kutaki | hxxps://argunt[.]com/case

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://argunt.com/case

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xrgqwvfk.exe	AXIS BANK CHALLAN.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xrgqwvfk.exe	AXIS BANK CHALLAN.bat

Executes dropped EXE 1 IoCs

pid	Process
2092	xrgqwvfk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AXIS BANK CHALLAN.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xrgqwvfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133739248574353710"	chrome.exe

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000136e39709918db019722713ca218db01f82cf7752323db0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3320	AXIS BANK CHALLAN.bat
3320	AXIS BANK CHALLAN.bat
3320	AXIS BANK CHALLAN.bat
2092	xrgqwvfk.exe
2092	xrgqwvfk.exe
2092	xrgqwvfk.exe
3776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 4980	2464	chrome.exe	84
PID 2464 wrote to memory of 4980	2464	chrome.exe	84
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 4960	2464	chrome.exe	85
PID 2464 wrote to memory of 1660	2464	chrome.exe	86
PID 2464 wrote to memory of 1660	2464	chrome.exe	86
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87
PID 2464 wrote to memory of 1708	2464	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://argunt.com/case
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffbc81cc40,0x7fffbc81cc4c,0x7fffbc81cc58
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3272,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3172,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5436,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5588,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5700,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5744,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4848,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5244,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4580,i,9517060540287046944,16969048076540524379,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3604

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Temp1_AXIS BANK CHALLAN.zip\AXIS BANK CHALLAN.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_AXIS BANK CHALLAN.zip\AXIS BANK CHALLAN.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3320
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4808
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xrgqwvfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xrgqwvfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bbd1bff719cc5896907da28291c58d2d

SHA1
574c911b87c94c0b99eec3942f8cb9c7911709a0

SHA256
19343884c346d75a46fbdf3c2c5c82ee92a4cfe4591a6189db13bc4a53d663cc

SHA512
1cc0a504aa66eddb4e3134e7c0c4cb04ac46927003d03d0b42e1cf78dc3257feacf66445b52a1661f97172593f8f09c8bc40b96e1f48bf72ff3d5c3e3dafa57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d1f645f0da476a1debf016fe647bcc6a

SHA1
5aaf2baf998bd7092d5956e215fe431148b9b4cb

SHA256
ad0694157af3a888d0b693cd8c0e7aacd690101db2feb99a4a9aa4cbd3764dfe

SHA512
8d84bb5fdc0994b80851531d93e9d59d519b2b1e4565f9ff29a20631811f6fee53e61e75bb03169c49313fa3b02972129ce6922c13ed1523bb11f8e74ea32998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c2ddee5427bba0d647fdef8935fa90a0

SHA1
a1b3ff838e878556cea4c32df5013f911f252f22

SHA256
2b5008d0ccbd0ec0c4482934ecd3057ead22338f835591342e827327428173f1

SHA512
bb20606774e18649ad94b406cd9d8b63bf01fcc25b2e3d2c49f1c8232471aa4ad7b2e678441ca70738b627c8af27e7556507dc31e25aee41275fbb1e15d9fed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c07551bde6f78ba1f9d0e49ab085aa29

SHA1
b8279e8d70dc705ee98830047c3c3f1ed2a791fc

SHA256
9007ae96a89c2ed3a5c80ee5e86c3785c5e04fa1f41970ae4e01902ad7dac7c3

SHA512
da5407f53f2e754d9e3f7cec4ed5301371979001015e8b4eecbe0d762eedd96201124497d89b98b333964cbf590985d3c63dee8dd61bb2ddf7894d190fe1ea68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ceb5018db26eb049dd3df1b738f15ebb

SHA1
764d5ecf65925befc0a52f040615f0d58e36e047

SHA256
b273e50b717e4458a09e28aeccd3589ab94ce36df8a4fff7c64eb15ff4dfa549

SHA512
d2f4c99c191142853778e575a714af876b3493bb5dc9eba666a27a10ed30c04efab1f16877bf6777024caea644a652bc5030ad0feeb8b9e15be76cb21b591eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ee7b439f247ef29bfade6093772a27a

SHA1
95236dbac24efdd05b919ff6eb18ed72d76a1332

SHA256
9011b68541cd7135ca525c2cfb70ec75f0ba2b999e8f5388ad00596378bdf0eb

SHA512
63312ce7429823bd45aa1dc4a0425208d4326ebaeb50f60c409b6f623f658871851ed8d94481947bf2074a7e66b5af1adf973eee3a0cbb703590f77c49ac319a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfeb26d6fce4300ef24ec87a16418fa3

SHA1
fb8f71d874f33f70fb1f290466561c457c0f4957

SHA256
9a4ab25f8f8df802ac1a72c9dd6804f796e3d684e798a869ae353443d0ba28c2

SHA512
255e81b0646c7722d24a354bec6930b4a392fc62fb17afae90341196377bc8e0f4be46a2d4f17276958b04c655b56c1bc74ceece93f8a40a5f8ee14178fcf1af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3758f750f10f26cc3d5db790298511ae

SHA1
199628c3e8fe6d204b37b8003ca2167de95499a2

SHA256
bbcdfa05b5126733ff7974dfc803e1bbf7d0b93f46e217e2157fc3d186778392

SHA512
738b7e47c7ab91684f89d083ef8ae1ad8f75dcf657dae8914b1090b0935c25f1149679a423afc3642793ba021207512ce7ca7e818fcb811e915abf896ff49ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0e3f97be1b3ce63dd803595e49caddd

SHA1
b89ec117bad9a8b32ccfb0814ec352a5e90fe3b6

SHA256
72c418a7f30a9efee3de8e95a97f12a6b70bc24c8acc036b7cd4ee74f6492766

SHA512
0e12774dd57839fc286da8b314ed402dfbb10cb3544347b541193c4948c27ad807bee34c109dd4d518964ff1a8edef459735e161a2783e71a6ec1a9263ebc969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf1296391677dea29890373086d1d043

SHA1
d50516a5aea407e592b4c0b90824fa3ff1f0a308

SHA256
ff40ea62da4e9fd8157e1d85638dca89c275230ebe6794f3ba7afcaaf1e12842

SHA512
df104529c9468fb29c23e730504019b0186af8015200e8fd6450b4e6054c3b91c85c41cf33b56d978893ab1345c8bbf5b7a37ee75779c2df4feb86271b7301e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b06af1e4d76ff2440e5c592bd8ede34

SHA1
15294e8e615c611852c807e9a0033bc19249accc

SHA256
1fc29320d47ceaa551f977d457a9c5400f22de2db8d95c8f1b5a0e23d7c06597

SHA512
9f3b9c73f8b5c29fb3bac6ee18b73d229ee49aa8a6c253d6b09ed716cd0410c2a292504da26b25f74aa7f04058802b941f242803d15ed7dbc8445518db2f0d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c34755f92df9b497ed7d53fc56951ac5

SHA1
32a4cb1e1d74c797cd82d4805ba7f02a0708c97c

SHA256
3e1647cb782509cccff40904f1ab5e3ba1e9bc3d1ce9c23f628d8fadc1295e3b

SHA512
09949de5b3580439a30173fa416099e5bcc43986d21a6f4e9bd6f9c0aa4ec2265c47c96ec7adb6ff60b551d9d701d466cdc7decb0f0ae72a2503b478289fe89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4f32beae26af2391a2df6a0a1e9f5bf

SHA1
b8864ae707a69d2c0ce1069dcf0d69ff8f972c76

SHA256
7cd24fb522d0a77408220793392901011ceb24695c5f46e2a20913de067ba04a

SHA512
4311d7fff15cf13284c9cccbd56248c8abe709f5680d5649c1566b15d4dd6f7996ece3cacc6beed2b68c668db72b11f45b6762f7cb06ae46f535a45e1c80491c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6621c272212bb8a1080d7f2e634e17a

SHA1
fbf4d42eae70847fcaa8f36f9e7a0e8682b43573

SHA256
c2d7c9902bd54d3a58ab4b2bc691efc1a7cd74ee8270097dc60b609f2a46f316

SHA512
b3ab915f7e4ee85278da878293d8cdd31bf98a684cfb5fd67bc6776d1362ae13363ea660134df6040f5617931469a30d14ee2a0b6ad642443750819dcda9a720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea0849b4bfe12139e2d91c0ebaa36f90

SHA1
2e4075910f2109b7348ecbad040c43a24de87056

SHA256
7316d16b4db19fbbdb73f5445b138e4b0669ddd645dc7a195533cbf93f242562

SHA512
8778be6b446c430bdd8ddb94ea077e8a1b066aa1e0adf127d426985484110bcce8e486f91ada21fa64101a6cf7f1d70010d0803262abbd8b45162274d117eb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3068fa95f95d6f18c32be3d4e6e672c0

SHA1
e6ac18ee46d98ca9426c83e2e9c2c8bc348073f7

SHA256
a5997a9fe7cc8c560028bd68974f1c2f943d73d67687d6c3ec6aa25e25cc3c25

SHA512
79dad9aa2e73bb146cb1135e4ee96c4b991b127f87a71c0186db8fe70913dd69609914188adb707c8ed530a39752e98541ef8540938c1134118f637eacab20a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4541db4052728cb2214d9583dde51f24

SHA1
a7624d50f679fbf273abeb49d8301c749e768dc6

SHA256
1f6662352fd721c3f0b0184e15069c60cace118890710098ba62bcabed3afb8e

SHA512
77f9c6a9e4bcc0ac69ed204958111dbb16c2c44e03938ac744021f4fb2a9b48d05cea5b210cd11c8342400b5885037473a376f3cc7648a9601dcd9ed10365eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1b5bb72a858d9cdf65b53753dce7a1d7

SHA1
42075b911b56f5efa20f1bfe1e13c26685480a89

SHA256
bef40fccc0593084b34229e8372a88495ad054ad3d229e9ac4e74a360bd04f8e

SHA512
c91b06a44d6befcb14eda230ee9e47e92ca6da424c639f28cc38f77c8d4a4eced470e497f9c9e5fd270a920de9a3f10c10f78cdb8a9dbe1149de18ce355f1258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
062f601b38895289a83996f48f865695

SHA1
b48ade39a18f503e00f4c6d1c1358ef0ab3cbcda

SHA256
1b76c3ca20fd35ef06b2ce161ae1eed15e4d7f23947dafb1afb41fe9d0145cc3

SHA512
69c082b8c23c822a6c7ffbfe76d571016d629657d79f1a19e31e8c804c271e9d9cfbf2fd40ad56f11d53bacb9c02a1f464ee1c2f83b6c68b04138bace61e6564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ce05d51555996c81a5b5e0f627bf3816

SHA1
dd09008d563081734bb05752e82f669307eb6a13

SHA256
aadb1501434326b78ce95740d05a79610c2af2877c9ba9688eca6e2e71ef2b13

SHA512
78ca3b20fd81635e6185d0990f72d2f9aa68db713ad14c3b929e6285f6a758e99e78cc17a62fd6f7e979a3fe7f1ce2c6880479826628df8ad69ad1ba597f130b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xrgqwvfk.exe

Filesize
460KB

MD5
94cefd3d74be48528582c720608d4ba7

SHA1
0e6ac8cfd3b73f0fc60d0ccb70dab7f719e9d964

SHA256
641bfb1413aa315a5ef61868dd18afada77d3b593cc57bbcbc155d3df050caf2

SHA512
1d7765c83c56087213b8114ea8ddfc2513371568eb7e576d3809dea8cf993cd3d5167a28e1218c6559bc0f2f218745b3812842bf9cd3af2f2053ea1f49b59bad

Download Submit
C:\Users\Admin\Downloads\AXIS BANK CHALLAN.zip

Filesize
322KB

MD5
31d5ba64f61a44c49ac93b95c68aa3a5

SHA1
dcf2ae53389bba933bfdc873e20809f9f20e812a

SHA256
d43bcfae430ce4525ab66325185ded5721df8b1ee052372dcb76bd36243b2be5

SHA512
1cbf8300cceff34fd8db4ef353aae6b6ba5a8fa4fd71ca540c5ba15bb32c4c5884f4381fef402e874bf3f8d3a11cdc993518beb1dc2eda2d68649d8948a4b44f

Download Submit