kutaki | hxxps://nlockl[.]com/Riverfront/fonts/gas

Analysis

max time kernel
592s
max time network
489s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nlockl.com/Riverfront/fonts/gas

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

Processes:

TRANSACTION COPY.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yktdeffk.exe	TRANSACTION COPY.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yktdeffk.exe	TRANSACTION COPY.bat

Executes dropped EXE 1 IoCs

Processes:

yktdeffk.exe

pid process

4540 yktdeffk.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4540	yktdeffk.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

TRANSACTION COPY.batcmd.exeyktdeffk.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TRANSACTION COPY.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yktdeffk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703221719005740"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2260 chrome.exe
2260 chrome.exe
1700 chrome.exe
1700 chrome.exe
1700 chrome.exe
1700 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2260 chrome.exe
2260 chrome.exe
2260 chrome.exe
2260 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

TRANSACTION COPY.batyktdeffk.exe

pid process

812 TRANSACTION COPY.bat
812 TRANSACTION COPY.bat
812 TRANSACTION COPY.bat
4540 yktdeffk.exe
4540 yktdeffk.exe
4540 yktdeffk.exe

pid	process
812	TRANSACTION COPY.bat
812	TRANSACTION COPY.bat
812	TRANSACTION COPY.bat
4540	yktdeffk.exe
4540	yktdeffk.exe
4540	yktdeffk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2260 wrote to memory of 4856	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 4856	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 1496	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 4228	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 4228	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe
PID 2260 wrote to memory of 2896	2260	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nlockl.com/Riverfront/fonts/gas
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd839cc40,0x7ffcd839cc4c,0x7ffcd839cc58
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1228 /prefetch:2
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4384,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4352 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3132,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4032,i,4611824798903328096,12913483149197793024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4144

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3456

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TRANSACTION COPY\TRANSACTION COPY.bat
1⤵
PID:3244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:4036

C:\Users\Admin\Downloads\TRANSACTION COPY\TRANSACTION COPY.bat
"C:\Users\Admin\Downloads\TRANSACTION COPY\TRANSACTION COPY.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:812
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3664
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yktdeffk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yktdeffk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
160845bec9238cc3508c07b760b52a65

SHA1
99c88e56ba2fddfa8314308c72ef0627c82ce0ad

SHA256
58b2416e754dfb0999f6209d0879f450c6969a4a977f8229aa2ba95f6d65847a

SHA512
957b81ffb1355f02b2ccc9667b26fef15b79b698643b43568db505eef21b19b6d21b69410da2fe0af24d05e8635a4f39ea9f6f73a43f5961f809b664fe5308bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d82e6f27be975e5a817fb55f709b449a

SHA1
ce2aff731858081f80965f3486df2e0a27481eb6

SHA256
abc6989f2fedff70022a89936cd3eaa4c670f332714e386982127ae8d6a0bf97

SHA512
de15477bc662b4f66a446a67ff018f038efb43a9087b277c46a75c50dfdf0a554d9912e017a818845bd428709d19bfe42178be92556de8682213fa8c2e19b63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b12d81306d092c249f3dd789b5b949c0

SHA1
fd3c18f1a5ef6ae1d3024165fae8db6b13ccaf7f

SHA256
99a62184145d24c44d3fef5ecfcee6ad666e8df30ae132af0607b41496acffe7

SHA512
9c2503ef972fc8e786e3e414050a93b51300079b43e4b24e8d7f343ae984efeadd758df5044b6f9bd69084e810440b95fc9338cc64296bfa3a885cc73e26b790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59e273b93f156eb1b2d3f020196289ef

SHA1
d226cde1beeb44040c8af9d0fe265fe772c4c6ef

SHA256
e4839c435acbe6c892c2dde252a102c2e06b9a6b10cb795ebc9cf573a2ad8e8f

SHA512
380b927e83bab301f551040b9322c47dca85ddfe02af56fdae3ebecbf8e35a2058cd8f616cc2b218778bb0bd6c55f971bcbb0ed0d380cd8cf7a6310563c3968b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1e30d9206cf63a75668c5f9dd594b3d

SHA1
a874235249dd65d38d1debe0900ad81387fe0206

SHA256
5cb0bedbde355a69fdd624fcc4ea4281919fbfc7f32bf24dc4a3bbc2cff8b7f9

SHA512
12704102f5c9adb7696d35909f42c6e91ee7724c9a893bc145245d7079e14d51bc1542920114d32681acdbb6c96610364cc826db53aa821b57b7af29bea03432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
030f1ec3c5ca1a75b0df8c074741a287

SHA1
e459702d23d7be42d3b003d1d65968f66a03db9d

SHA256
35b05115c36d215bae3b5a0d903137c23f10e32e52d63d155cccfc5adfd85dd5

SHA512
ea74ac369c03955a8af4775f34bb26d38340cb0f49845df27fc2570535849e2ff0767a218c3322a8ac48f5869d3cc07aea855331486479f7e0bbeee2321df461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7f401285bfe763181db16d78f6bee12

SHA1
72337f327293406da3b8a65e7c8cf668add41150

SHA256
f2d0747b510a848eb91670a041a9962eeaad063002fdd2c3535dc79f3b44a8c4

SHA512
f3cd1c5a727457c4e668d76ff9405f96b22839ab96120a15299cd4b6a5458e006e6380575cbab16797c646a18b5809a9e2c0266adc1576eadbca536032fcc57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21509571d154c00e3099b95ed43f7d84

SHA1
f5c2e51dfd8b607b5416beaccc683c16fcd4ca6a

SHA256
3edec2bedfc2e307eb2ff8e11ebb1c208bfcb0cadd84209289ab1725e4397c09

SHA512
244f55424fa5f831eac6ccd8b7b986aca73569fc909ec9d1d463b4dbd72be0186991773f436389d3e76f541bd5ff47f6fc9110395ae47f0e2580e60ffa2fc5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4a2aea43a16bf058926db826134d752

SHA1
4b0341adc384ceab1540edb4fdc6d2e98ff4af49

SHA256
f7fa3fdc22aebbdc4b0015c309cbc1d238315e8a48c9029ca2a4b9c9722cd1e4

SHA512
cc95ba159737acaa35c456317dbf79c656f8c7c99dc35a18ca27603a115bb3d3deeda5b692656019618cb1427cb63a9e284ed99e0397ad3a5a6fdafd39f5d900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff86364feb77009e7a41ed72ad282cbf

SHA1
0455e40eb9329c8f4b00d456367220dfc5a42116

SHA256
4b5a6c801b1ea8df0620d1965d8497bd1c5144b20c64b20fa95592aa2c16a4dc

SHA512
4f4ef690365747dd210628541417f143c7c83b3155231a8d054a44c7fc7890d5ad322994860ef7e5e8df9f2760cc91ef9e72dc9a70d53932030d8161b30f8ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74551edf22c29af4e0f644f4667ab857

SHA1
770f211721e1d62e210d27d9b1226b4e05cc78d1

SHA256
ced09adf92fb4818203774c0d5da98464185e76453a882d4f2f88688cdfc296a

SHA512
4fc40d6b715b383552056519007c53c057c8900e4302e5fedfa4236787034c1abc3edb494169000c43f4adcbfaf6de86f8dbfa39c4ce86478cb6ac4df69d00d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b48882f20394eb82a8b5b64ddfb44d2c

SHA1
28be9eda98a3b9b9fe0ce9cf687065207ee1959e

SHA256
de2958b2d9c3b903bcb4f8956d1fb1c4398d4b0ad23e582d03f96b2537e4356a

SHA512
bc0f3d83cf900fe9fb0d3fec406e9e53eca7b8357aed33b3ca54b42b76a0863d33d269f10f5e219a81316efe703fe4eeb8b0551bab8e9aae25f62c73c1883222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0df4de6534c5fb029eb22ea451860f81

SHA1
61964514a7d26907e3d827b9d2d35410c86dceb1

SHA256
ad5fb8c2724cf290721ae46b4b684461d38483606e61934133fca3c798ecde58

SHA512
9ade9e828a70e4eaf535861a7f2eafcd2bfdceac2fc491da5bae6877fd7bcdcb0c09ec73473a6b9c35d20d5df6e7dfa768860c4aec912f699c1f31b1a1011e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8211ea268736566657eedab0af74c122

SHA1
c6e635a110cf34b6e99ef934016a51c3f2072223

SHA256
e0f9badf2a6878dff6154e74c43e0cc80701b46b2778e043104fea9be2c7f9e4

SHA512
dfc2abed6f623e1726d2bddc6614fc613a5f39f6a6df13919f86fb400414bd4f9907e05d4d26fb8ef5b4ec04caded9c23309a413c63a808a942ec2cc788c18dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b08da852f2d6d3967cd33b14316eaf25

SHA1
603dce23dc0ebeb2a6f2d31a07fbe975d6ee29ca

SHA256
d1a85fbc3e35e11f6a97c5cae60d1d9c2b5602520194904b6ef647519752f59c

SHA512
f367787095df7c6a46826e3d061789740153b551ae09f725071ca16de120d2484b7228c36ea9636b67a341860118e85a42b84cc5f7bad5635cf22af715089905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
442e7c878ae5337e58b688a8c18fe9a1

SHA1
17c7c57d67cdc203f38a503ff9b3ff149f229463

SHA256
fa9da4716d4dd86819e8f7d775c556d08794ddce49f750f50b9f21fccd1ce54a

SHA512
bdec82b6a2492776930bb126d663382b9f709cc5e9b26e78b1e30dd8ec83bcee82ea4e4ddf27fddda3478ba01fd8de7164c8aa963ca5dcb9537469075cd7d074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f46fe52f763fcc4f46142c43b05923d

SHA1
fa6e81adc1381039899582377b90b3f2b3973704

SHA256
cac6e1e0072d60a1109dcfd8f49f91fd273f5a7f61f19cc88b139ade3d8b1e8b

SHA512
5f495b64dd18b7acab5c6e1a43d185965b9fff90b58b6c4ace5dd8b2fc5d3fda6a46172f5b920c5cfcae774c604e1076145029f5abb6749b4c5b5551c8cc62ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10d81482ad40b1bd35592e30b9205f9c

SHA1
11d3666f14061294e1d609c7dc75267b92fa4931

SHA256
42610ba5608da65eb517efec788b6897249a0ea762592a578f603a4cd7d2279b

SHA512
526a5c962c039f101b158ad6546e54f2c6245a09068038b69e9feb76a609ae0587a0117c552ac1c46a131a3f7bc927ac4d320f7cb35ebe32bbddd9d1abba855e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acc4d0ae4c61461a1e8a45895973398b

SHA1
31f1166e32f2819bd7b2b043f77c08a0498ec6ed

SHA256
b70792f4d991059e3b52ca715f3dbb65be7a1334ed4d7efd14b825dc2cac5357

SHA512
1ed6b5d2fe0a086a966c22089a54f23224621751620de07a23122a65791de395657ea870ebdfa54c528048fecec587ce5186b316ceb672b6d7249e4b86db4f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3610343f81ec70f52909c5ffc57035a6

SHA1
3dcd241a347d2a97ddbae62a2421af3072250701

SHA256
06be4b863c615d8aa39a0fcc8e5363c3929ea1ebf95c96c7801729baf344c7b3

SHA512
3d093fc029d332684ee6d2d79c5fe33fcfc3a9ae32b8e3e7664d99ee93f4bbf1b6d0001d826ebe011405ebe3f750607319e137c792861a9c8be7f2d7e9ae0e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07b701bca57498c56f3c941c5ddef08c

SHA1
e11c47561fafd08f4370caf95b04bf3975d1ecbd

SHA256
e78731145c3d1681d2d470c8e6188aa385f62e48496273f985d1807e2c28f08e

SHA512
1cdd3477dfadbd5439d9a0d986f91801cc81f7450e43676fde5abcd5f0525102f0d44040dc2dbc47b9aa1c8b4dc03c4777111a854f84e04a253272f3aa7f9c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a18e2087d890c66edfc0d64cc425c8be

SHA1
915c61e7c89c6558f2ec64547a4b8fec8f851aef

SHA256
043abb5ca6fbefb3a00dff37cd65e545f9e74b00a68aa9f7814b5689d5f2b564

SHA512
b0a59515f6f84702a1de551069ba71755a3e6f0cd1d0d2f98ba3439e276ed9acda7131a0e741c0d8052c46a651e261f0bcfb1617f6d76f50491d00d68b5572f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
166a761cde6b3ae9642fc4c7df74957f

SHA1
e7d3b58e9a8c5da759f18c5b5ac38e856c810e26

SHA256
42d410b72232fcee3d1025cbac5ab00b21e80679b2de105b7f01410ef40f11d3

SHA512
1960ce62ada0e0426875ebc23bdbc858d9cd01ef5e26c748b8967443f6183dd8d97cefdddd3d9d1b2ba95fa4bdd9f84704c7229cae0fca4f44e6de282aa1c774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e16991e1f5a4b79a6cfdcdfc437a6c5

SHA1
e3086d5e827ec5e6d3ad3ccd68129f5fb8d63b5d

SHA256
c87ec2a78877903a953cf744e07ac74ccf1414f0ef2a0dbe60eff91fc2159a7d

SHA512
8db6bfcf5721669d5b960bad13ffacdec78ac58de1710a082ead2f3b11cabef59574783cf2bf6782f2bd19d6766901923b3c29fc5cfc625e13e8b26a47619f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab825380d7da78bb5ef535ccb645e183

SHA1
7869a563a0a211a260cd3a2291a2fcc788f74524

SHA256
bbdc7dc74e56ba3038719d02e0c2aade4115c919923c8bb217606cf350540390

SHA512
98a196cb2a7f8953962277d189c2d55b5870690a9e82734b1cda8e0c2d746d5f50303e8800aab83a1b28658a1fae84760f5022b6c3cdf4474bc0c2e566f753ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6beabaeb806e4b2f0fe0bcad4ff98b9

SHA1
495184e2d9faf0f637404dce127d1918224a3bfa

SHA256
5a8b10b0fbbb80ddc3abfa9fc9a2e63f404054c80297003374db1411b017b347

SHA512
dfc164f2fdedb9472f21a58407e142491486c0e196da56e23f582c41fb35ce12fe901372e1f0ba69e4d638c31a3902b9bcc699db6f2b51f937d963b0424b89fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
deae6edcf50431aeea3ce621f8b3e541

SHA1
ffc6d3403276d659d1b2a1331092a80708bc8720

SHA256
494fff8e867221c3162e24c37fc75ed5b832a281a59e8b9971974f11ab204204

SHA512
9138d8bbba51b7dfd454b2fe4f7d627056db07967388fa95938d402b9a0c3b9489bbb2f4b1bf6194743a2a4c6eade110966e9d94cd58c97f718466c2b9ed4ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2a3f52da288024432c9e943352ecdf8

SHA1
87611f69a38f909c99d69c2a79aa3d4643d28123

SHA256
937edd95428b6aa867f5d69b7cc91bb075f5b5ba67bad4b42dd7661418ef6617

SHA512
fe66ed405f9475d7c4682ee0a44ffb554cca2d9b4d22d23ed6e05f1e3158388f7d440cea1908ded38f3dada5320661e90f99ea5acaa3ad52bd13ae21f60fc396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a5be1c200ae724d3a185a0f74a0bad6

SHA1
6049c9abff33b1ccc9832372e3cd5f68e4071145

SHA256
c648ccc54b7f698bc39ea486f7bf4f2f82b958921c5160e86ccac16084cfbae1

SHA512
4a800d600189584f3d1d7bc2fafc6ac5d5a36f20d8626431f4eaa4197e72b60f35e7cdf1c091d879fc19165474ea85a03c60ddee88bff95f99f08351a6edcd0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b1afc942a63ccc6737e23d5025845ff

SHA1
9978d41ca2482c97573c94e261cdb27ec281e085

SHA256
1ab08e30201a64a1b24a0a5bfe29c0f860bdf081c64d20d4a9fc60dcfc837588

SHA512
d52fde3eaf5fb5eda992fe83ede7d0906ad07fa051be95a5705a2490e54533311c46a587a4c01e9fd076a1d4b2767d0a4d15a37c365790b05c043ecbabee7d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d061cdcd29b2dec7c97f01e54beced2a

SHA1
e8811232ecae25557e39e43ed1306405cd0a4915

SHA256
131bdd80038816cef2a4952d17ed0983887cb0f6f6e022aa2c29410d91c4f302

SHA512
3b1d798f64660d1fe938b75a603f233cba8412916eaf36b81964a5eec8957514476331ca64637fda6fabcc2961d4b40c8017bf4488b78fd9a25b86649a65c91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8a17d8d3985294e143c3ca72655f341

SHA1
8c2f2f29027b04d70dd31196bad0cd0afdb5cd85

SHA256
864d3316734cd2729f1ad905c7ab09c210fd81438f202a901b9a632309fb55d5

SHA512
80bf13f62f15a97f8edd5ac1569c10740510b90615acbd7ed50e6a2f8a5b40ea6906cf0a19de00c000b2df3c028d06e6bddb077ffcdd5566b23b5e2fd9aef5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1361c0c0d10d083f8d4d394165fa171f

SHA1
77c13f895d0d9e00865d5e33773fc0fa81398ccb

SHA256
bf9135f31029b318844d0d28c04e9c495dfb6d11b45c42c9c0d15c18acebdfbd

SHA512
1886eb2821f085c576470dac87b3d1a49034a005416b2189ac0d565670b22a6795eaedbb6585c557a4bfb82bff5df4fcf96be623140f7001197686af5fffe09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c76a8b2d97b1b0da138e047aced24cad

SHA1
0b4eef484ed6722545c70a917998a12812f29b81

SHA256
33e407615b64b888c5636a10878d1dac7872c60eecc6a1af888d22b17d2a6ac3

SHA512
77b3d41281715ebaca7491292d75d1b323df0712e7e854fb6219686a9c31c780a7e5e2e329333844b1d63912d93a2b5d0ce61af618e6ea50554fdc65fc92c202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f3d7e2acd2e4aa308024d8b3f7134b2

SHA1
7273b0572d6496145c7592dfff3a8051e547ce19

SHA256
d45aee510082bcbf94edd4f16dfab5e0b04d3960200fc993c4333589d8321d81

SHA512
444dde8ee41436841701768bead31aec7f891f5248c9cf8ea85698e7b92d229f9fa52b8edd4d20d33535b6f3693a3e526bf4155b9d5aed5a0a9d9a385e8bb800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
069fe1b73217db0885c9fd48279c81ee

SHA1
b1e8a4e8296a5a5bba66e6b9c92334aa6b7be998

SHA256
f4ab2d51e095faa6d66b13d223963fc9322b11b5aec282c926f39a5b704c1ce0

SHA512
57416d69b26ecddf7d8ebf34a3afb3f4d925f7809c68ff368215effb36ec23b514a39d098e286face9f905edc557dbe300763562d95bda37cf9adb2e80784a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d474e6e9391bd13c2b918bfc5758f9b7

SHA1
eb2f89c071b0607a16bd2552e3d89de1744693b2

SHA256
bdc65b54ae3dd8d100a9760cf70e40981fb86673cade9f27d0bd60c5343e5146

SHA512
1d9dfc6ca934d4ddd917ecd0a33331d6d74902e4cf1a666c6c1fefc3d854fe96a424db42ca96270bb9e92b0b1a5e894fa0b7bd7418c4d120adb7bb46eeb2d9d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc6e99c7bdaef4d88ef2f38a3f3b5ab0

SHA1
faa643e31fe54ec99c1c92f8ec9df0f67f7c9261

SHA256
df02c06948155152b46041dea2a7ee8d527c5b1bb40dbcdc756a14748b7a65c9

SHA512
cca77f461f5efe70b5338d06eabbb7c57287973e39999b6334fdb3768eeddd21acc826239afff4e2f1c99a416fc1be5291e85c33b8d04095f3e8b083a489e95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b664c7c7131db1f1b156d36e2960bbc2

SHA1
13e04a1f09f1e98f210afa374b9cd150560e6e47

SHA256
4d8c9892016a429a5db41c4a412edc175470a46db2f7c0943b5bd12c62c50fcd

SHA512
0445cd7256ada49c12bb9284e79696bbaa07a151feb363a8ae2386341f1ac0a8edd2b88a676b885d1988f11553c3e1854f3d4d418039412b5e448c6d2613404d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c217071b01c833fba9d35e5dd17b68c7

SHA1
f53d501981363927c7fa8a7e7e2baffface60f9e

SHA256
ce33d6a78beadec1cf0bbf3640b99b01037f995836cecfea11de8f43d5e88428

SHA512
d92114610a2ac1c701a58d5da464ac9c18e1ebf6b306edf15fc9219d63164c464558c30e3a478560fda0605d8c28a371de64530b034446be3edd185070d495ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7443832a47380f4f3067c4784a944381

SHA1
5615a5958c2a65a5c3528d7c6d002df90588be1b

SHA256
4041f5440e73eb46f6ad38d4a854dd7e30ce4b8a61156cc80c97798ea08338a7

SHA512
365f7d43d1c4965902f3e4107b8e403a5bb72604300c06c9e4c9672c8b8d123e672f3bf155d0a333b2f65e657f05196654c7ef19d7305918add82e8e42211194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ddf2724042ce03102e8215c27ed29a46

SHA1
32658dec9797fe36077ec26cfe8b141b13d503a1

SHA256
0a00fccc0745238e5f24dd14657ffde8db0e28dcfc52894c94fe2b80943db9ce

SHA512
ceb42c4f190c1c8c16c12eeea65ac6d5805b528091aa60af3f6507264c8e903ce78f64d2c62780f9fa1e4f292fa925fa80f5dd44bb8d2b1559f039442766bd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
225f1a4a707cdffe061e46aa9ac9a1a3

SHA1
1469323e11ce345ffaa2a7a3339fc0bfbdcd2147

SHA256
fd37531eb5d65fd1a3a8b0dda9a4c61f4864e82a40375415e93a1d37ad565101

SHA512
4dc4106bda8b9d4a52fc0cbed440c0ee101264008d1ff728194a854e5b5860dff461f49d7da05ed7f95373e25b9416dcf25e9eabfa808ec6ca72d600d6a52dfd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yktdeffk.exe

Filesize
520KB

MD5
8fa44bea759fdefdc8c2a6cf882c6d2e

SHA1
6a289f0cdb5b77130670b64122416c3c9ef5e534

SHA256
bbefcbcfa9d149047d2538e01d9e013f55a51b08045d0b6f10a438dee6a5b35f

SHA512
74a67a3a286e581519d0fb6cbf77f421d15bee948ba23227690a5eb1813c137c11d15e8ab1e98fc07ce2a920463d1c1d048b49353496e2064eabeebcda92325d

Download Submit
C:\Users\Admin\Downloads\TRANSACTION COPY.zip.crdownload

Filesize
342KB

MD5
7357c6b5ddedee32665c204d7ea403ce

SHA1
f2f966b41c7a2380a03d0fce752d90bcb96566b3

SHA256
e6d80bd94b1ae0447400815ddb4b3db4737ce17962f4471410d892306a4f8133

SHA512
91bc5d6a34a70a3ffa49a6191290997c04db2418e4f52b903e7d6c98aa24ff9bd7a471c22aa9a86417978aa46c0d3715ead4a577ea61d8624bc49cb80712a0ef

Download Submit
\??\pipe\crashpad_2260_RCOTEZTMDAYXISMN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit