kutaki | hxxp://mahamanthralayam[.]com/[.]well-known/acme-challenge/set[.]html

Analysis

max time kernel
60s
max time network
73s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
09-11-2023 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mahamanthralayam.com/.well-known/acme-challenge/set.html

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

Processes:

INF_NEFT_20231109.cmd

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdlkngfk.exe	INF_NEFT_20231109.cmd
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdlkngfk.exe	INF_NEFT_20231109.cmd

Executes dropped EXE 1 IoCs

Processes:

xdlkngfk.exe

pid	Process
3204	xdlkngfk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133439736122102334"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid	Process
4788	chrome.exe
4788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

INF_NEFT_20231109.cmdxdlkngfk.exe

pid	Process
596	INF_NEFT_20231109.cmd
596	INF_NEFT_20231109.cmd
596	INF_NEFT_20231109.cmd
3204	xdlkngfk.exe
3204	xdlkngfk.exe
3204	xdlkngfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 4788 wrote to memory of 4732	4788	chrome.exe	70
PID 4788 wrote to memory of 4732	4788	chrome.exe	70
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4416	4788	chrome.exe	76
PID 4788 wrote to memory of 4208	4788	chrome.exe	72
PID 4788 wrote to memory of 4208	4788	chrome.exe	72
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73
PID 4788 wrote to memory of 3104	4788	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mahamanthralayam.com/.well-known/acme-challenge/set.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3c359758,0x7ffb3c359768,0x7ffb3c359778
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2668 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2656 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1844,i,3053021475774749260,17859343623873377180,131072 /prefetch:8
  2⤵
  PID:3492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Temp2_INF_NEFT_20231109.zip\INF_NEFT_20231109.cmd
"C:\Users\Admin\AppData\Local\Temp\Temp2_INF_NEFT_20231109.zip\INF_NEFT_20231109.cmd"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:596
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4088
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdlkngfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdlkngfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d624a8b753e0b761c1d68038fc031909

SHA1
833af95d07488c48c984a08048e9e53733bc7a8b

SHA256
2b1fa7e3e8bb12e5118422467af6c232483ab49829fda49b2ea53005b476b10e

SHA512
b032ff58ec5c8e93a522780d688fbbfcd948f56cb3f398fe66f70100661f381414fd3f59d82f4dc7ce81a0d1c8c39f1bdb8a8fe94ec2de07340a19bdf8898dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb1941273257f9afaf10f575634f30f1

SHA1
3f3c92dd16719b68f3628d719ec9e9f8cb78d5b2

SHA256
1763a0023b4e318a8cc5dfe0d5ab603ba0bf3d1db92bcdac0e1c82758c1d99c7

SHA512
aea7b4d22008b94a03b7c57e76984dbeff62966960faeac9fb4e8a930bb9abfe53ebda759ae82d7e09e20b819b95f18721c99ac824db8cb5340cc955f34e8f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
aba6cc3efb04fbd90a7a0f8b83d9a7ad

SHA1
d5caebe9f7808d5aa4fde6aa398d517cdb33dab0

SHA256
c61db510b93c4f015a6be90f7072cac0c15083794020cc64e43c52707437c76f

SHA512
47de30703bf1e5fd4be79cc20c998bf0e5d471cce858454aafc82d63b6c6e018e603dec58e1f1cbc3552f59b491fded87fcdcd6d53b2259fe0dfd30f62e2d890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdlkngfk.exe

Filesize
3.0MB

MD5
344c418bcf8858a42dfa36ac4144b1da

SHA1
71f4413340076f0b94a425f942eb2eda2788a12e

SHA256
42ad2feffba66cb55b1ecc62929ce244c25d8f53db277a763cce09e6c36fea42

SHA512
aa652b8c71af0c5b3118d469ec82ff16de6f6044d33c66de602bd78cb70f4abc9d4f0535b83a7198015b2e4ad6b8be41f3156fcc57ec3481debb551ab0750132

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdlkngfk.exe

Filesize
3.0MB

MD5
344c418bcf8858a42dfa36ac4144b1da

SHA1
71f4413340076f0b94a425f942eb2eda2788a12e

SHA256
42ad2feffba66cb55b1ecc62929ce244c25d8f53db277a763cce09e6c36fea42

SHA512
aa652b8c71af0c5b3118d469ec82ff16de6f6044d33c66de602bd78cb70f4abc9d4f0535b83a7198015b2e4ad6b8be41f3156fcc57ec3481debb551ab0750132

Download Submit
C:\Users\Admin\Downloads\INF_NEFT_20231109.zip

Filesize
2.1MB

MD5
c6424920411c813828d36e6c9fb76212

SHA1
dbdbd44ae0184458e4427e21af1a2e36b1d2047f

SHA256
c0358e8666c3e61d72f7aee96caaadcff558c70698708d259e065fd22e34559d

SHA512
e98b4d85dabcdf32db9287cf53aaa33db6f114282a6ba55d20afeba938e6a54b55d61d2f87f1e3656b111fcad923890f580ca4994cfcb0f1e28c19c402dde832

Download Submit
\??\pipe\crashpad_4788_GPYTYOKEACARPMUK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit