79086fb

SHA256
3a1d5687bd4ed9ca98293824152e5209805bccd0aa8a09553693b63b88054376

SHA512
d53e7cc49acbe28bf1a0e1729bacca1483d44bf36d2a14f68184ff8279398d2700e69566d5bf6c51e77e427b0c845a51b9c1c39fe4bb4136c087c1a5ac2be72c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7327f64aec7f82d0184c1980358a707

SHA1
365b3222c78611e637aa3925e5fb3c441fecc223

SHA256
16fb91d0e100685970e78f3da6b47c3970f4b677c7c2478b2924fe3099c6c1c9

SHA512
84b42ff3cadc9306866d5e65273964ecb0e594245b0198df6402ee4c6c92cf2e588a35fd18d61995d29fdc70c92f31361e1ebf042b908320cab1d7c6137b7554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
902acda14d78a8e86ad736aa9eec8a32

SHA1
617f497ee1ac06116685c529cf74f5f71431fdf4

SHA256
4849daf5cb101c1075e36b4c19d5967b5148021d97040f161411ba4dd4213c3a

SHA512
a3ad627c0504c519b73a331624afaf12e0700fb7e1ed88478c2c45a6140f23ebbd9777d9ac441c1de147f118977ca1c5ef9da9e9e5a5f2a039acc83ba554a725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
71b60004c62b05cb3518154f5514cf7b

SHA1
2e06ce602d55bd6b1fbafa8b7c7fb19d26bb8a07

SHA256
2ddfffba41a8c4a7cda107c5f25d99a65a879d113777f92fc1f3a93bc0a564f0

SHA512
034b81d8bad8496d6e246cb77c43dc8c49d2621fe96f5bbe039de2360f1247e7b9c4658f92bb0506c00e8fac8ec5a67574984cb6abe06ec52cde17446ffeab1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
26f8cceec87c8c83158b11502214681d

SHA1
f530c1415d86a8b96f1c6ddbd85817b25efea595

SHA256
e08cb015e08c3a0b520490f23328b70f0e99458513e72c4cba9ee386c9f503b7

SHA512
16aed5833b1232ba82e1768df8920412a829687007d7b731efc284a09848069ff257fdb237b39e926744716337beb27807a8d70fbf4928df5bb9b73f06377883

Download Submit
memory/316-1-0x00007FFD3A1CB000-0x00007FFD3A1CC000-memory.dmp

Filesize
4KB

Download
memory/316-0-0x00007FFD3A1CB000-0x00007FFD3A1CC000-memory.dmp

Filesize
4KB

Download