kutaki | hxxp://ugurbilgen[.]net/dhd

Analysis

max time kernel
600s
max time network
596s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2023 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ugurbilgen.net/dhd

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 4 IoCs

Processes:

Inv No 47203.batInv No 47203.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe	Inv No 47203.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe	Inv No 47203.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe	Inv No 47203.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe	Inv No 47203.bat

Executes dropped EXE 2 IoCs

Processes:

vpnnwsfk.exevpnnwsfk.exe

pid process

2108 vpnnwsfk.exe
2716 vpnnwsfk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2108	vpnnwsfk.exe
2716	vpnnwsfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2384 taskkill.exe

pid	process
2384	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409277867738107"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4724 chrome.exe
4724 chrome.exe
1888 chrome.exe
1888 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe

pid	process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exe

pid	process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

Inv No 47203.batvpnnwsfk.exeInv No 47203.batvpnnwsfk.exe

pid	process
3152	Inv No 47203.bat
3152	Inv No 47203.bat
3152	Inv No 47203.bat
2108	vpnnwsfk.exe
2108	vpnnwsfk.exe
2108	vpnnwsfk.exe
1108	Inv No 47203.bat
1108	Inv No 47203.bat
1108	Inv No 47203.bat
2716	vpnnwsfk.exe
2716	vpnnwsfk.exe
2716	vpnnwsfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4724 wrote to memory of 1100	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1100	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 1616	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 3028	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 3028	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4044	4724	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ugurbilgen.net/dhd
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa44169758,0x7ffa44169768,0x7ffa44169778
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5556 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2980 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5668 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4860 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3020 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3624 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5036 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5432 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6100 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4948 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5880 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=748 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5160 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=748 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2808 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5100 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5048 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 --field-trial-handle=1844,i,17942401402033126930,15879438211943823425,131072 /prefetch:8
  2⤵
  PID:1840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Temp1_Inv No 47203.zip\Inv No 47203.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Inv No 47203.zip\Inv No 47203.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:3152
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3536
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2108

C:\Users\Admin\AppData\Local\Temp\Temp1_Inv No 47203.zip\Inv No 47203.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Inv No 47203.zip\Inv No 47203.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:1108
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:1888
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im vpnnwsfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:2384
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
71KB

MD5
70b98903b339570c809a9c17f55fd60f

SHA1
dcc39900af9c23b2fc542b789496c885231d3830

SHA256
9caea7a90c5b122744f5d70b912d3a6a86c6df680b132016f915331b42ef0bd1

SHA512
8de9fe6ba23327e4ee7f0d20b03bb21bff0400000d78ad812c6c541f8abc8c6eb0436fdaa335c796978122ed1afb10ade52298acc618577fa6585c33c15a6952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
42KB

MD5
eed13e0404f75114261f93a8418ff234

SHA1
fb3e43f5cb48a0f926ae2eeeea16b91af408642e

SHA256
2fc3edcb175bd0f7dfb95d67a7c7b5f20e93e11d3b488e983536c9e52cc6649a

SHA512
9dcab9ad574115e7c3592f4c15b92775c46ec5d1e19a3aa2dbd327e14ce326ee9ac8b573e00f3a1e2dea980abdbaaf9eaba70e92ff7c8aebf4f26eebae71cc05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
145KB

MD5
b692a5ec0bbe28b36076a86330f23e23

SHA1
ed59107df6aea7186a39585f93fd633ef10219ba

SHA256
12a717367af287b090030c6136c673990ea4366c7a76eb7161e17f3b2ef0733a

SHA512
eec1bebf899d67205d7b4bb206e9434fea1379665f7c31c55e099a331ad5f33669fb0ce4b31444798f8d3268a6b472f6a725257daae50c0d82b96c46fdf7b968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
90KB

MD5
9cabf7f1b4cedb0b2014b08af077c2f4

SHA1
2754934cdd7af3787e7357e5ed2194947d3b1847

SHA256
4168b1e05f0cfe3949190cbeda35343ee0d92092b913649194fde3ece66a69ca

SHA512
2b7318ded7d2ea579e435beb82121e976b2a1e921adc24de58cf03a4fe136be4d8632919488629a9468365209da5a33284a2c857796fc711e236b891bf7a6f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1.1MB

