kutaki | hxxps://kothariwheels[.]com/mmmko

Analysis

max time kernel
299s
max time network
260s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
18-02-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kothariwheels.com/mmmko

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

Processes:

E-Challan.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qfqfuyfk.exe	E-Challan.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qfqfuyfk.exe	E-Challan.bat

Executes dropped EXE 1 IoCs

Processes:

qfqfuyfk.exe

pid process

4856 qfqfuyfk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4856	qfqfuyfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527693453695893"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4148 chrome.exe
4148 chrome.exe
2528 chrome.exe
2528 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4148 chrome.exe
4148 chrome.exe
4148 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

E-Challan.batqfqfuyfk.exe

pid process

4400 E-Challan.bat
4400 E-Challan.bat
4400 E-Challan.bat
4856 qfqfuyfk.exe
4856 qfqfuyfk.exe
4856 qfqfuyfk.exe

pid	process
4400	E-Challan.bat
4400	E-Challan.bat
4400	E-Challan.bat
4856	qfqfuyfk.exe
4856	qfqfuyfk.exe
4856	qfqfuyfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4148 wrote to memory of 2300	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 2300	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 3248	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 4656	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 4656	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe
PID 4148 wrote to memory of 1736	4148	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kothariwheels.com/mmmko
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc434e9758,0x7ffc434e9768,0x7ffc434e9778
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:8
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:2
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:1
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:1
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:1
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2912 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:8
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:8
2⤵
PID:2572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 --field-trial-handle=1840,i,15276498362013684676,8118184248811344937,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Temp1_E-Challan.zip\E-Challan.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_E-Challan.zip\E-Challan.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4400

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:4504

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qfqfuyfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qfqfuyfk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4856

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
57c699103c203619f7cff2b58ed9ba50

SHA1
38aa9a3a5730bc0b8d832c2873db566e7f3dc629

SHA256
5c24f197e35a31f1e3498bca24cb7764bb4576d6cb6d69fe935fca99686f26df

SHA512
8f6be299f16a51db1fa9b217f7850c9e35c9ad6c21bd4eb457ece06688e04ca75a638d0af62fedcedcfea0da7fce66609f77c2538e377ca11b8b5d186f03bbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
701B

MD5
2f55b2590eb4877e022189ecba30def5

SHA1
313b651735f5706f77cb656fb283b04b4b37363c

SHA256
543ba9627757d8bead6cc00fd8c794988a824f676618e3098421e7f364216f4d

SHA512
c595ccae1e9e951d08d85b4288bc167133fd08ebf4424ce02084aa61f2edd0538239c85d150ec0f35b2466bc1d2e93c3797312ef2d30addf2c1350115037d6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f94726265f8390b3b7fde863662be6ea

SHA1
6f73f298b4c3eb55d8fd55e33309bdf826405e99

SHA256
d3f66315c544cf78ffed9b73174e1b1f9f1ffa1023c80591124289ef78db0562

SHA512
29778191891d0a10b492334071bf40669ed7ccdde2ca982d97c6f41951d246c578d77331278294269b8bafb6ec1d0dda2e0136b1a36a54ee3e5c696e11b11eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fd13e2afcff039a5bad11099ccbb1afa

SHA1
5e272659b2e3ca706e4cc848a82fb83b432190bc

SHA256
9d0a12efb5228f9e8ad966866f43fb2c4b677f8e0f6b95d6a6176ec7a9766085

SHA512
535c782a6b446851b63faaff0dd57e90d5153a86941789cc834be9fd47f2460db428e2b36c3ca490d367aa05a831bec8bbdf5673b447551c799155c078871968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8308130cf5400b8c60d6d8cf07da2de7

SHA1
50b70c8468cfdd457315b7f3ff6f645bb59f7ff3

SHA256
26b35c24c7bd46f0bcfd77d4a089c668c4bc530de38acc68a9702705997195a1

SHA512
74b8fcf6f2277141409f4c4f37965de8ed6d931d1bfc8a6b03d5f8f054932af0144ffa0d7d4032d7630beb54e1163e1be7c789327ca02944958a209d180279ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
5c804ffd4127f466ad28fa3e1ab4383d

SHA1
642e2cee92c219f9f9b6f54e3ee11ce9901fa1c4

SHA256
20e3fb01ba2afe69526289a9e759f1bca8d926c87fd459b4e7312f6cae1dcc0f

SHA512
e08c2e80f7926b5a6528785c7f97eeef60dfe1f291634920a51c079d051996e7465869f40915f86e8099bc5755dbdfd2547b2511873718472503dc8ebf2dfe61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
f4392127c76c7d468d3f6b0a1536eda6

SHA1
f59c2ed786355886bb6285c0faec29e99ea60446

SHA256
c167cb17b68c3422c5770ee0b8100625254e70f054c5630715e7353875d21006

SHA512
9540d17a2b873210f114a94409f1b317fc208f98b601e48d9871a5af5619ff2e3f9adf40221258f4e1689c8f365d8fa02ff50487ec53a63367204a9fa5d3feea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d9a7.TMP
Filesize
101KB

MD5
2351b33d5f8c8c2de87b94fc7d631d3e

SHA1
126c2f0b1237d6a8bf670c29e301dae3c732e8d3

SHA256
8d6edd9a7b28daa143470c4fd843d4b97057d2f8cefa4d74dc0a18491eafa418

SHA512
3c3318608db0cde37c765b7a631470fca5e235bfe041ec13428157c606bb0ea2206d462d5758e441c83c21f494387943ef115f0e2017c6062c4c8c0676388ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qfqfuyfk.exe
Filesize
528KB

MD5
e50c1b7c8e16bd11af9ef216588e91e9

SHA1
f926e8d704ae07603d6130e5a031cebe22a521e9

SHA256
90d339caac0c827c1e6aa1cd879d067733e75d9a289bb4849c0109da902e3a6f

SHA512
21e777b821d176b55e6dad985ec0faa38c6b40c31732a14d82934f96f5369c592c88e598d341ff4958e1a517443f025038f53c7a8dc97741476fb8f37c54537e

Download Submit
C:\Users\Admin\Downloads\E-Challan.zip
Filesize
336KB

MD5
895fdf18a0a9234c3cd5f55e88db592d

SHA1
8dcd5c85e033fc0e520b8eb8672edcfecbf9c973

SHA256
321f707f4f286a01118f8cf18a5eee397c1a446b60f1d469450dc8eb17032564

SHA512
416a06f057a0634b776b502afbbea767bd234f6566cca26a8c4cff46b681f4e17ba50ae09c35d4ff26599e6d7350231b2dbc6aa78708877c49db90371e7f0f21

Download Submit
\??\pipe\crashpad_4148_LGNPTYUTQRKYSDCD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit