kutaki | hxxp://amphiglobaltech[.]com/appl

Analysis

max time kernel
388s
max time network
384s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2023 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://amphiglobaltech.com/appl

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133385625171743960"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 5c003100000000002757f1611000484446435f437e310000440009000400efbe2757f1612757f1612e0000001d3102000000090000000000000000000000000000003feaae0048004400460043005f0043006f0070007900000018000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "5"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000008fca13854fdcd9012218b5fa57dcd90185b1aa1285e1d90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4172	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeRestorePrivilege	524	7zG.exe
Token: 35	524	7zG.exe
Token: SeSecurityPrivilege	524	7zG.exe
Token: SeSecurityPrivilege	524	7zG.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
524	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4652	5048	chrome.exe	24
PID 5048 wrote to memory of 4652	5048	chrome.exe	24
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 4260	5048	chrome.exe	88
PID 5048 wrote to memory of 2240	5048	chrome.exe	87
PID 5048 wrote to memory of 2240	5048	chrome.exe	87
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89
PID 5048 wrote to memory of 2212	5048	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://amphiglobaltech.com/appl
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb60fb9758,0x7ffb60fb9768,0x7ffb60fb9778
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2296 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2424 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3104 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5564 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5320 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4660 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5992 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 --field-trial-handle=1928,i,15134793812907905592,18025112319558276253,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:832

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HDFC_Copy\" -spe -an -ai#7zMap23296:80:7zEvent326
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:524

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\HDFC_Copy\HDFC_Copy.bat"
1⤵
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
89d6fe55ee7b3d2324c954196fb60c2b

SHA1
3bc698127c58ba1d51f84950f1a681019793facc

SHA256
3adf9be8f0cad925f5b3a791884b8135f7f8e7965d886b4266370b7cd756e4d1

SHA512
d2b4cb18e45c716426ae9e44c3b279ecaef1fb855c5a0cb2efe6054388564708b890f1b98a07f0dff313c18f017929b02b938e23beabf61491e83abc0c57819d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
02d3bf2f0a377acb2f34d9835fb33f74

SHA1
72fb5e1905bca26242342703bc87b73a3b70622a

SHA256
0bee1bbe8ac43bc7f68b4f170be68d741828a6efa24e3f038da5534f499cafa6

SHA512
e94c7ad211a664e0451897cd5dcb1f608b1f9b6e8a268dd92b54cce37e0c5a2a95861f1a6ef112ac2ba4086f2406e3822364e3b6179c15ce6b7f24df9ef4d3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
da7f3986481bcca1d6fe348c58d8c869

SHA1
809527b8eaba244ceb111aca7450ddc0a3b5a050

SHA256
f1b33297d8a2c2edf16435e54b58e7d5488ea5fab7ba1b4254e7e26088437c99

SHA512
50ee9cd617226882e936289edf504334229ac1248aa3dcacadae98d499942435fffd21327780349154541af3a58b493d6c43ab0c38e2777070338a2a17347fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ec31a2210088e6f6a44e7bbedd40f314

SHA1
1c14362d0e80e613d5d4b94a21d24c9f85949fca

SHA256
ac85ea0287c19426d90adbe3ec9282ec6fa2f315e3c4398aa0d4cbbb84d8d5a4

SHA512
40e616e4f39326cc7b671d836b0d2360d754b889507f6f05ceab68eba4d657f8c333cd230f83cbf0100ee1000777e3c6b8b0cba66911a252d2a38a2b14fc4e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b9a4c7e2c3abf5186966a81734ecf24d

SHA1
b5319bd9d26247746731596d79f67c6ec0957ece

SHA256
27de60a2aa0e7bd50add85a9ea7da13ab08d7d7e340801d24b470d52caea40ba

SHA512
d3f65f460d5e028ec628543c788f87e986eb1f9b3ce839cbd9084eb28a5eef44f05aec1d0714f5d7768038ef8cfc6c1b254266f603f6464be837792bdb530854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
35be23da045d741adabde947ed8c3106

SHA1
fd581ee9d4373b28f1f8a74871a665abeb076dc3

SHA256
2c98f347806306d51328fd1fd3425ca7eb2c326ab93ed755a9dbc67c5627c704

SHA512
fa842b70224fb5530c72f3cd2fd3de4e02cddcfc521f392946b3be4d0626fa45e3c633dd967869126fc3242577dd6f98d510a038d566d81a2ac723d528057531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
a9e9344f251a4c96420617d52f7bd812

SHA1
77ba09c98ae3dc791ced5dd8559f228a2a3da37a

SHA256
de085f9fbf39078f94ca9a008535e9de2591553d6b51054f6a58b75ba964f752

SHA512
5b2cccc19c15f5c967d628b7f642c9762637129a91cc0582217aa6e95c3ee72b5c77c3e1b963106c7db6024a3aed1eaff9545ae2769c76ca58266e01bcfd6f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9f1d27bc58535d85ebf48e8bc4a774e

SHA1
222920a7623110c698dd051bb9b42a996bb04aee

SHA256
f9cfe6102a0e93480f3b166baeba841e50bb233f317f1012bd95fd8fc644bf6d

SHA512
6afe3de463057cebf5c7824151a7c575ddf81a19a15482c08f97d846c5456c62a834e2fcafa24b12b9edafb5612582c3c82deb12d93bb8f642331c3eb79f2e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
047423c9a61616a0ff8b79be0a835323

SHA1
cbc81be1229671ffc547e044965038f5ae32d589

SHA256
2e70736b829a1813638e853adcb667787e5d5160015cac5ab0a652c630e5561b

SHA512
8f6e6f74d5df0b8b8b3d3f2a096675ca2176259d185fce8e399e3d5500234502568d4c8146ec299a07e065b34ba28e1b97f9ea658d6eda5620ea46f64c52d2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
af59cdf4de5af2e07804c50edd3b019a

SHA1
042355cd6c3454a763e55faf572de50c912524f1

SHA256
15447cccfa9ed828eeaecb9b1a7152171bbdcef7ae4841d13953cd22c0d82f36

SHA512
f1bad6a48ba48bf2379274bdf39c1714e1b581c2673571f69ae5a37dadeaccb47cd6fdebcb10072b5deed032724c560103a6b8dc950743293f12246dfc1aede0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
225d3e7823709ce5d8aca8af6f1d3ffd

SHA1
f4652040e74bce4abc5156a31d19cab7286dcf78

SHA256
4c737af4abebcad041265076315d07ed2844d0b93db96210bab61819e70cdcb3

SHA512
987a3413e2b78a26a04da93c947605d3e12dc6caa065d86c30640664477c78def5ad89dfff5a9cbb95653c4b57b32ca02231df777f53a85fd442c36aeeadb897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
921045426380b4dcbb6c3602048c6b98

SHA1
5abb92b07e8d15e70461faa1e9a0851140ce83fc

SHA256
cbbc40400113d1b9749461e0a87fe6daf44ad021d303026c5e0795ae841f9f63

SHA512
fa8b3c1c97f7675e98588053afde1b84767888f7d2af5c9a7191b809a83cf3608e50665f063f5f61396bd4351cb994d24f3546a7371af43c35476553451c4870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6b11d971bb10471ccb90b8b8b1a8ea2f

SHA1
15f153f300083ef91cd42fd294010cdd723f3579

SHA256
1c33343ddba259a055a44f65b0ecc5e756c1a75a7baa984b44621c6ea3e9c942

SHA512
c15e505b48bee77e97a251c69c2f66fabd3e99da279eadee3a99114ad7a6f9bc3f7677009eeb36063f3156c36599c12eecbe09b6b0617d49ba641f3cd1b206cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58895f.TMP

Filesize
48B

MD5
fc6d891bb5c9cc71eee844792704f69a

SHA1
554999c8267d4bd40091ce8f270374ea4a61ac6a

SHA256
98deb33354565352ecae8c4fd9b7e18a6384a36c1e75215c71c5860019338dd3

SHA512
a5d487e92bcb17d52ffa051007e3787e7e7af6942732aa5e64671f4579033f1091432bc53c69401241e555517cf6d5b189cb4ae26198807054937a1cc1391be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
0d52e47b72af17ecda061f0619f0fd4c

SHA1
f55dc41f94a1433dd5b5d1964d0c1d58de94e591

SHA256
146872c73b33b0ce69c7b619c134fc39b122ca6e7d6895f82741d2ce0d12a474

SHA512
4a40200bffba09e948a46e122d8a9dda64b862a6269c8300b285a3f1308601adbf00730c6c14bdfb6f1ee41d1ef1d65c48e28b8a20affbe3cdcfe351e14231a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
dde4301383eeb20b24c50be1a7cda52e

SHA1
eb6aff289d1fe2a26850e3590392b513fd007392

SHA256
86761cf2d8fc518d03ee6982570466800a5dcdb40e932bf2969e1ab988f7b3cd

SHA512
676b2d67c7f62d7271a56288c494d7361b4ead23e419345b45a37ed64bfd4d29b07e445e0a8084e8a81cbb321173e03c848896c97dbfc786ff38c79eec6f98bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\HDFC_Copy.zip

Filesize
2.1MB

MD5
d815f131ec754c4e872358a0fc8f175a

SHA1
3d8298dda7cee2d318926cdce1f153bb704c26e4

SHA256
8077016cb0e6290e1132887f46763062fead26b3b8ad1ae845511d0e65670181

SHA512
e27db2e829597af7b3d9786e754902b98b0914ee8c93cbe3709a781ffe8410d22e1b5ebddbadca1581c3edacc3f36bb130f5cfb8041cdd88fa110441212c4df4

Download Submit
C:\Users\Admin\Downloads\HDFC_Copy.zip.crdownload

Filesize
2.1MB

MD5
d815f131ec754c4e872358a0fc8f175a

SHA1
3d8298dda7cee2d318926cdce1f153bb704c26e4

SHA256
8077016cb0e6290e1132887f46763062fead26b3b8ad1ae845511d0e65670181

SHA512
e27db2e829597af7b3d9786e754902b98b0914ee8c93cbe3709a781ffe8410d22e1b5ebddbadca1581c3edacc3f36bb130f5cfb8041cdd88fa110441212c4df4

Download Submit
C:\Users\Admin\Downloads\HDFC_Copy\HDFC_Copy.bat

Filesize
2.3MB

MD5
f69fee063def953ac8279c64841fee0b

SHA1
45d70ccdda374b1a88cb8f9bbef7e427a4fb8e77

SHA256
a9cd25eed4623fa4aff1724d5cfe10d8f289028d9e52251fe5ea0278773eb67b

SHA512
42144d3b3bd8245c85bebfd258f03b33a29ae53584d66d94f6c90c3967a38a49a81743df8c3284cff83fed736c0183f1d59a34cec6b3bf0bdb42fb053b2f2354

Download Submit