kutaki | hxxps://cancelcancer[.]in/Payment

Analysis

max time kernel
37s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cancelcancer.in/Payment

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe	NEFT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe	NEFT.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe	NEFT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe	NEFT.bat

Executes dropped EXE 2 IoCs

pid	Process
764	yuzwlyfk.exe
2704	yuzwlyfk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NEFT.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yuzwlyfk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NEFT.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yuzwlyfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1152	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133739404733721192"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeDebugPrivilege	1152	taskkill.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2252	NEFT.bat
2252	NEFT.bat
2252	NEFT.bat
764	yuzwlyfk.exe
764	yuzwlyfk.exe
764	yuzwlyfk.exe
932	NEFT.bat
932	NEFT.bat
932	NEFT.bat
2704	yuzwlyfk.exe
2704	yuzwlyfk.exe
2704	yuzwlyfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 1780	3360	chrome.exe	84
PID 3360 wrote to memory of 1780	3360	chrome.exe	84
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 5016	3360	chrome.exe	85
PID 3360 wrote to memory of 1108	3360	chrome.exe	86
PID 3360 wrote to memory of 1108	3360	chrome.exe	86
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87
PID 3360 wrote to memory of 1252	3360	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cancelcancer.in/Payment
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefdc4cc40,0x7ffefdc4cc4c,0x7ffefdc4cc58
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,15410583768801182100,14884639964259681411,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:8
  2⤵
  PID:3996

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2252
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4820
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:764

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:932
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4100
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im yuzwlyfk.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1152
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
562c2af2c2b2f51b524e489a6d04ac70

SHA1
497c69f99ad28411ed58556ec29409e335db2f6e

SHA256
6ec028a052fca6f9beca6bb026645a7557c2057df52b02117b2108402f3c0bb0

SHA512
0f9a1ae26ca5d3b5317ecf1ac2adcd22d9072d9fba2102896bbc86eeb8ad43b856404b5d658ec03b650c577165a509b769214a6e30d57b4fa01171cc6ed4a2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e759ca2fae96476c5b694ba89fb0c974

SHA1
d08b859243fd4b7c0ddd0efa2d20a5e67f3cb3e0

SHA256
ecb16170bc7b1d8975feacdf54b849fe926e269dec04f1b3be056d074ca849ac

SHA512
2d4b50bdfe255d30e07007b49149f2dd1d36fd40fbe46eacfd7e003bd7d87b2c8d4bafcef1a443e850e21a6c0795dd5b6f0ca6dcf8bef7b4dd66c64cfe29af5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
abe3c67d0f4ed1e229e6ba5311f630f9

SHA1
5fdb1e6878880b5b5681aab5996d7d76af9e8bcb

SHA256
eace89a0c7212d91e77d5e40f59ff891e36c3d9434851dd8064a6a3fc979faa8

SHA512
e2d4fdd66d4315e0bc1a7fd1c9cc3ef0d92ef97577a73fbc4d39317d55d4d0ae956a9e75cceebfcd4c5121a7567e089dfaf9ca2063e3d7d8f9cc2fd4e059172d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68f07e54fb2abb5c4481be2b750ed5a8

SHA1
e7e75a7c6344d630f473f6bfd0acf8b175bbb892

SHA256
a61654945f5abefe095c0bac99c11e6b244487afb8fdca1ea61afa43ad829c95

SHA512
2c58156cf01a5fe7af154cdeb936d443bd5bc20d7ccfffae28854f5ff002ee8a9b11fb87d69cf496cd9051a4509b56f6783371aa0dee33f2ad14a0c648235a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
865f92d663a0c405a142dc7d839abc76

SHA1
0d04bca58b9d18b980d62bec583a41a10707d939

SHA256
6794411dae33eb375dacff17599762c443ae9c28a0777f64d15a0c7ea8e51c79

SHA512
f97b603d1c1a5f62b0d6154a02b2ebb9565e0a2ded21465768ea0ab0fd4885d2353ffcac4fcacbee1139b1309fabe5f8757b948223133fa72340fda4b2f84c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
766fcfc46b348a89c3aadf6e44b7a3cf

SHA1
be5729e3d70cbfa767b6b721596a7470cc9d8cdc

SHA256
ee68bfbe4056b01831d981a345aaeb3c85c5c59dd2bed4f9f715f9cebe598fe3

SHA512
5c2d8e1b3a96753566f5dbc598ac680e0ae969a91c45e188840d8ef81d33a22a92edcb75bdd869ebc470e512baea6e9563e9f13139909a65fad3eef62982a448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e340202c0d4b4406db72f5760695c8a3

SHA1
8e6036cf3d4053a118d07adfecd7d880b6c334b2

SHA256
eb0da108ace6434765d266aff27a0e49029658f4ae8afee4c55ba1a835e6f57d

SHA512
9abb988297a8be6ff01b1a1686826d80b485aaebb71793d59546375b234aa747905672d68b15eb53105dcd6462d1ae32a3dfa7b3138ec44c1233bb6b6b9cf684

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuzwlyfk.exe

Filesize
460KB

MD5
ff39ed31991f1614652beed618baf2da

SHA1
4e9ce72e7b8c8a49603860baaea530c54e307144

SHA256
097e69449f83e64d478e5777cdd3557f4eb2fa22c616288108784f30e6168716

SHA512
9b0ff23ede486cabb75c78b2ed102fd2c2b2d8638a7b06f234a35f1f4c8c72491db5ef1ec4cfbfd72f96b1d44a6eabf4dc43373d576c923f13235a64a5e7314b

Download Submit
C:\Users\Admin\Downloads\NEFT.zip

Filesize
323KB

MD5
9552349ad09163c67433562c8d7634f2

SHA1
e745191b11f6bc6ab300dc55d59044d6a98e9cba

SHA256
bd9ccb08dd7114bc52fe37a2f6a4b65513f35b7597e351f6375fcdf609b1ae0d

SHA512
ef70e4f3d5b8710b7ac880281b7bea102cdcc7c3f4f49cbb8b1dd0cb6459be67998942ae107a9812dee90f58c6e2ef5555e4e27b9fe85d9d08f8f1d4460a74f9

Download Submit