kutaki | hxxp://kothariwheels[.]com/dnehj

Analysis

max time kernel
600s
max time network
485s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://kothariwheels.com/dnehj

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

Processes:

INV NO 0895.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbvdkifk.exe	INV NO 0895.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbvdkifk.exe	INV NO 0895.bat

Executes dropped EXE 1 IoCs

Processes:

jbvdkifk.exe

pid process

4108 jbvdkifk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4108	jbvdkifk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133509556976929723"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2592 chrome.exe
2592 chrome.exe
3332 chrome.exe
3332 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2592 chrome.exe
2592 chrome.exe
2592 chrome.exe
2592 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

INV NO 0895.batjbvdkifk.exe

pid process

4944 INV NO 0895.bat
4944 INV NO 0895.bat
4944 INV NO 0895.bat
4108 jbvdkifk.exe
4108 jbvdkifk.exe
4108 jbvdkifk.exe

pid	process
4944	INV NO 0895.bat
4944	INV NO 0895.bat
4944	INV NO 0895.bat
4108	jbvdkifk.exe
4108	jbvdkifk.exe
4108	jbvdkifk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2592 wrote to memory of 3660	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 3660	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4832	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4280	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 4280	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2852	2592	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://kothariwheels.com/dnehj
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa6be59758,0x7ffa6be59768,0x7ffa6be59778
2⤵
PID:3660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=316 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:2
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:8
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:8
2⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:1
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:1
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:1
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4540 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:1
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:8
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:8
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3424 --field-trial-handle=1832,i,13125482211681877450,7797496550212105903,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Temp1_INV NO 0895.zip\INV NO 0895.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_INV NO 0895.zip\INV NO 0895.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4944

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:3060

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbvdkifk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbvdkifk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4108

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
51b3b23d37a63ab65a58c25a6db3d2cc

SHA1
67adde429ae44aba5c178327e4cb93aeecbe4522

SHA256
f705a841553aae1665df4edfd13684eafbb0121d890561b65e3cffe596e809de

SHA512
e75223767fceecd26cfb47616c1968996ce7f721d1344d6213bd5f38e2ad605d632d054556ec7dccc7a237227898aeeea32dc528efec24ab1fa0b230997afc30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
4dacf21dde887421afc1d45dc5724661

SHA1
8fa36472d657f3d8db477709df4e7aac1f83b055

SHA256
fa67441ac1ad1c6e9473757c5cc4563f05497b5c0d62f46e9a4ab7518f9294e8

SHA512
048ede3dc3a721e1b3d883cc7f060469e2e0255007f308712b15b28d2e50b1aad7bc7e8ca7126f1ac04bc3a27aead51bb2dcfbac08bddaeb9e4c851a02f1794e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c2ac0b513e6f955b056ef62d114d3a10

SHA1
b1ce251f8c2ea19353682cec140503cef215cfcd

SHA256
eb4fdc1dc70b828fdec69bf285c8a8732e486f48b3f87fca01f3824dae3a7f6f

SHA512
f8a085766d3f2fe33b25412262daad051723e350401144c67698c3dcef62972d67043c8c900e58266dd96ec273767e484f0b76ab5f4861f8c192aa4165bbecab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
eaeb63314fbc3207eede3f5b531c6c97

SHA1
86d0213f864bb0ea497bac4ec63b4bed219c095a

SHA256
5900d0df8bd9be7ecd5bd768094e21a83400f41d7d5d305590d04b02080e5ddc

SHA512
8047f39b9605e2968cef13a95e15fa6eb9b8cfb72809809f66ba90f2c6ec78c407f74a84b6167f0a007dff061cc66ad89ff4022c6a7a94eb9841af610004e4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
b5eff02671517cf45dfe4986f0175b8e

SHA1
9fe46c6bc4edafeb0a7f622e0fee158147f609f7

SHA256
2bc9288a06f4d1a87ed446fd544b2a2224720bcab1dc496682be9ca6d4b1b5a6

SHA512
1a9afd8d4a1f812982e1f6c5f5c4e73846661a4a3e290501d0179da48b8f27f83f46279acba853573bf68195d406e9dc88463523da3afe61aff30377c51c240e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58397a.TMP
Filesize
98KB

MD5
cc4b7479a45f0bcb73f5472dce10730f

SHA1
92bfeca9e5f0945610e62e0595c406215ad1a4d1

SHA256
e54b23e2c16215e1b8d7aa725f9ceec483e69954902ec52e236ea9720d37784b

SHA512
b7f3137102f71cd2b108582923b80de891b857ccdf8ce679bbc2dbfcfa7bacdaa67084170c3e9654cf4b558f93166d4d7d3d4639ab832c476c5b4f911b57ffe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jbvdkifk.exe
Filesize
2.4MB

MD5
bd0317d7d71a80393ad2fd68d6068de1

SHA1
818c874b396cb525864eb0d89dd4bd48d83c89d4

SHA256
3bc228f9d963497944b91f760b97b2c1eac7525c4c0c065da8f8e62833fe5485

SHA512
e130f60ff194a622bced18e59cdaaadc10834833bbd948f8f03e0d13065b74b281f7f803188b4e7dc0077e9dd16684684d838a94e961bede1a220c0211dbdcf1

Download Submit
C:\Users\Admin\Downloads\INV NO 0895.zip.crdownload
Filesize
2.1MB

MD5
d9c0bcf7338442ca4bb55412812d9e40

SHA1
9d6204d46206a40f4f4ac6e78b9056bb80d639c9

SHA256
23f2743e81089acdc8f418032db74020d5e6be8e19a3b1b849648d1ba9e6325b

SHA512
6c3bc5742a0679fa4b538ee245bd6a0f39f7e42156cc0bf4e552659e3a633fba36b0ef5276ae61a0848b4d3268598a4266996f370cd96610346059a24f4a658d

Download Submit
\??\pipe\crashpad_2592_XXPXPTVDVBDJYTTM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit