f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8

Analysis

max time kernel
240s
max time network
132s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Popup.exe
Size

373KB
MD5

9c3e9e30d51489a891513e8a14d931e4
SHA1

4e5a5898389eef8f464dee04a74f3b5c217b7176
SHA256

f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8
SHA512

bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7
SSDEEP

6144:yN6MLNACl/+9EhE/jIxlOaNpA7tRzXBWRiB6nlbKsgP5o24a4pF0ghqbjY:Kh29IEUxhiHWRIglbKsgRokTghf

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\RESTART_STICKY_NOTES = "C:\\Windows\\system32\\StikyNot.exe"	StikyNot.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Popup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}\GroupView = "4294967295"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96"	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f580d1a2cf021be504388b07367fc96ef3c0000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}\LogicalViewMode = "2"	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}\GroupByKey:FMTID = "{D5CDD502-2E9C-101B-9397-08002B2CF9AE}"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 9e0000001a00eebbfe23000010009fae90a93ba0804e94bc9912d750410400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbeebaa2b0b4200ca4daa4d3ee8648d03e58207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "6"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "3"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "2"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\IconSize = "48"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByDirection = "1"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a0000000e0859ff2f94f6810ab9108002b27b3d9050000005800000030f125b7ef471a10a5f102608c9eebac0c00000050000000920444648b4cd1118b70080036b11a030900000060000000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000f000000002d5cdd59c2e1b10939708002b2cf9ae02000000f00000000e9fde5ce41d534496a956e8832efa3d02000000f0000000a66a63283d95d211b5d600c04fd918d004000000f0000000	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\TV_TopViewVersion = "0"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\FFlags = "1"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\Mode = "6"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\TV_FolderType = "{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}\Sort = 000000000000000000000000000000000100000002d5cdd59c2e1b10939708002b2cf9ae0200000001000000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\FFlags = "1092616257"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByKey:PID = "0"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{25CC242B-9A7C-4F51-80E0-7A2928FEBE42}\GroupByDirection = "1"	Popup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	Popup.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	Popup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2876	2896	chrome.exe	33
PID 2896 wrote to memory of 2876	2896	chrome.exe	33
PID 2896 wrote to memory of 2876	2896	chrome.exe	33
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1724	2896	chrome.exe	35
PID 2896 wrote to memory of 1368	2896	chrome.exe	36
PID 2896 wrote to memory of 1368	2896	chrome.exe	36
PID 2896 wrote to memory of 1368	2896	chrome.exe	36
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37
PID 2896 wrote to memory of 1672	2896	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\Popup.exe
"C:\Users\Admin\AppData\Local\Temp\Popup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:2824

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6579758,0x7fef6579768,0x7fef6579778
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2928 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2764
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400e7688,0x1400e7698,0x1400e76a8
    3⤵
    PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1704 --field-trial-handle=1372,i,15456935090432750014,1950208110327359015,131072 /prefetch:1
  2⤵
  PID:2620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:316

C:\Windows\system32\StikyNot.exe
"C:\Windows\system32\StikyNot.exe"
1⤵
- Adds Run key to start application
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9edaea5e-6150-4706-a95a-18c14e144663.tmp

Filesize
310KB

MD5
9d6841878bac40022ecf7c6e319fad02

SHA1
9d370c664586310e7d7665e92b76ae92456e3c71

SHA256
d81874b862fec584a5ff8ba0ddc6c107f3eaa1481626e58867eeda2f4e3372c1

SHA512
9072496ee85f796bfc88ffb2bd8d5a6b9f272d21d537e68bee8a5bdd0c83db3a7d6755f21b825ac476d58d8ee3a5575a07f489e3273d9a38dabbf35819e53319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
8c04cab52e03f1103d580869c92c8336

SHA1
18678e811dc296896af3fe72d3c6889b7f11574e

SHA256
3d8444acb8c820115d053caeef5ff66724f35037f472873c0df5c4e42c88f6ea

SHA512
cfb3f501c78ed719093da53096248c2b27f9fbd3b18c9c30f47695ced77e72c6b8beef77f927ead6b074259f50deb6748466771b5cb6ee3900835b897b61da30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b34fb4f436205e7205b3dd9e5a45eae8

SHA1
a4d21e0e94daac3ff610aa39807b0d0ef1144690

SHA256
b13cc3e5fc92c04369b304b1a270964da7c82bec5953533ff98c380a9fa073bf

SHA512
b1e0cb90ba5d44b52f8ebae69a1aa495ca1a98e5ec074091226f043d5aceecf2e8e3baf6d75d2cd5df6601ee3ceee6920516668133fa13ff9d18bbc71e0c8e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5b057e1ce0e64560ba12b046e98bc8c3

SHA1
26544a72094f6ec14716d62613c428a9337afd54

SHA256
4b815435b21f72ed222b1e96662fd66541f9ae5dd239a65df0ef94f549b432c6

SHA512
dbb5e8f9b1fb2ab28faf165194eb3bfb11e80d5ba03cd6ffabafc5c4cd5086a59c3a3b50ae35f4138c65f3ad91ddfdcb1644375dbad5db6f9d4ac9d2bfaa547b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7b5eb26ae3753cb03f0da4ba56af949f

SHA1
ef06a72a7ad714f6c4f785a45190a54c837b774f

SHA256
2b51eda281ef0fbbdb130eb933d54969d4317e47a50ce71cdf31c6638b840a05

SHA512
8ef928460a194d274a680838105af4cfe5efb7a44d6da82367a71521bcb9272e7ca955728b78db4cfc8b19eff0df08712a6ca06700fa535ee62286d242cc8f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
5ac73a0ab928147d4e8c14f92950524e

SHA1
a57fd473a9779b60a391bfc7a6d444a558ff4b2e

SHA256
6cd902654aa3b59d9fe0a819188b7ea61ae3628df5acda9daefecebf18556d57

SHA512
79572821a770172d4b76ddf327c20ca89d6f9b6dc8422e36d3104c42c113a1d92bc31ba3da3bbcd3d1f979198fa47923ba8fb90e00b4ace45f84217c5dfb8763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
0bb34405a7244ed139c2b186838a6d66

SHA1
8644633124e29df8bae5c34ced0d3c296695e77e

SHA256
44cd70dfdf1a851641348d09b031e14989cac0fb29f8bd289a3bdcccbb557674

SHA512
2cf439de465dcff9846d5988f7dcde1ed0255dd6bcc52d10147f163f9f25dde86bd1feaeb5758a7790748939793f60a8cc2c14cde18930de27c5cec33abbbe04

Download Submit
memory/2372-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2372-51-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-10-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-8-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-7-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-6-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-5-0x00000000002B0000-0x00000000002B2000-memory.dmp

Filesize
8KB

Download
memory/2372-4-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2372-2-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2372-1-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download