kutaki | hxxp://doctor-fateev[.]ru/NEFT%20RECEIPT[.]zip

Analysis

max time kernel
200s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2023 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://doctor-fateev.ru/NEFT%20RECEIPT.zip

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 3 IoCs

Processes:

NEFT RECEIPT.batNEFT RECEIPT.bat

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe	NEFT RECEIPT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe	NEFT RECEIPT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe	NEFT RECEIPT.bat

Executes dropped EXE 4 IoCs

Processes:

NEFT RECEIPT.batzqxzlvfk.exeNEFT RECEIPT.batzqxzlvfk.exe

pid	Process
3420	NEFT RECEIPT.bat
452	zqxzlvfk.exe
1440	NEFT RECEIPT.bat
1728	zqxzlvfk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

Processes:

taskkill.exe

pid	Process
4116	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133458104077119388"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid	Process
2116	chrome.exe
2116	chrome.exe
788	chrome.exe
788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7zG.exe

description	pid	Process
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeRestorePrivilege	452	7zG.exe
Token: 35	452	7zG.exe
Token: SeSecurityPrivilege	452	7zG.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeSecurityPrivilege	452	7zG.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

chrome.exe7zG.exe7zG.exenotepad.exe

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
452	7zG.exe
2804	7zG.exe
4444	notepad.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

NEFT RECEIPT.batzqxzlvfk.exeNEFT RECEIPT.batzqxzlvfk.exe

pid	Process
3420	NEFT RECEIPT.bat
3420	NEFT RECEIPT.bat
3420	NEFT RECEIPT.bat
452	zqxzlvfk.exe
452	zqxzlvfk.exe
452	zqxzlvfk.exe
1440	NEFT RECEIPT.bat
1440	NEFT RECEIPT.bat
1440	NEFT RECEIPT.bat
1728	zqxzlvfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2116 wrote to memory of 2880	2116	chrome.exe	64
PID 2116 wrote to memory of 2880	2116	chrome.exe	64
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2864	2116	chrome.exe	89
PID 2116 wrote to memory of 2000	2116	chrome.exe	88
PID 2116 wrote to memory of 2000	2116	chrome.exe	88
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90
PID 2116 wrote to memory of 1340	2116	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://doctor-fateev.ru/NEFT%20RECEIPT.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f7f9758,0x7ffb1f7f9768,0x7ffb1f7f9778
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1108 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5268 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5500 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5636 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5536 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=940 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1028 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5892 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6040 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6108 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1868,i,3083604409794026339,6170481349485076761,131072 /prefetch:8
  2⤵
  PID:684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1128

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NEFT RECEIPT\" -ad -an -ai#7zMap7703:86:7zEvent5488
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:452

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NEFT RECEIPT\" -an -ai#7zMap7479:112:7zEvent15536
1⤵
- Suspicious use of FindShellTrayWindow
PID:2804

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4444

C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat
"C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat"
1⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3420
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:984
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:452

C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat
"C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat"
1⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4088
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im zqxzlvfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:4116
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8e1963d6-f68e-4df5-b71c-b920e73d11fd.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1011051dfd2bde8a13c387e5eafba604

SHA1
0f358ba7679fed7f37c2778b11a7eb9ff3c088b5

SHA256
1a2a9b0bf211fabd5f029636a8903d10f591ea27f2246691c3bc62ba16de6323

SHA512
3ccee873ca523e7a54153c1dd0cf4b640ded3b9d390b4b9d218a3fd56a88a5624af727408ea9f3d19e13fbc9cc7c3baea6d311795a28d7cb49668c19cfb91ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
715b5b6eec861f9ef1bb1dda55b92987

SHA1
e07f57f6b59da701b8a2cb0e938c65a7a45fcdec

SHA256
019f710341e2a5d9ed301bd383c0b1db6f49cb0c6f0dedeb407be69476833180

SHA512
ee02855998bb7fcd56ea052d5a7db50ded76a6fe66e732cb2484d9275129a3ed2606e4c7872f2ff6841b5e398ff8ad1ec05c7139c5971631797c2ba3e8bb8225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ab0c3253898d96a72a0f0a4b1250344c

SHA1
a22d1455e79d6ecf7a76d1c6670b4da7e5421d5e

SHA256
e728b55db04eec5eca89ebf703837840197d5a157584a8c20ad20c6d9393ecda

SHA512
1e8dc1893652b0aaab5c97249f8b6a1c45eca4b93bfce1e45a3ead6d05cd27f19b7c7f2399352a6e07da4570975b9ec42309c13e08e66b8581722e2b2c8c9131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5410b61f2aea5f4e6d94f380fc4cf132

SHA1
a7154790e4b2992ed200bcc79f796af12f7c89e1

SHA256
59008848b50f80b41740528eb5ff183c22af6fa9a6381c22ec6e5cc89aacf1a8

SHA512
68ab590a35cbdc9ae51844738c17011cf78c330619c351a7c5d642e00ca986d144a263dc12bf9445e2aaa1dd09c906505e6fea15133a5ae351369d94deea37f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ba57221bae07030684cb2ec4198ff9e9

SHA1
9c805187a8aeb0b33497bbc938bb08f6d78a5dae

SHA256
a381c4e48a6ac6bae1393eaeaf910d6ba1f8ffd557c7dc0d4123810b19e18846

SHA512
c33ba7b1c57bca369d26d727f876f619e64aedf7625dc657da169a4573ba67a77c95fd72ff53df66184499617b9985321bf56769905d4a613a89bed562eb5a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
020d991142a71f76a4e8e94e7a208608

SHA1
2a6fc8458d5939bb614ed9a2ec8322f01f964ec3

SHA256
b637778514d2a3e23b164be3b3e496b01cf1f9ab46dbc91bf51596846c5417d6

SHA512
01efc94aff128e99f1ee46bd5aa778a195ed273c8c4b6739915cd10917c4e8492683b758aa8022ac9601f3b2587e8bb7ac0352912d70aeba72267afe5b6777ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
2924a249e546d58c434f67b5fd394784

SHA1
9432127d3e45de448d90a6d76a888f2186957fdb

SHA256
7c3e36d1d7bda6e61d0ac78912508d217f9cbc46e00c6b112155ebec373b5999

SHA512
97595e487c3120ce925df9031befb43fcc3d0eff8019a8a41b0326e31dd5cd21ecf619e94ccf7e88d169042b664959c0b4b7bfb7147fa19f9394dcc7bf100b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e73153acd212d06ecad6516dc171f0b

SHA1
cdea32e25f673f4c0db89d4a76b4e00162bf79e2

SHA256
e6c7a23a432591c0e25acf85879d011162235e41f83f2dd05d86dcebb48a31fa

SHA512
6e0fbb81f2d8135474f69a325149359d8fd4d703430a463f816b71966e9c34f52a2d2f7b4427cde26372d846cd26f9d2c380b4111da8b76eed718d9e6756439a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
41c307e570455bc67281e4a3d83e50e6

SHA1
89cf6e284fb47492baaabbb1ea6c027a604f8fa0

SHA256
71cbd79fe39a3e17863a4ee1313ffadb4cedc51165c4e9efbcc7863a6e364c51

SHA512
c93639e794cd6742998e41865da5f1dae5ad57d6559fa4126c5c31de2a87b78f43c61235a6920a2004adf9d31e3f56b8d0d3e25c1ab8723c424433b208e87195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8538a55257c6614e9b385e6b6e933079

SHA1
417c6167aad0c61bddeeaa9bcd11f052e356aa13

SHA256
eab18cfe3d5aaaffa1b7f015789b176bbe256cae838aa7119c49888ebe496e93

SHA512
d26078cd0869c2428a73d0d4b459158d42d2159c9f848bc61ef689f6e75079e157c7298409fe10a72d81d2eeaacf7cb9c076f1abd601391c2c3efddc01cf96da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
84075d25d82f752316a8a097a8082e72

SHA1
9d651bae09f625e21c899080a72e37692b0463d7

SHA256
6092809415ea795ea1953edcd02de860a45fb7bd1b848123d08951bfd2948046

SHA512
f5891e877a5639be21aa5ec79bde3310672dae83cdac52e561a2e48956b48ef88d9a6e335f21ed7912faf89c82e1c273149045ad1e393fde243313891843af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c77767c63346f5c23d092d68a5d3b1b1

SHA1
64fe1ed30f2da4ff82aaed06785aa715f2e0b171

SHA256
69d4d71559fcbaca8546071a8b2abeb14417ce2c69ea2f04b336c67aabb7e072

SHA512
40596284866c38fb171b835d552e63a59850d87c1bdb28decd33023e4478824f5e2b261e67e5dc82083829178d601642f154122325a7b04678e3d9203577a513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
65c0977870dee313168266a0b2f7b5e8

SHA1
813a844b69b09f839a01aa960df4070c05d47cf5

SHA256
8a271379e6c76262060e2866d95eed3cbeb21ca1d56ec9cb0c0f9c315f6118f0

SHA512
3787ec5319be4a24a6226e036dd107bd14d9c511d75cd7767995605bea1b380dc026e96127896ef27f18f9f76d2a5f640db450be74800780eeed383ed1b67175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9370667db7d8811681530bdc81dc39bf

SHA1
d69407fc819da902d5298a25e9751ed56fe85b37

SHA256
7ff760f2af1156374fed9648721d40d302b3cdfcf83932286390b464492cac41

SHA512
fa3b090aab31f77a9f723ac4404d1a993da72627a43d1898e5b4f247f937a4e5b3d7645857dba30eaaba0725a89da422e1a40ade682a8075ecdf45426b35d226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9c5cdd0825b51783292e7cbd488cbaf3

SHA1
a5692824da628452e583fd20432f468db02a5038

SHA256
14d7b0d903d1775e19c40730df57189d2cfd869a199291cab73588a1567b500e

SHA512
208ebc230b2c9c253f7e2d62019f683ed1070b0e633c238b76019871ec63cb61a56aec37c439eba872eea72bc8b95d80f448ebf301689de2f295c76ce5297437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ab0a4.TMP

Filesize
48B

MD5
4750d0c57f5461bdbb35a95071f8be00

SHA1
a3eda206a70443fb0b9e9192389e8fd5ece42a1c

SHA256
bc36ce70e7208de40d0f0fc67ddca2e425890921cef5dacd3cce48f5562cc475

SHA512
e99a41ae7cd99887d2541bffcee58aeb86340f2f1aa00ffc55bee0d576b43944f5bca7e3fb89413fcb06b158cabd3474141922777b9c4d7533f381f3d247495f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
497b990deb7841d65e977e58a784a4ad

SHA1
d01b89d336057e95e88f77cc48dfe2c553e1aa4e

SHA256
95a9875632541b0987c8e3b7acaca49963553c85f1fa7f05ef33b542548f6e8a

SHA512
0c33904dee93858fe031abdac303021b51e745658367d21ce2603423aa703bbc14dc17f1e235892590c8b1bc26e44eaac2551a01fa160d90227892105fb4f8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
39986a1cd12376c323472d0519039ab1

SHA1
97fced6a8e56557231573631fb08558744392d2d

SHA256
7a97f26649781db9e43c73bc12ab3945492b7134db34b0089c1d62e13ed7a500

SHA512
c7cd58a8d6fda0716f4952283116f6161476b920a8c3de82e083453f6d7171a1c765e68d72b4bfc4a05ca277ca604ffaa86ab68a0a7ef96ad19ce959cf2f9a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
62b43c5a1ec6a8d0162daf9202c63ba8

SHA1
f09b5abbf17af98ad186eeb873674399c3951569

SHA256
cfd71b9e2b034f45a18a495e3e894bb260c08719935f1ce470f3269abb6aec3e

SHA512
ab074aba12ed1fead60f1a7ddffa844e8b83a3f80ca9e3ec9f77c1bdc4ddc18b42b1d0cb87ab8a41a73c0d2df97287596a73815680b5ae9dea8b5e4446c0f883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
b578dc2a195af45de6ed3eadba83becf

SHA1
5065dbd2173e19b1326fd0465c7ff518cfaf278b

SHA256
112a805663fb67943817ddf7721c6a4feddfe6eb1103a38f051f6a661942a5a5

SHA512
ca8ea26a7812b414604ad13a579d67075c2359e14bc3e57c64dc61cb30a122609d23342da836a6e538076888c7eff1141e725076d689230c018f595a7212224d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9607.TMP

Filesize
107KB

MD5
5b7c35222a1f69afacc916924e059386

SHA1
99a74e7695691e743f14587bac72e7da7ab7b656

SHA256
7ec69738472f2a77b6e0dcb3c9d50ca3837b4bfacc95f352e259b8a52de8ca64

SHA512
aa4435917cb8a14de371b8ea1f41b7bec1a5e09c05d5bba6e330cae55c0a9b3fdc3e6d3afc3c038633e9cef513ebd448e3d16d680df8b579f1f4bc1d287a0ee6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zqxzlvfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT.zip

Filesize
2.1MB

MD5
d259d10134ce1f45df757051b2b1accb

SHA1
c4c4260ae42e0522fab0d5696631fcfc0a2c665a

SHA256
3e32fbdd6075589abb8619e1b1a95058a01d62750525dae10a89ea8112e16e0b

SHA512
7c2df714593559bb417b7d95dc525ea096d8e49764ffb59b26e438ab65a3f467c8868db561100df21c0ca85a0559138ee304146bb433fd2b6d101cc7c3b1c34a

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT.zip.crdownload

Filesize
2.1MB

MD5
d259d10134ce1f45df757051b2b1accb

SHA1
c4c4260ae42e0522fab0d5696631fcfc0a2c665a

SHA256
3e32fbdd6075589abb8619e1b1a95058a01d62750525dae10a89ea8112e16e0b

SHA512
7c2df714593559bb417b7d95dc525ea096d8e49764ffb59b26e438ab65a3f467c8868db561100df21c0ca85a0559138ee304146bb433fd2b6d101cc7c3b1c34a

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.bat

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT.zip

Filesize
2.1MB

MD5
43bfb670cfff87ffdb8febd6da7513fb

SHA1
a232eea674cda0f71751eff2a6571a8e9602d2a7

SHA256
dec7a59afa017490684a8f597635acdbe964762612f6924bd5f2361605ada714

SHA512
2dd21b31186799592905f1371b32b0dad0f3363ed6af50895503fc30fffb0ef6541fff84782f1277bf2f3f658d180fda8376166f5c758d97557469005dc1aba7

Download Submit
\??\pipe\crashpad_2116_NUEFAGUEIFVBVQWU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit