kutaki | hxxp://raagamayuribuilders[.]in/kautgk

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2023 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://raagamayuribuilders.in/kautgk

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

Processes:

NEFT_Copy.bat

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inriuafk.exe	NEFT_Copy.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inriuafk.exe	NEFT_Copy.bat

Executes dropped EXE 1 IoCs

Processes:

inriuafk.exe

pid	Process
2972	inriuafk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379378748306982"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
4312	chrome.exe
4312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

NEFT_Copy.batinriuafk.exe

pid	Process
2872	NEFT_Copy.bat
2872	NEFT_Copy.bat
2872	NEFT_Copy.bat
2972	inriuafk.exe
2972	inriuafk.exe
2972	inriuafk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1500 wrote to memory of 3644	1500	chrome.exe	45
PID 1500 wrote to memory of 3644	1500	chrome.exe	45
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 1532	1500	chrome.exe	86
PID 1500 wrote to memory of 3536	1500	chrome.exe	87
PID 1500 wrote to memory of 3536	1500	chrome.exe	87
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88
PID 1500 wrote to memory of 4960	1500	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://raagamayuribuilders.in/kautgk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf239758,0x7ffdcf239768,0x7ffdcf239778
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 --field-trial-handle=1928,i,13334915035027607607,12222170397412127454,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT_Copy.zip\NEFT_Copy.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT_Copy.zip\NEFT_Copy.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:2872
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2304
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inriuafk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inriuafk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1009B

MD5
6885083051d92e8d6580a5b68d6f7284

SHA1
c8abe2d3f7fd18a4eb8d64acb65d924831c9aaec

SHA256
a46450967c23c2fa32b28d3110d9e08a99bfa23af1005908148a8c835cfaba23

SHA512
9ba317c95bf1ee0bfa5f1dcc67e0729cce0ff4cde0f05193488cd1335f8cb10b669e4881b7cfb84b367604bd8bb328f452d5eb3e3d29fafeb7896f95d4e968a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
435ff3d30404aa25658c1ae2ab630576

SHA1
1954bec0ecb60ec83bb38d6efa2dc49836b6121f

SHA256
474ed5a8922429bef3b2b5ba3277d870a19a1c70cb220c6f61ff0f2b7bf62843

SHA512
998cf2fcc5bc47f64a6aec9146e1c4c7d2159c48363fe6ceceb24bc175b070d31ddb6250c61b3e8b2ec8e0fcfd75f4b09198c5b2ca7ded15a18a9d6ad0ba2c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
563d033f2c82bd1749a22a833ebb8af8

SHA1
142cbeb9be22eecf9e1739fe0dca5bead39e68fb

SHA256
835b81d6ffdce6665c830f51b3f2e888b57436bf73e337ee94ed00529783fa14

SHA512
2a60eb93f18f535e774e53a3f88523535c87506ba8639a45af9fb3521cb7baff063c78914c63e9aa133cf4cd5499a82a47551b3deccc8203e672da21520b54c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
2cf3b2d0e0dc46c17f3f61726943b730

SHA1
9998920ae15e012849e08fe87a19894c3de3991a

SHA256
519fd820a58055ef31525d910fd60b01e1a04243a841dfb0cd42bd7d23b61445

SHA512
3a5bb61a67ff8141e6ba10b06ba22de325df13ce007221cd8b6fefd6fbb231f3c962c2b4d90ebae5e756a6d3912bb8eb4e0557eb78dc660d5fad5267aecce1a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
2dae63fa4037660383bdc591043a7697

SHA1
4712abc7bf12037e4c9f454c6a088911adda341f

SHA256
22ecfe910a15d81249fd06d8877eff8bc2b482820e667bfc733af78c7eecb92c

SHA512
c92a5f2b86b89bbe2439320557156399df09b9e72fc7228797820eb85f5e9e718e2b66ca6e3ae391bf979f309649404abfbd174266d427ade964602f680031fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b511385df30ba0a74f7cbcc251f980ca

SHA1
dde23e2ee2ff810c4f5c9c9df7f830a76bae29d2

SHA256
192b99b6eeee265e84a7b8ed6ce5bac4190db9dc0ae2a8cee3ea096b95ef2c8d

SHA512
a6743d8cc1bd2a84dca49eba03a9b90f8cbe31793b1d68246a76b637271cc0cb3d22594d1a24233ec153e247b7c67bb8a4f0612d580e57755a2a962459f4a563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
741e96d5f6577221ccc7142b6d0af5c6

SHA1
f6551b4e3f1b4684c33d74cdb0afbd1d1b0520d1

SHA256
c37d58c39889876d92c88436c257e7592e0d0e6a9dc6d40e74642508a6e67d66

SHA512
73580110fd5f0f4e54356ce959595b900e13f500357e4d153c5d93dbf6c0eb77e68d233f649d7e5238d6cd5fd343899c66ceb88450b814e34f82f808524902c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inriuafk.exe

Filesize
2.3MB

MD5
9c153ac25f02739019b04b0a8ce82c4b

SHA1
64136c4238d140a6fb1ec542744ff90aba5bac09

SHA256
83269040e4f510f11a327807b23dda45d98386676fc309e27b3eebd9cefa8416

SHA512
a7a9bb1eee5470bb4939d61df33c3840fe69e8503e792d474d7fa273f4c77dd42c84a8e6bdd78b3b157b7aadada401c903e46d3237fa5fcfa6f7b27c477bb4de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inriuafk.exe

Filesize
2.3MB

MD5
9c153ac25f02739019b04b0a8ce82c4b

SHA1
64136c4238d140a6fb1ec542744ff90aba5bac09

SHA256
83269040e4f510f11a327807b23dda45d98386676fc309e27b3eebd9cefa8416

SHA512
a7a9bb1eee5470bb4939d61df33c3840fe69e8503e792d474d7fa273f4c77dd42c84a8e6bdd78b3b157b7aadada401c903e46d3237fa5fcfa6f7b27c477bb4de

Download Submit
C:\Users\Admin\Downloads\NEFT_Copy.zip.crdownload

Filesize
2.1MB

MD5
d0f2c2de0407cefe7a24c8eb22237a61

SHA1
a46ba89e46a3d04fd9c919837441625ddaa4febe

SHA256
23d3f3b9c74b6707db237bdfa797d7425f18938614051ddb633712a42e7f3c96

SHA512
c59e010a958a1f714bd064592d6b0f26619b2efc879a1b8496d6132a598aa5edddec2e6537c34b1944893926f7664a989bf8df752f8bfffeabae4d3f7fbfb3e3

Download Submit
\??\pipe\crashpad_1500_IIZRIZUYDMNITQHO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit