hxxps://geekhack[.]org/index[.]php?topic=41881[.]0

Resubmissions

18/03/2024, 12:45

240318-py9sdaha53 1

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://geekhack.org/index.php?topic=41881.0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552395565797853"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000215a767abd68da01d26bd57dbd68da01afb07e7ebd68da0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4620	FilterKeysSetter.exe
4620	FilterKeysSetter.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3764	4660	chrome.exe	90
PID 4660 wrote to memory of 3764	4660	chrome.exe	90
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 4992	4660	chrome.exe	92
PID 4660 wrote to memory of 3628	4660	chrome.exe	93
PID 4660 wrote to memory of 3628	4660	chrome.exe	93
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94
PID 4660 wrote to memory of 3816	4660	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://geekhack.org/index.php?topic=41881.0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff943559758,0x7ff943559768,0x7ff943559778
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:2
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4840 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5496 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3552 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=220 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1940 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5572 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5252 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4924 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4864 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5144 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6320 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4024 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5280 --field-trial-handle=1720,i,12545577606568266294,404401349868185892,131072 /prefetch:1
  2⤵
  PID:4560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Temp1_FilterKeysSetter_1.0.zip\FilterKeysSetter.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_FilterKeysSetter_1.0.zip\FilterKeysSetter.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cf13645de666016_0

Filesize
18KB

MD5
74168a159aa1dd07be3ea51f24edd4c0

SHA1
30b475851aac5597864396737763c5e26b948380

SHA256
28d0b6d68f71425033e8938765f2f747fed313abaf109b9d79d1e08da769c62f

SHA512
19b2ffe197b6842980bbd02745cfc5505cd175caa47e0c79f80f819894c108f82dfc2ab6c56328d4999847ed4eb31a47e1d079ab69acd6720c05b87008de9ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f705cb18580d715_0

Filesize
280B

MD5
9b00e6dfc961cdb96278a4f616099848

SHA1
e27c4d678bfbe8adb09ff044ef92702f96092808

SHA256
23d705dacb5d11a9eee8e219047db120d3f2a54eb43126f3d89616c88cc5f1fa

SHA512
7ae68eab849bf76d4dc8a7ccbe334c9b5b255ceb40e33d7da4d9f4ec8945ae2622697233c739f3b4974b6088746cd64ddf0f9bc8172c088b7556d101fba5a5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d2dc3c4536ecea7008f599d7ff1c9c98

SHA1
5c54121115f094dc8331be83413b91a9c008b6cd

SHA256
8ae180cfa555a2b1c7000bdb622ba9227de1456422e89e8d381c0d1a261be576

SHA512
d45baeed449de16eee1837e79be7b45bb6f2a476580b46ebe4cc63ccc5164518effbd2a36e2566dea46dd2776e4886ddfe7ae0e1eef508ad06f11f9aaed70b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
02ca66a31783ba266c38e7135409a9bb

SHA1
771fcfcd39284f320a2d7737d075d461a71145be

SHA256
5f4ace86c9ca03e257adfe002628618a13e82b26ed61b75e6034efb5778791bd

SHA512
8222b45c4e42a8a83ef7f0f14a10d10ea76149fb86a34406868e3373cee8979b04226850212dd1aa88d9f17c3aca81b26c806048c4a4eeec6191ae5633032dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
de42271d9e9b61122d962cdef39ac708

SHA1
b8c258a764aa60141d46544ecd64ab2227927aba

SHA256
119f92851e145714adf96749df07f1add1bfc87b66db7d345dde716d2509fb13

SHA512
68f813de3ef9924520fab1a555de5c577377fe5a405477a4e2361d3dccce2423b1d503407b01341486a1952d6c6f2b650768a9555adf20cf2faf08eb0b459d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96fa69d676ced3d945efb3105787f5a6

SHA1
38e4ddcec0826e6368da34f2fa4e52e095bf5f78

SHA256
896897aa51e5e38e4d3099449d4fef3b8e3f5a88936c56ba02257eadbe2656aa

SHA512
663157b8baa741162d6cd51c559eac2f7c4e73a91a92d623e10b80a5aab126f20cf9bc004cfa0ebfde8859656bf8b9a1dd81d66bb4eb70724a5d1b04297cf014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2f02e18b9ca0dc893d677073337c7c0d

SHA1
b193fe92243e8e21d138ef265e6290a017637418

SHA256
39ddea5a0c1f575983d264a59748cb6a72a90c255f13f1597168164e7e6cca9a

SHA512
f9cabcddaa879918cee8b89dbbd1093ae181fffd630c98fc0a6af03abc27a4cc225a457e8572185facf07a4a76b9779962db7c0c7740e9db5223917c38635d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de060ab7dae79f5b89261a418f6d0880

SHA1
4de32ee08e5f0fc016adc138fe0f28f2a162cb78

SHA256
45022b840bbfac522ef684829b8b2bdb3410c88eb59016d3d4337981844fb5c6

SHA512
1f9f6b3b4dbdda857560dfdad5145b206f022dae7606763ed9acddb9c5762d8fd6ad2e25ead022ed3d5d3f29a735b7840612d089de9e8e16c132a5e8d54a8b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\630a08d8-894c-4ac8-b2b9-68876adc1c78.tmp

Filesize
3KB

MD5
8af6784b23d07b538ba87792d326cc63

SHA1
ecc897fa7084cb67dd1d1cf706b9058dd124d97e

SHA256
a86b9abced5717433720951796b76b84429e463c831a539336be9b5797ff2ade

SHA512
ed79e3ff1427e04012dec03bbd8048c866eac18e3fb219b8c4d452d2aa23e9efb563954ac0d65518b07560ef2c260032175d7f358d5d3c7fb2552ddb89849c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a83294c55f147db061798a37036a8c9b

SHA1
b8cc9aa82d01e430909edc3ebd9ca8ce4f8b1214

SHA256
af6b459104640572b07b0a2e52539a39a5dd168837d8f4bcb3f21176395b0095

SHA512
eff07fdd792a36a4d9f8908f4e90da3ad58c428cd2e5dd49b2ff153a01946c35a2af24178296ab86135682bae72ff680ad84b424b10e51424813a0328c84c36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
277415366de3b8b102b6fc7404cddd88

SHA1
3e8464cc65f0abec3a644636d1a28112e8275021

SHA256
2de3c73516c30db6d917e5ce5bc803fa012acb3850d699e91aae82cccdf5fb68

SHA512
2199371f2582054a6c38ddb11caaf9d750cabeb1904d152de4d0ff0d25fdb0384b51a2ded151874b68322c2f57bc709926579e134aa4cb26b0f8aa087d2e4506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f0310d4c9d204bf0ebeb4ef1230ea68f

SHA1
310c8755e2b25e931dd200d21d773203a2e9cfbe

SHA256
2ecbf4155e62d3127c85710e06bfa1a7bd91a906b4ccf060ce835cf8513c8ad8

SHA512
7d9ef72c0a2cab648872ca57effc37d2e404a61c21152386b5c13578cbbb5b8ea47f7cf6e28b42dbb91d7190a420c2046160e911454945acefa08c59316edc8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18c33bfdc14a0acf75399afb2123f9f3

SHA1
53c64a0527f66dad998e0ee217684cfced649653

SHA256
c70f89513221fba4e41ce5d0285e85074a0fdb26cacaf37c251502e01cc8f519

SHA512
95735147921696f1f7aee8f897d5346db4d8331e695121d83b0068ec4a257e13903bf379308ad75f030b6d74d00526673ff1fb03ff65ff8dba4651db2bfaea72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
8ff1fb0012eee2148fa94903b339756e

SHA1
76a4858a5f35890dd0253efec00524b9d0e2d950

SHA256
799665990a750f3e1ddc118fbee5ae4ce029bf1ce8854a4abc033fe3536d17cd

SHA512
cbfdfdb755ee74dae8768beb86f186740ae1ebec7545aaa6764d99e6de7138437d6a0369572a11f0e068359bb0677c3b801e3879339822a81caf2bc0226a3e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
b084963411255f7555dc3283cbbd3332

SHA1
2b24476a6cb7c64adf4e035525276aed38b48f63

SHA256
1488895ef3891314c5f3a46cbd68e0d5a74127ae11deb43d9a4fe73557f64239

SHA512
cdbd79fc61b216c0257301d414743d9c704ed2909aef5db14bb6729ffd8797d9b87f7565641039bf7ded0f949f7a448e65a2a1599f149341008f5eb92fb27904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
a92ee631d54713fb7cc1855e231686a3

SHA1
15995f4dda342db5eb22ca47f189189db465594e

SHA256
c533596a5bda85aaf51e0ccd12f0568befcd140663f3c17f63d8a954e896d932

SHA512
4626fb4fb836184461b05016bca0fd31dbfb6c04edd5637fa35ed3f655a8c8079968a48982df3ef20003531dd5a091cd7d5b5a7aa8d8dc8250d03d8d30d6475f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
3daffc56bca0e104190d8b74c1fcca01

SHA1
21f2ceab01f9dce4593653913a89edd0787e9140

SHA256
7630abecbc4665b7b6d6410e239cbd05ff60946546544114e2949bb8c6b93136

SHA512
c6ace324732c40a5efe936ea8376061428553dd2a1e80ec30cb63b45407ace014877ed8286b3af569ca4f8cbad8bf2c87f941d05d6a0518f7d97c4b9b0d4af0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
c6ccb985e8678759f73c311eedb8eb2c

SHA1
319e3e2b36292d595cce3de47b6fccd7275f4122

SHA256
914f50afd37c6b50aea2c6352065a7af982858ab29e8fb2c8c4c1e20abb2c6a3

SHA512
4267bbce7fb9d0d4f79b01221bd64226220516b7ea03338625864ad24c4881e7cf0a5c58fc123da793a681e92743f42cb805eef8fe3b346bf46b7edc98ff4554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90f28db1f6b5b3321f7bf89b865e2385

SHA1
8cc6398bf16d2b6f2290712131f4a58b12c047cb

SHA256
4b33708e2d331d392d9849a42fd275e283d0401dea016539362aa2f41f64b37d

SHA512
09d842f3976917824595719106cf702162040b0aa51d54c1a6d9e4f7722caa84c1e276a2389645815caf500f11bd9a7c63aa87e3873d9417a867b1a1c28c3277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a8da84415f557b906e25867d2df73cdf

SHA1
491fbbe26650b86b9974651cbd37a95a0a2fd59a

SHA256
b0315b3249e389bb16efb28b52873a16b5ff50b9bad51650b9130b32789845b2

SHA512
c2162f440d52d70adcbe19629a3304c3ae898f6eb17bf45c90aeca4f08eaaee6c0e50436a7eb6e0c6078347970d1922f2673aaa90171379a16cb34b474a074f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c734340b3dc159cb4a6a827906cfdbbf

SHA1
72b14322883d5894e2678dab2ba1331254008457

SHA256
963dc3c8259773c8169d0928fd0d8c95cdcdff314acd3c4f9a478039f8ded3b2

SHA512
2bbeed4a642d8b60ab3f578c369a0fd65dd5f4d6e00e4511d2630d415e495c6de07b570362ee02c96ff4c85c4f2235efff52b12e8d44fc0f872b4257130d44cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
efb73d3e68c4bcba2353d33728202d3d

SHA1
7427e1fd844986b54ccf9261284c14b2916ce6d0

SHA256
e9b4d597c87e97442584c993826ea99bd3d683d19190acba7f9280469a572b58

SHA512
63391c327eeb2aa02fcbe6c7e7799d7d6e126c7303ba8c720f638290b109352f51d03e9882f295eeab34834833bcffe88bfd878a6ee9e146fc3f6f7721002604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dcdc251a5ac15557dde1d66aebbc3895

SHA1
1c0252bb481f6357d06e5c7854cf615fac769dfc

SHA256
94326f9ffd28830e45edc0af3dee21cb5bba14b25027a2c79b4572dc8d1b8cc7

SHA512
a75486eb84c3f3afde9486aaa59f662a8f0f6c0f9c04a8ecf4e39d3191b119eedbce488ad06d30aebff036aac805bbf3935e014e3bdb1573d1a455d48041eea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
287712a318549e7feda6e9bcf096fedb

SHA1
4e45a5178240de6b17a3d8cf4756b0bdc220002d

SHA256
5707a1dd752912035397daf1c9ad90457ea24655ec600b7b82a8cd7e25d7a2b5

SHA512
3fa2954eb278b0f9debbd0b5836c823fdccffc7582a9eac15a09b04f5ecd845b40cb7d421678917ac8301b27518708bdecefebbd91aba161dffb6707fe41665c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8f2619699493abdb58d34936c62e2835

SHA1
96e834e0d82ab3c32045fe1a532539d8f7a9d9f0

SHA256
003e5911afc4ead3dcfac6e0bbe181ce3c0d83b1cedd200e3778b6bc10c8efb1

SHA512
1a1f935b767aa2598f585d66265d2adcb12c58f6b0162216d7fbead0fb66b86f77e77903e2ef62d5c9b7aa049a1de8168799ee08184aa0ce2650ed8a7ef0c4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dfeda6119562f73358acd0344ddb4dad

SHA1
62414bd2c77adb2c227cc87162b0067a1306dc4c

SHA256
b6ab6305d6c7de115e21f5736b82add9c9a5a2e61bbac78901e29853431d926d

SHA512
453c6efbcc38c43585610de8d04f5587801d47d9735e16f86c308375bcaff54795983aa7c957941aa6f70e05fe77f01b16ef773fbb684e80336029b96fe86704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ff52ef996645997c6ab161454b80e394

SHA1
f2dad141a034235a84eb720e07707343088323a8

SHA256
4149f3bf6a933743a826782cbb8968d90164b5248535777ff238dc3d8bc79d7c

SHA512
e1515157186f96b737b2bae91ba710037abd1c5bf3478a77e354172f064337bf4139946e973ed37ad37e4cfd867fda97851be31ed0e57da3f4905953c6b3cf4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b6d8b.TMP

Filesize
48B

MD5
b2bf59d98d0f4da63fd8f2b9944f39b3

SHA1
d6a44364de0af3be53e7fb1d377b30c4acb3f5b7

SHA256
42a921f82a4b6b88bf62e4065dd2c8a755c3e94d97c5b76ea20cfc3b3ecf7e6e

SHA512
cbc3b5781d48ca4d24c8d8de28a4ac233b22acf58af664d8d8c99d03860813b54dea8c545c9e62467d1a5585ed1b6774498f497226972134a152ea3c48931b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
eab8ecb3936b2b524cd15413d9572049

SHA1
b450085620c4c70013ecbc8de5187716d70444b0

SHA256
77588de0a86e1e5de4338d5f6dbd5220740fc8b2d5dc1f25a8cdc0d3d6d4fc7f

SHA512
ad06bd66ba7e021762c5dd8b2733f6f29a439098b9c08b1456c47b8d554d0c4811a95bea81c7f16d955d34d7ccc5d0d56aa3284b9023f9906e7f5f4488b0e473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
0b6746abadb9d6568cb415574912217f

SHA1
be24793faec394ee8043d0b6b25d36ea64147cb4

SHA256
d512f55697cde4b7c389e635795359096193e6ed8e2870e46cabd5519a911e4b

SHA512
5da58348252727b4136504bd230f411b42ae84f825b351ef2cdac9bbd58705ba51745078b95a2324ec77f2c38c0391984c92a0d5ed37aad4310e91c72669d9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
63f3407779225b3104d02a4d7aaac32e

SHA1
c01f02c01f4cb86fbee35fad788db383a5d9e23f

SHA256
f1100f019ca7ddc399f1c4d55265c210e67bd72c42ce72eddfacd8277fc58da8

SHA512
621ea3a9d3a818abc949634f970717982a1b795a88fa864e2645e84f69cc7e9c18d5d0ee613781c81149ef13487623ccc144ee8d0d5a7ff52b60bf454959d08f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
45305e8943c034e807a10a27530ebc8c

SHA1
1ed90b3a4390ddfbea028e44f4d2a567389b54c1

SHA256
4915bc1ff542464a28287654dc66b3a7185ef61ac975eda1a9ece5cd6f1a73cd

SHA512
f963e08b003d022550823da45ae326c7897cb4482d104ea242616daf3269deee33089c8ca574cc6dfd5f099a75d084ef9686974cd8b6b192b0666053d7aec955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6fe28e5eea0f33a627444fe8db8609ff

SHA1
a51ce7a67c4ce120b4d693236359e83589627efb

SHA256
86981e1980fefbcd65ba50ca1877b75b4a8917ed9bbdf6b219034d33dc17645c

SHA512
dd2c3d4efb96826e34eda73b4985d8e90deaaf9624b5f77f09d7286ccca172349575b388390dc83ea583d3128d9665911695b3c0a8ad0e267621d8a46061a9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
9b77b963bf436409f834d4f4b730d6d6

SHA1
89bdd47d38eb332cccada6189a0c39d6a4b1fe0d

SHA256
0e4546758653674e5031d9ffb711f3e241cbe0531cfd57242d14f26d674f9bd8

SHA512
4442f0da38b885973ec62038e0312d75cbcd4a9a77b7cd8dc4550f8250769d21a0e2b86ddb979472e9357edf2bf5128761b14bb2a1e2ffa1f10a91b0a8a02068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
f8833c3022e4183a55c606a488c2b20a

SHA1
53eb15a2d86c2c15b17617706742f6890bba464b

SHA256
b323103ea9d8abe0c1f96a2d5fccc07f773c8f1c621acfbccf7d15cd5ea3967c

SHA512
bce757d9a28aa4a0b0b91c266059a7d87999120c668aa8ab029147c45b715261226c868bb599f06a7b15e8541af2bf0b5c403f73a9aa49ae711ab3949cd1aeaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
284353b060914a807c1cf1f842cd9b2f

SHA1
99ab31345bd055a9bab4593793c4423573c572de

SHA256
03ff47e94e5aaeaad9bea84ec9e4aef83326de6053c50190a3d05e441f82c6d0

SHA512
c4782e2115488e7164005ae834a7dd77c6a912db4fd6cb5d19b391f9736547cedbee42e6ee47f4ed1e4e3aca00bf396228ff6e2fc8e015c43e24339c192a8d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ea85.TMP

Filesize
107KB

MD5
1f17e2a340e78711187b5dddecb878c8

SHA1
7bca0574f4f49200220526c3fdcc9bfa06be12cd

SHA256
2bf3b3870c08c8f5691ec6497d8b46fee0d12e4582cbe154d6f3238e1880e602

SHA512
d60f5a95c9f30a1818325aa982c6bbe602eb6663c0f22a7b6b6b8b55f13d41a5c0924818ba23ae3e4baa433c2ac90e25865003cada7b71d954a90019b53ba73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\FilterKeysSetter_1.0.zip

Filesize
87KB

MD5
3c9a5fd6fefc4cfe8ac417a03f4fdc5c

SHA1
8818c462da91544e438f387e3e1760df255e4083

SHA256
27887ad382ca0fcaeffb76fe966901e2702c5cf0822b01ffe4efb9e341f785e3

SHA512
aabf7ee6016bf7e2f7b75f833e633a6c51621c173f1865e55e2279f6d87828fa48e28bab9fab3725ba3ead5e337bcc770699c3cc040b8576978ae731487e6303

Download Submit