MD5
c40c2d70cb818beba2505dd47d637a40

SHA1
12adb1b747f6e7f83ba4043ea8d71aa65908d779

SHA256
6b835e9a15e4177bb0821da002026ef578b89bc71e520afedf081df11ed38afc

SHA512
3339cca62a5cef5b596f67d8fe84ee54479ef438b285bd27846961f5a3c660a62d0acd0651a6650acc2d034b9f42369322744d5584fd4e97feb81f9a833f3ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b6e94f3977affe203f93309471ad29f5

SHA1
9e40de0a3806ccf71702712ab88b1c10948e418f

SHA256
74a47c12d10648a36364c588baa8e40a5899ba3a1dfab2ed977e899b06810c19

SHA512
121d66f30c9ca4714f8d5a454c39829d3a03495b299ffd6fe8a18fd27bd9a503270d96e7b1320a2d97c91e24b3621b6ac30400b06355c5223b948279c6f0553d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d706e54bedb2b9e3eb5db416bd63ff3

SHA1
407f7a00cb52f78b7c4c90463ab3a1f17d0754ab

SHA256
4a21727df49a318e5b9249036fb8b472d11f53348f7b5b5506d3fefbdd30365e

SHA512
7a853340f58ea5626a693de092b9905455d18d8a1160a9e6258244a3216a4cf047a099cebe8ad35672732343d5c44ab0ad2790788567b4f0bb15c201123eb3a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c8afef58922c35efaff043b95209aca3

SHA1
4229e27d18d98b8fd1400a3b03c6ae77259aea26

SHA256
68d9f4180cd0d3e3ac62f9f3451cc41e84aeb54868bd2c39e7b0dda63d2b0915

SHA512
bf0f17343a744752fe841c9829e55e11144ad3ca6fcdb353688b9169160a64e396ffe304dba0c01b11fed8818a9de1424325916b93b03f05bb78912ed62f7ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c59c03f67343c56168e388f6e7dae375

SHA1
ff0061e90721df5ed90df2a87a96ea09556b57cc

SHA256
ffcb63536f2ee1acb653cc41e84373ca3ed4d4c095f028161a41b075b4c06882

SHA512
bd422aa86beba385fa20606990ead4561795b201dad40c5a1cfb8c1bc407ce44e291bc5d0ece27bc3d508278ddf9b3e9c0889c1212e5f70121339e6f829a04e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
552890a443225617309cec1e334f9dcd

SHA1
2f6a41ab01fda0a54771d428ec80adf4fa7f51e8

SHA256
65d18cc7bdce5a7eca577433e01c90796155903c58a91466406ebc0a5605e4be

SHA512
3a84f65ce8e299e3cf4a4544c8cbd3321cdbad0d909f1a453e123b91abcbbaf3a8deb59fd57594ec2133155f624176101eb5ada7acffcce3d52c568c742a1feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
03100291e3b4ed8c5213a33648f58cc4

SHA1
c3992b42780f8f6c369bf4a5006a2a9923a03655

SHA256
447f5daeef80ac66185a4a22ebc3f43aadc249cc66ed9a95cad924b4f1e61644

SHA512
4c7df02f3b8c3039dd6506819c692314d22386ad2c403df5f020ba6dbaabb393f309f3cfe577f6c51212f52ecec91407391d3139df4c08940feeee3d33b5c2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b47d2700dd1731b8be333e0cdfe94240

SHA1
d84ae8165e907334b1f53625166331f3696513fc

SHA256
58b3dc225c12cd684551a634fee53c024d2150f59ad81204674672d39f4472ed

SHA512
5ad95e990ebf2d1c13f4b21c88b70b8a676d6bffa5b717e41118b77d032d207cf57bf35520aa37c5029d152a4baee76c2c435162de32de20af593610b9038bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d6eca9bb3b1decef402697d89281fa74

SHA1
cded2dc996783ebd68411dcf821cbc784c0a4055

SHA256
f8e51ae8c3d3d19f1af2643d10711ee26cd2aa8f91047f800fa3ba6140193f84

SHA512
d5f87719d7d82696748a1d7482ae109624c3b4e4cf13b02d89dc2c56a94aa7ece5fcaa579b1387101ae1cc5d1708485d1cd58411d997b92b8fb26b13ebb0930e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2efcba0dae3d1a5c58adc96fc5a2a193

SHA1
a20391c1ea6e3bd67916fb953cd3dda3799c5dd0

SHA256
904f0a889e5f2ed21e3d3bf5fedb3bdf331643e4a1a19154f8a1a3010deacbbb

SHA512
b542a0990138d37c20941d8d7ce9bdb37bd3f2e47e76f3465aabbd1f5fe5cb0f22157748fe085569fbf23a62f8feb8d755532ae7d8af326b35404d6a63725644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
82c5fa76185bc8828b2d71c617b0dff7

SHA1
d74f06545a5e276bc57453afd5516edcf70dbbb1

SHA256
e8ab605fddeffe85bdf7e392c14c0b033931e1896dec69f34ad2ce06d678678c

SHA512
2e5779ac30bf3be130f1ac06bcce70784af7a9c27826b9ab45aa2a17c586e3ff95499b94414139d6f00a2f80be3dda1b275a89324d2c71646c861e7d6e7680ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
020f9ecadd3c50661c4e1e33b10610ff

SHA1
11ad2e75bbc51843dc33e093dd5e4e45e7054d86

SHA256
1d1dc927f28b5d225541b83c8c5951444cf471cbb172527c1a285f90ada16d75

SHA512
8079ef40c96b4d224824c7c9bcd378c49efa94cfbc4d7a1c1ef460e5fcbaf1f76c15176848186a010bad137a257ce186290411d96eb3f9971cac81b57488f2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28128b8f7ca44b7283615816c1760480

SHA1
c95ceade498449db576e961352ffec2017ea3039

SHA256
1a6c4a887acee6bd24e3e3c98f91f57490d44ba72f149d1808d2f6a15c002dfb

SHA512
f9dab604231e1436187523107a00f20a046a5e981216bf59ba03ea6699a4398936d076689fe5cb5f2a881e3682a18a11c93aa183226dee81f63b10a81116b69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
346637b9b535a695857a4425cc9d3145

SHA1
52eba0902a055a86095c170b82b2020079f0613d

SHA256
195a722b5580eb8d4ed326f193f5c83304a723915d5ada968245751f13cb323a

SHA512
5ee595785cc8dcb7ef4bcf9827988e720708f283b9d2124a8c51d7e61dab69b30690ef72027cf857894a5c527c7f10a43d9c4ba9b7ffd5425d8d29c1f0d74acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ac41acabd4874f52aace71fc7e41c59c

SHA1
55300343efc51f3cc1ebcad30946c884fd298006

SHA256
2f251952ba60077e7e915c7ced2739ba4153a8049309949d94d72ecb54df5dbe

SHA512
d9834e18e129670a9dcb300306d28c44a6465222c9b4fc9717ae7e61d188e9dbb4c076b4dbd8d888019eb12de75cf6eb4cd1aa21b6974d4ee5cfdb441d50c61e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
df081d53d0d946a97c134a724c0a74e1

SHA1
4bb5e5aa95b7a97cac119679b5ef4610ef585376

SHA256
8ccab1dd2067cbbfc086165847d772c6cd6137465ea03738e72556ad0817c857

SHA512
243a94a2f11ad0ca1c670191879b2d1e89cac4514e0f99d219348378345c536437d3df3e6f95a3a33254525a9ff0c7eddd8197d04f4f4fad5f663e52b2dc57be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e74848b7c4c85af1c6146b47c5a8fece

SHA1
a04200cf6e7023f3ccc1bc3331b32d43c2c08b9d

SHA256
d03a0a3e338e48bb395e1f9d525e443b376eea3ccbc2cae120a67d88cca84097

SHA512
b397d931223ffd8ffb43da3b9bd2b8f3637b411af601d1db20e1de0d3bb3e9f9f0effa96b0e623fac833c1b26d8db1021fe6b4d26cd1b5680ae24dfa83d6c4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cc1777c20d87e3f6dcb3fd8372cbae4c

SHA1
e7d28659f09e3a32700801fa915e60f0d159648a

SHA256
8a8378c0662272fdfe2281c2f47d896befb9de2d91b5ac00b974901650674eba

SHA512
4addcecb278c7531adef68ce1095e14f34d726dd46e916e5d8ec9811785594b7fe03e1022928f2b5c01107acd325c5fea06d74cf3cdc680125f0541c8d8cca03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d5edc327d484c6bb6e03be275668a192

SHA1
e416d74572019a55e41f6bc109f6ffd8f4d28774

SHA256
5ff2807ec1500194974fa0f9496c038f2259b36a8a762946a661645bc28cbb07

SHA512
8cc7b7dedb9bac00bd33c812bf4d0dd6d6759b088acc7a3870f2b3073f3a9c3d6d17aa60e43ea69ccd6eb9d67e1e46d074ef75a79ea796587a10262e52bbfdfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0620ca43f8fb70e390dc481190c3c0cd

SHA1
e2d77812f53724ee8e6f4c330d4a8adee63fb730

SHA256
86b236c78a8148e2d2ac3b655ed33d4d64316ee31b55fa286dfa56575e2044cd

SHA512
6563d998c3f5cf876ed89f3f48ba174a333e57303844d230d278050a67463239e91224609c1942bd464f1a7534f9d885922b3d4a63fa2513b8965b8c789645cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c98217d6acf5909122454b73f365787

SHA1
6ced1744ef023b331d8155990531bcfabd8161b7

SHA256
902f4fc183ab4ebd549bbf7185881f357da15a91afaf413ad8c9c156879f9962

SHA512
a28d4aceaae156a31046655365d8137128bfbd6918b8a7bfe6b7f63d64ebedf13aa3114c84e57564d51b4c914a09fe4a3a41ead4883c9f0db68a92b37680ad9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\27a284d3-53c5-4ef2-8e86-6f2abf9d68de\index-dir\the-real-index

Filesize
480B

MD5
72849223cc22bdfabb2eae61d3f70bad

SHA1
3c97c1d85d4022af70639a560329dd76268a3f1a

SHA256
769c4b44e7072194e10541d4c8087fa8a5285b774f8ac482e6d5a51ddee17c59

SHA512
09aeb0fdcee694a047b2f7a14d52a6b6d5c83be4d61662b55a7fa34ec64489bc6cd573a587d236d37931f0b51835758ca67ef7f42e25a63e9352fe16c7f3c7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\27a284d3-53c5-4ef2-8e86-6f2abf9d68de\index-dir\the-real-index~RFe5a8b88.TMP

Filesize
48B

MD5
f51d28e8f42fe25b54d52720594f2c34

SHA1
735c203e45d51ba5a989977c338394fdb2bee601

SHA256
e68abe5787cb17cf28395a40a584cfbdc075b0edf5ebaf6f6eb40af0bc63db4e

SHA512
5f8d92dbb32bdc715f3a739255e54c715da62d9cd2bb123fc27a37f629ce4326133e1d091cc1008ae2b606938e31ca48493ab25a7745be5c05be9a98fe3757c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
124B

MD5
b3b4146ab25dadf2304bbc64d1ebe613

SHA1
2fbded00ca6c942e7e3abdbee260be9c26cc0efe

SHA256
9d97e54c2d62777c6e5c0a88b6ecae350a9cb61e19bef57f05fe9a69d0d42e89

SHA512
852240a493b8975fcf875e76d520caeeb3aaea80d7e628c6c892cf7b3f780c54295e3ca56c1391eb9a82ea5ad0095b56f21d078d57a9af3797f7337a9f66dada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5a8bb7.TMP

Filesize
128B

MD5
78d578f3f1723a7d6537f041e70bcee6

SHA1
3a09a4d620cdcb4b34f473b0a91d4e1bef26ab14

SHA256
723aaab911151fafe7d5cbb7a1d86ec10d61383bff317358a7b3df8b369ba399

SHA512
0a3e7d26d6e70a65cbeffd172b7489006327553b7ab91645a9a3ea42dace3ae9cc9bd57be3cc0d19c56961c959d66bd6326cd1d2ba3fa754ecbf9607360bd209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9222427866eab0cfa16f3bcb9e226360

SHA1
aab1fbd0bd60831ce347c7415931b0451c4fc777

SHA256
ae7cf551a1727a54989ef597aa7babc5ac325b7ade3463d487c44b734213fce8

SHA512
c736b50ead61142eafb6c839bc41721b6f81da282b356e9c79d310ee5012e5a01d0ea3eb20bc20e5b34c5fe0c8ed8cac4ca3ff036f3534f403bef4acffd76e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d43694c1c5e1e0826cfc40710caf82ea

SHA1
c1bbfa2670fb02b2310fdfe69f4661ef4aed1710

SHA256
6b0e8d71314b3f78570b2ec6436c5a7f7e120f9aef1d14fc2b795a347d95dd6c

SHA512
edf22f50a7c4bf21fb00607014e5a4e03e1bc87ca431a6156e83e761b842e6c5d13c39e620769eafd74f25d44d5964c661c34e40bab11c900263311fe2d2efd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589b70.TMP

Filesize
48B

MD5
8deaa5e615e0126a2e95d51a735f42a4

SHA1
a6b7c2d11aff886b3808616d262578f1b4f21771

SHA256
8c08488b954acef0bb9d0807c5a395efb7146a7d9f9a33928c9eb9c008415d99

SHA512
0905365796c907c60091345d4ee468f6dca7eb9b11719593122469fe26897d84436d72c8be79e40a92a5399339e9c5d82c042d3f7da3175853f481afa05bbdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
cf6b452ffe636ca007f291bf30dda482

SHA1
1cc298934a29b43a6fdbaf9e7926bcb76466e993

SHA256
fbc1fa545192258d91ef2837389e80c7e482c26076af48a0ab239faac9b57f73

SHA512
38bcd011aeb839091c11c153cd74fb8dbc9c611787b14ddf41c601f828614434d775db7df7ee36eb0342b5b36d1f90c119b98504042ff0a647787ba3ac13a958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
6ace77116b90e8363bee86088f47ddbf

SHA1
331ea7b2573ab9dee3dd1af42780ed394643bb66

SHA256
4d5d5eff172dd9beac5464501d065cf1d7ee558b7150c81a7ab971bf715d03fe

SHA512
30bd61004a9fb7dc56694467a854e1559506ca22c7e04ce99bdc563699f6a702be583c25af2095add52cb47948020fbd7fc438a0315dd682b38fdd47358dd9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4f3ba9429801453a2ce813f5abe883a5

SHA1
50ccb2aa508f2bf035589a7777aeafcbf97f9551

SHA256
de7f4b13ec7a8e9c0e81b51766075e69c794495b203601c4c2a0f1739a1ab26b

SHA512
fcc303889c1a3a88d022532af4b4a02f63ab50c3ae5702a03d6b6c6609dc479fb5ca23286a2745302a00cba8bb01f112553d34fd7dd4dc5cf1572a4ecddc5476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
1c0fcde268f5bdba47f487cc3a219cfb

SHA1
483ff0d430c1ed6e6910f802faf2bb5e3fe215ac

SHA256
34d5d75a8d130b55d24ab4bdc383607271a44c7e554956184ddf3555644a9f08

SHA512
027a8a077ed892cb9e77d3a46ba8895410312a926421af988a303183c54007c701e4de301ee5dbbb898d9eb0fcd9ac1c23583fed3b55236ba53786808ca3f06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
b23e6872244de340ceb32c0bc8bf0a5c

SHA1
e67cf3a157a6d17e1b120886465cfaac83f39ee3

SHA256
ecd98b34aeb7ce32db0ba018461c2f06fb3af6538a155db13fa33e6db11d2159

SHA512
09757af68c848e7c5e37fc0372c06879c9a12f4bc833c45f83d365f9aec4c7472206ab69bfb27a97b70402b7122d7c14f31537c7a144c7f38bdfd45957f3f4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
b17c88c539e6e488dacd1f7a451b52ae

SHA1
70416de55fa0788ae132fd7ec8542dea984351f5

SHA256
c230a7171262bb80164d859a3cd564967876e6fa1b8da26ec43d72ba03b3cad0

SHA512
015c095799356a017153d4c8affbc44429acdb4930bbc8944c7605e19193672447d05fa6a2db21edfece87bd8180442f8c9bee5cc4629404a2a714d01c846c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
02f6a2d44e30c6b48af566dc5974b759

SHA1
b943c83548ba18c0a5259f018b197eee9b7bb2d5

SHA256
9964ef3238e376c0fad3e2728e80d7f9b7436b17f50be28f32440e52c2a8d60e

SHA512
d9aa747916b0c174aea1f2b3b714aec32abd5a8c4b736373cc6e8179fdcb43dcf42ce66673de57d80ca8b878322fd36eeb8fc82c434871ccbfa79830ea52d105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fdd8.TMP

Filesize
97KB

MD5
5a718390956464fdb4ec20f2c2982908

SHA1
b8b7c37698e1e5dcc6dee970a72eb6ddf86422bd

SHA256
65e748f5c1bd93f2de11a2098c88824ff7e310da9c3f5f2a53b9801aae0b1543

SHA512
c997171c35068acf4eb7518b981e6d2bd6364bc322c7c89ca71f66c1eaefb06ff8f0d6eeffd64240232a55c0caaa1882b55dc0e954c55e7a44ad29c1a1168bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe

Filesize
2.6MB

MD5
2737ced4ae3dc08cc6ff893ceed24d95

SHA1
82b10a85a413c9a08cb2aa81d37f82d6a857dd3e

SHA256
aeafd2f9751ede8df60e985bc62c3833b8a31b47879ff4949b185e94206bddf7

SHA512
6aa73afcd972bdb813bd81a3f204dad030cc90a1e9abb7248546a4798a99d646f5f2c1b0e3a0066869b12899c7bea80dac60706567d1d27397a8580895cbfc23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe

Filesize
2.6MB

MD5
2737ced4ae3dc08cc6ff893ceed24d95

SHA1
82b10a85a413c9a08cb2aa81d37f82d6a857dd3e

SHA256
aeafd2f9751ede8df60e985bc62c3833b8a31b47879ff4949b185e94206bddf7

SHA512
6aa73afcd972bdb813bd81a3f204dad030cc90a1e9abb7248546a4798a99d646f5f2c1b0e3a0066869b12899c7bea80dac60706567d1d27397a8580895cbfc23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe

Filesize
2.6MB

MD5
2737ced4ae3dc08cc6ff893ceed24d95

SHA1
82b10a85a413c9a08cb2aa81d37f82d6a857dd3e

SHA256
aeafd2f9751ede8df60e985bc62c3833b8a31b47879ff4949b185e94206bddf7

SHA512
6aa73afcd972bdb813bd81a3f204dad030cc90a1e9abb7248546a4798a99d646f5f2c1b0e3a0066869b12899c7bea80dac60706567d1d27397a8580895cbfc23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vpnnwsfk.exe

Filesize
2.6MB

MD5
2737ced4ae3dc08cc6ff893ceed24d95

SHA1
82b10a85a413c9a08cb2aa81d37f82d6a857dd3e

SHA256
aeafd2f9751ede8df60e985bc62c3833b8a31b47879ff4949b185e94206bddf7

SHA512
6aa73afcd972bdb813bd81a3f204dad030cc90a1e9abb7248546a4798a99d646f5f2c1b0e3a0066869b12899c7bea80dac60706567d1d27397a8580895cbfc23

Download Submit
C:\Users\Admin\Downloads\Inv No 47203.zip.crdownload

Filesize
2.1MB

MD5
a4bf3182784a5b83c781f03da14ae43e

SHA1
f0d4172d15bc2f29f95b131d33ee4f709c87ab4e

SHA256
9b98035e504c0e753acb400ceadc03deb2eebaa7bf44525d27d46b365ab34a01

SHA512
0fb6e761c136e2e07b334cf0b8fd5b75945ff8d343316291b931124584089bafa82edd40c67ddf871941fa569a878d269dd50690fe681309b419f58cf24d395e

Download Submit
\??\pipe\crashpad_4724_ZMPSUHUXGZYDCNWL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit