kutaki | hxxps://argunt[.]com/mjfjdf

Analysis

max time kernel
600s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://argunt.com/mjfjdf

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki
Kutaki family
kutaki

Drops startup file 4 IoCs

Processes:

Outstanding Invoice.batOutstanding Invoice.bat

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe	Outstanding Invoice.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe	Outstanding Invoice.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe	Outstanding Invoice.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe	Outstanding Invoice.bat

Executes dropped EXE 2 IoCs

Processes:

nkuajefk.exenkuajefk.exe

pid process

3676 nkuajefk.exe
868 nkuajefk.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3676	nkuajefk.exe
868	nkuajefk.exe

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

taskkill.exenkuajefk.exeOutstanding Invoice.batcmd.exenkuajefk.exeOutstanding Invoice.batcmd.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nkuajefk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Outstanding Invoice.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nkuajefk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Outstanding Invoice.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

396 taskkill.exe

pid	process
396	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766737076082525"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{34E7188D-B2C8-4E12-9E53-F5CE3DECC60D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1916 chrome.exe
1916 chrome.exe
5040 chrome.exe
5040 chrome.exe
5040 chrome.exe
5040 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe
1916 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

Outstanding Invoice.batnkuajefk.exeOutstanding Invoice.batnkuajefk.exe

pid	process
2076	Outstanding Invoice.bat
2076	Outstanding Invoice.bat
2076	Outstanding Invoice.bat
3676	nkuajefk.exe
3676	nkuajefk.exe
3676	nkuajefk.exe
208	Outstanding Invoice.bat
208	Outstanding Invoice.bat
208	Outstanding Invoice.bat
868	nkuajefk.exe
868	nkuajefk.exe
868	nkuajefk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1916 wrote to memory of 2616	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2616	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 2444	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1612	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1612	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe
PID 1916 wrote to memory of 1132	1916	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://argunt.com/mjfjdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdcccbcc40,0x7ffdcccbcc4c,0x7ffdcccbcc58
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3148,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3408,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1448 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5116,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5516,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5684,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5816,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5812,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5480,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6024,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6136,i,2428510810195484228,12753180052157196474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4588

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2240

C:\Users\Admin\Downloads\Outstanding Invoice\Outstanding Invoice.bat
"C:\Users\Admin\Downloads\Outstanding Invoice\Outstanding Invoice.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2076
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2464
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3676

C:\Users\Admin\Downloads\Outstanding Invoice\Outstanding Invoice.bat
"C:\Users\Admin\Downloads\Outstanding Invoice\Outstanding Invoice.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:208
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4548
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im nkuajefk.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  PID:396
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bd14a76e52943129465a490781c7fc16

SHA1
b13cd8a27abf08ca25fa2a1ecd8161b8b7ae7c69

SHA256
f536a89d6d9e7b7879f40442ef70426f3d7e22d1de62994fd1c3ffed08529388

SHA512
6b1236815eaf55c51ea951ccde482a63db1dc9c9c6afa487aae46d04fc929ed6507274a6d0e4eeced2e36006a90b5f119ceffbd352d1813ebdbd0436549bad0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
89c136179baac304c74fd734438bf884

SHA1
759045db492ba247bdf820156ce1d7ab221bf892

SHA256
13516e0432913f5c4d091d76faa18917e461af44900a40e126995337210648a5

SHA512
abc112eb57ac11d208ac2e47e74e0436d752e584a1b64f3017e0217512b70f5671ae85105253eec20fdd62e9f6502112f9cfa170e0bbfffd8497d8f4aa8e4943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
89d9d8cb972162364aef2a361690efb9

SHA1
da40a8827e16bcb5be8b31ed6d29c190b8ac2952

SHA256
91e9990d14a940ca3a93942e338dfdab1c9718a988de23e0d12867713754a55d

SHA512
331c537b2ac48f0eb005d4fd7ef109955c8c1c0a78bb4f0bb9f8024747c6799c3b6a5b763765498948b989da98578c22155f288c77e92ff9830ec02bfac16b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f4be7b1ec3e8605baa338ebb69d5f0cd

SHA1
f876813dd5ab4c352f0e338d573f3a0c09483167

SHA256
4ec0d95e038cbec4e753d5b57eb8c5e23f9658408209f781569c6b8b42603698

SHA512
2477d959845bb21a8e0340287399a48b5d7a2511104edb1d08e092084e865bdca71322565817480e6a38b3f177ba4c24fd93c68b613c669d8b67ef5b95d88cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6378ff26886a8a4c9cd885570e6cc52f

SHA1
41de1c76526e84c94d55955010bcd3a9862946c7

SHA256
5eb0f27d4eb0cd7ba340242fee60ac6ddd979b3893f4caa9daf3c9709184028e

SHA512
5bee181e5c2c884fa78fa1b929d014a458dcb3ef8e9c910bd8bff2f11343576daa5583e03c818f20f2cade9270635527943fa13b9cd36eaaa9aed4aace42cef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
85a07d89ec834917fefd673f46a7ae1a

SHA1
c35642968e182a99fde6b3b7eb155bf316b14ac7

SHA256
4ad56011bf40c2b1c09251c8805e3f13049afb5a5320808e7f4f1831776b8760

SHA512
237ae3ba6b763e76b4bd753409ea2c0ae7196f2fe012af50e6b2992de1d4b64bb13b6cb3b0d4dc29514754bb2405e097cf13ce9b8c1317e5c3eb36dc7e93da37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4f39b6b5bfc335a8a00fedb3e7b05d14

SHA1
16561fd382d52242808c92d5546ca99d74afeffe

SHA256
c801d0be9e09b0d19d85ed05306aba11bfe1c207ac48e02d857ca6b4c87387f7

SHA512
ce08b0f5bb581783785a730a93d2c216332e232dc6fbc357dba8d2dd7a6a5e067d8d25e8520ef4a1e5a59fdd9d7c0fa02d539ae9bb6aa9182d5e4bda32e6b07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
f6cfe3182874ee7535dcba4b3cdb8a88

SHA1
79eb640fabc75e0ca2eec7dc90153b07bb5b2168

SHA256
774736ebbfdcf1fec9318d3e072a64214f668395b7a7083be436a090481e96d7

SHA512
88170f4ad97a1943128b7965984cc2f8c1e42a52e578b782b651b2083d8d88d914d21efcc4aa64cb030b11294f118a52927bd6988c262c4f8371cee36468d539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b455a22927cfc7e4729610a993df5a9c

SHA1
fbf7677f22303c1c818ed7bddfe8fb1b62f3c702

SHA256
9203b455c3daf13362e0064812918626e7096dbebd6013a1711b9e35d822e084

SHA512
e53dd43efcaabad11ca74f88ae2b450b19ae03d21e702ea006cf73639aa52a0e3064d1c362415619d2b65b8560281674ddb0473cd5331b89e3268e94e58fb4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
7cba43f30ed320ff1dd304ea30fdd58c

SHA1
5bdf6a90616d0651aef4957352cd5869dbd3311c

SHA256
7953947aab9b59472f4aaf1163b17b3d7d7e4f893cd1fd548db29d6f8f12ea84

SHA512
de093847fd88790c263afd21c8ac96ed1b7368f2052ee5b7b9ca39456db93ab976150b68d05a7c57e807502d3bf0c5167d0ed516a278062b146f51357b537a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f87d49dd07bf6acef37a397ef17d131b

SHA1
284df84f70168012670ad76d90e9de4088dd70ac

SHA256
218af028d65f737d47f83550eaebed46bb8cbf44dfc96b0e04b15eea7c40c45a

SHA512
5c22a0c8c16c7850704ebe26e4813028797866065adde7bd616d6c4201bfd9885f704e4e793c6c9e383940c3480f7ecd8786c97896d76690fac434a26d80d18b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3bffa1ffc3fff30ddd2811573783fb61

SHA1
4bd0f22686b6ea3bcf1f27dfa27846cff831140c

SHA256
d1e435906b06cacfa89220289027a0d63d52a74897432670832d2f5d1dd3a330

SHA512
25e93adc54bdab546578f29f0154719a957b2a35fd782b6e56b8ddad2a693f35ab126c0c5e1bb0bef15be663e2bf577d7d82e2436936d8ff2e46163d0304dc70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
619234b4dda6eb095570d2208eb80f19

SHA1
e07e952f6580d9ae4b487771756b74e9a65d9627

SHA256
927ec2751d7ef2fece953d9dffdf2770088dd5fe485d3011e6d4dd12cdfbe1ef

SHA512
a04619da5d46808e7267c143818f1b699b4c4f44acaab0387efc23f721830328049f5b607cbdd098dddb912077ee6ea35b12cc109ad17d7bf5eefa51ff9f53d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78fc9bc4c0ea33d2b9195b889bc7abeb

SHA1
bc55e6316f60b295bb56882cbb7dcec948b38da8

SHA256
b8110ee9d2acb3a7300a192ecdb4554b42efedefb7d8f8adabc9e9a65280e1ed

SHA512
5aa1d4c805b0cd554526661b8d91eb8543fa62aa5742375e07119119bbb65b1abed2b2288f3205fa8ff37d0a7843677ec843d610b582a56fe42acd61e2604287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
376cf2a1c86abe995632d5658720c914

SHA1
acaeab7a8606e8d0356a61e498a13ed2584ffeb6

SHA256
1267f9668cba6a894083eb23a9f5892bdbc3fe693ef21c2ce477f8214c87a46d

SHA512
8d515615b029445684987e98416a301ddc32ccb855827b05a1c9fa4ec0d79f7665cd52f54637c0454ac98963d44f0edf5c98f6d3391a97ec05188c4a95bb2ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d3d9d190dd85f34080fbb51043b13f9

SHA1
782b56e4f0e0a138c7b74c06f8333f29bd2dab0d

SHA256
3283ee47246d44003553051a6106d50c929ec635c6a19b4c139185051e853c4f

SHA512
831c161292c41bfb8876503c30d8eba119131892fbf25aa803249dee62ede18942cc9d687a2095b5d257d57f47cc58f5f1174515a601c6ec8de181ad7075bf98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03509dcb13371b119f0ef27c03d9c4ab

SHA1
b4939cdb5a486fb1f68bec1663e2d65233b8cb01

SHA256
067230c0bac094e526132800a9643baea4a0281566c79f99f90ec1ed865cafd6

SHA512
d2014019e3823fbac5c03ab9e77e53eb2c4b51a7581bcd372c5afa3b8308dbb7f9e7d1538a3d14e42b2828b2dc402782e94725b67cfe195a94fbbdd1def687df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f97ffc4b916600aaede1c321f3768d56

SHA1
e04360b4206874d69208d08196e9d3155dd1031f

SHA256
c8cd92862391d5171beef11ed3fdc21b0538036067d6780ea79ee30dbd4cd611

SHA512
6b536b2c145048f9e79af64fec0715c7b65443c696b9b35315336d8b6db091059ac2bda9fab47b1f81a01fb2a92bc21144e7acfd41e95a94b4a9b7b8a3e11603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b3aced70c477dad7f4f799e84891a0d

SHA1
35c4b0dc4549fee49dccce6ac9b72c2311a93a6b

SHA256
9b4750f98d6c4aeb1a7a6d3de06240dcea3fc0c26d33338a5830fd355a740f67

SHA512
4bd4d0bb700adb05d30c17668a8ca79ae3ceb8c192ec8531479e75c0c998a4ee92fca968a6d0b8076f203e121cc312aa3a0d1d6cf9b50456032655082829ce8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24933d7cd0b24952244c0b6dfceac35a

SHA1
568b55f798482e6d597ab0a9c15eb3ff5d636a42

SHA256
d384e21779eb5178d1e3392a8e36f86e572d7643cf73fdcc78f04e8c9ca0b5fe

SHA512
fcddb25657a434d778e46485ad31f2831b91e41f599777f947cbec39ea4a162f3a0a4d69c84e85c6c0cda030d7c5573d4760723c8551c424557fa08cdbe5eda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5454567c676c8bcebac03a46e9280a92

SHA1
b480c6b8e9e1557c3469ed5abcadd0b96f20e6f7

SHA256
6b8439fbc579dd2615fa5fe2aa3eb47ef23d7171a7b7ac2ff5a8d26b5ced3621

SHA512
01fd3bf57e5467e0c52d1fcff495c2fc361253cad7fdc978fab6ef8c341cd6279e40e47653111798de891af3c29c38593bf6f140aa38a3878f9bb583849c2a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd6a488bed0b7318554a11268b16faaf

SHA1
fc33f881ce90c3b6f9a87cc218ed66c16e5a2018

SHA256
ebe9e43b02fa528015242791ab8ca380e02f4836e6ae37e79d9446927e6a49b1

SHA512
670a8d0bebd347f138ce317622ac1f95b53530f51e98c62b0c18058e8d0c325136f53ed8b84622f72bd11ef36bec2863e9282726fa631029751f86e1f74d82e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea98bb23c405306cc0387d7cdbf8bb7b

SHA1
ec7bcd726b9aa7713247fb4d9f8e6e064cbbbe01

SHA256
819dbd4f151961f87308ed192d88e9d695ea3893281b6de45ada6f024097c19a

SHA512
9c559610aeb76860e264b76df23a506b9e6117c6aa9e05186121acfcbc138b849cc482578cc0e977df4501ce05b44dff129f0bf2ca71fa2b6a0d27defc457316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
10b69f6ab384aecfc15a5266cd46ae1a

SHA1
d087c12443ff80dfed29a481ee7f0d21f75094aa

SHA256
c4a3a01f3174349016f97045bfa6b4a29b0fe1288fd2f3f91f5ff36a5edd91cb

SHA512
312cb43dba0298f78be9bb3a2d5257c6f830c59c26a432afd26eb4ed11ed23866c62d939d00f5b91ff93d649f1df104f2b9d33b2ce76c9def5b1d6f71a1d0cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b15f02d21b569962c94a124f9957f624

SHA1
92bea77d518e2188249b4cb2c817ba80f10b2c12

SHA256
aad69af2d54e558e18896920e5e122f4a2ef47e8ac9ac802979a8995b1044787

SHA512
ee6066463d2a77e4796024341b5bc8ed067add2e0c4bfb49ceceada52cb6f6f410f3767eba96f6200c0c2726bd15cf768f14869a8775c30eeb0d3f14e7464ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cb7e9c63c3056fb06415e5e819fa1650

SHA1
2de08b49cc4470fac3a4223b178139de003b195c

SHA256
5ecfbf612ab919712cf46faa8ba79d30700bb1e81b2e0ea959cc01e20a77c062

SHA512
82f10dc796e2cc2db71eb9236f478c1e89f8dc0955069370b9330b5c3d3dcbf6c8b4117aa51a3cdd737d54ecd2ed6f856b8266fe5c02c8413f2765d0f6a00d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c88727f521064c9ba172103ab1eec73f

SHA1
444d0f3557a4192cc913d018c2a39c1385491353

SHA256
f51a1dc1184512dfbbee7918fc23ad63361fcfe3238ba6a208bd1dc6e0e2e400

SHA512
df46d0c39553bab2b22ca89184948f5640c17bbbef6f1d68583291e8d44f5693c90afb1969eea7d4436616a322be54d7da989e7dc27bc2fd71a58a0750d105ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4f0e62a1739fea408db95dd36a743b7

SHA1
4fc0d07f39ae77c9c047eb5738305eb7d0d478a3

SHA256
7323ab62e600f55260a972d29138c1cd7effb52f32eb98d32c33f4a6b01db36c

SHA512
eab6fd963e3982cb3e4e3bea29fc887b3615169ceb341f3e16a53fa08e7754509923bf6c8bcaeb914723da81fda42eb5a22cdc68931fb5c8ca501c88557adb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ca37e0be4c9e47d4de2e7561bc3200c

SHA1
dafe26bcbe61dadd32350294bcf1ab8678991c8e

SHA256
05013d112b7518c958d30243636007f3c1a4817b8709a1b44a491a482307e0b2

SHA512
bf28486d9dbd3c47d66010b65bfd1bdf89504e4dabbae1d763f6f6f467683540b43ef3e8c8f1e3fbc8006ae0c94b0c57adf93ae40b4752c422d0ac4e1b697c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a62462325183677b50494c4803896a95

SHA1
a2e8c9a41bf28796410855e0380ffd2ff7bb7721

SHA256
8083a168564560fc1b864d67e869e025ab1e903120d476331c7b3cc19b6ae477

SHA512
1ec7a8937ae7e7fdd02eeb8e7a8f59d48dc018814ae92117cdbc5cf35fa8e7aee9c076bb6c7840bc31d0a716ad33f52e3f5de1d55ca8545b4fd482657b9ead27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c80b839b62e4ff3db6b054ab650862e3

SHA1
1fb564bb7a538f85e4043f5667e107c806ad0667

SHA256
7479072eaa6a4b9349984e2b605b29ab3cabc8f8ed3648834b56e105eec738d6

SHA512
28d425499270d0e8e73b37ac04d13828328ba15aad8818ae4af040677fa2bfc3c21cca45fbedd603ee6d14baaaec0f4db02023e81405dd782ef9bd54d005bea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
62ec35480ef032cee60525a29c481768

SHA1
bb0e0d5bb54b137763fb3b628e41030f50e79b55

SHA256
873da898aa9d77dec5727925e229e29f61d63ca2b588cfac21341b8776dff36e

SHA512
c4f4ee6487b468f7767f724233e7aa8ddf623504f97d5e3567710cca688e08ef5b55d649ed548590ab2f008ea5e7357b55ff503955add9713a642bd9b20e8949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
256ef200395af79bc1d2ac94808027d5

SHA1
193f3f5f801d83722ba665c29e97af0369d05b71

SHA256
b73fdac43806443e992374b78e84157b588d94b2b181bdabbacd20179bffcde0

SHA512
2968ea98038d905ae6523f499578981240d4adcf805ecab279589117434475b7474771b3f1203505f7432465f4859f7c259f87b36b8d6b39534b783d1926efe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
591a5772b0151244ccaacf31941405db

SHA1
00e4d026ca398243cb2a2a71e8ab4ae9010dba69

SHA256
e54dd5ed09f0c6b35aa538f912df06703df01cc015ea7f4f04939dac10554187

SHA512
3d8bde2eacbf88ada3ac21946d298f8b8f670c4677f20db379f8ed6a3f85afb60ab096e814c4e4afcdaed462b7e3bae50da96215f550a127ab51bcdfbc0f6813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fafbf55c97d0327b40c843ab55250c3e

SHA1
d961ca097f31da37b5326f6e919068b42bb344c0

SHA256
38100dd34ce2c80c3186dfaa0bbc37851a9ac38d82fd957ad5c6266461f0b9a3

SHA512
662ebf33e3f884a4f821925d34e8b0368689d8fc044d0220af09b0eff9c6036ac163563c4f76b7bb416ce43ab739fbe9f93c23943c75cbd0fc04f1c5ba61dd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
604ac4816025b3d4e0a5cce110ee5e63

SHA1
033741584a722ba6f720d1d8f139b5859854b5ca

SHA256
ce804dea7404af09a1d709d3e944182e359a42ff5890d39d18977aea05395435

SHA512
7383254ddc44f754696779e741efcd7497a63d2e0d9b67b4de3d10dc7065e7ec88bcdc7012a7341326106295e77502045891c6aee640bc765c6a7d9716e8dbbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a35f945bd672f918476a0c67c0472e71

SHA1
8f8a96d7d26f83e9bb543e723e308ac67b232dd6

SHA256
387d88ec8b2b9f2c8b15421ce169896cc0af4cc0960b870c352a4cddcc64da84

SHA512
d8cf4e5db315dc05eb2a80c91a8d55e4766047cbbdaaff92a5dc32a8780320bdc6936f745e52790f3ede4761e3fb6f3e0d40cd8b58b12f506a436d1655d52452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
31fddea6cf5a6a95eb2f3d80787ccced

SHA1
13835c9793c9db9b90332718107cc30effd9cbed

SHA256
4eb19a607d8d60ed70d3de5a2c1b48094f832c71b7b084e4d330084466eb3e41

SHA512
c77e534dcf0ee6468053a0d596de0f355b3ff8fb16d2067baf34bccecc57500ab1a96d95184a8ebd5717c8f5c51963032013e42c6022b8e68cbcdc196ac06c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8dd33dfa663f5cccace1049dbcabfd85

SHA1
6d099e247fb1da4be462c17f13e4396284086e37

SHA256
ea03c026ec66dfa20ca8153b8a20aae0d6f336a6171eb7583d3723ba85aaf9ec

SHA512
07d53dc7a9e6464b4debf893f7f63f9b2af7abbeb7de808afedc95c754384f2a49b53ba0b71b2c0ad9b4903dfc95620030469d3a9b256f742101cc9412d3d0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82cb9d4812810fdfa4498406571d06e9

SHA1
0277c6d3e23b14682d50cc0ed7334a25a4cbb212

SHA256
9d95abb441c8b7656a97e73671e16a54d03bdea96f5363954c41f5f66b9a1709

SHA512
1364e2725ce917df0fb266db721c0d2bcb0292e44095f293b803de9f622e8e1046ca1dd50669c7c99fe753d779817798359aae0bb14ad126d3f99972f9ae0bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3fdaeefa16f79feeea6ca66c8fd7a832

SHA1
7c7eaf961c40a2a42c76c421f1b2db7418eafb35

SHA256
eb9ddd82d3e21f465fddaa29bf082ab2c7084be56c84820345017917771f7faf

SHA512
53dbf6c95ffec4883ec99ef63502cf61a621ed02b426037714aa626b032be79db99a213f5afbd179edc139d352bc7689edfbd421ff06140cbed152f19ecd1388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
47dc84e460e79e61088b75fcfbcce996

SHA1
96e18d853ffc8595f141cfbdca8a57c805fe3a65

SHA256
66955884ab1db3a0b5afbc28db8bb9a1f94fb93b55af4d88934c1ac225c33a44

SHA512
3465d3e768ac8fcca0a14191730b45c7f030d0e9bb01a949bcbb06e1a77c100536f7e0b823c063514336d70049183f3e433093f588de766b5478860c39039d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
be45f0e95cf6ef2ed2f493f61c6f07ed

SHA1
06b0ca1f98a63c85ee009042c3f1c4405e0b77a2

SHA256
155b3565b8810919371f699648df101a0e0159c045e7ac5240075275e34fc64a

SHA512
9fd421f97f748c0f008a802a04a54dbbfd5001cad2c7ec42b34adc0ed80c0b3363fa56c26060a7ff1dd61e3c00f9911bdf4c507286c19edc69f3af0b94e6f657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aab933f1f0e3e942ce7916d3e4d2f374

SHA1
9a709012c8ece8aeb0c0fcd4c8d2f2845b1c1b66

SHA256
8f3489bcb982ea2a498611dff32758cca9cfa2d43f59cb9ae42eb5c142efc452

SHA512
05cd52baba02bd0fe231dddbcd24337da87047665f12c424f851f3da8bd3f58bc0aa402943d94937d562ef15b840b5ef461977678fe66a3039dc85c75d5c3a09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2cc54bc3593b486a934d277b28466fb1

SHA1
8e91eb66296914375729f7553a1ff42ce8324d5c

SHA256
c445a9582bfcb134dafff9fad27da4271a1406c2110cc5228777496259d8a323

SHA512
b551368bdada548dfd1402241aacfbf2e26f5f3ccdd7410c80259e1d6df21eff3fe14831cd230497a1362610ce60349cc63af3b8c453ed9c81f95b90d11bb352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cf85ba548e3e8076d6434630896b58eb

SHA1
2055f26486d07376829633d2c7dd42af71ee27bd

SHA256
b6047dbbcd867707cda415fbfea9023e0c2313cf67e0e66d8118a24e875abf14

SHA512
308e5a8ac10d46eacf99f90e69d7f6540de51cf1b83e069c6d9e7043111f6270ad9ff71e1205ac059bd32cf0404555071f6b43f41210718e50d00979c9b0ef81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
29fe77329f8021ca905635adf749194d

SHA1
22695cb0cf28a331743b5e525cc54dd80f76bca3

SHA256
9a2fb05c557cc2c9326f0680dbba43b07b9a17c9a0196be1cf032b77ec4e019f

SHA512
7a831d7f9944f7d537f82e2190ef329f09f0d9fdd6bb7ef23c3ba3827dde8278904c1d2752d5aae7dd643f5e84ad0af43b8322451d310d1f3c2311ce78cdced3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
452ca408dfaac56164c30ff02ee718b4

SHA1
997c431d39e53f5e9073cf050bc43463a8688b17

SHA256
64a4412f29a0d98613faf3c98906ac72a75d2e6b8a8136bf7749acdf5e29cdcc

SHA512
0a0a6c66bdfb85bae74541c3a08aaa75813444d2a8e3a22ee48361a2932bf4a7b1f8aef874d8bcf11da089800d8e490b6b0deea28c4f44483e51ec1f27aea764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ef3ba911-d3af-4afd-94ec-70274f40882c.tmp

Filesize
11KB

MD5
8218f808c0099d12d18b59800b720795

SHA1
c5d78aec215a94960e6c46391abfdf386152f1ec

SHA256
0d15e2b38c86f226d0f5ebe832c4ca7c6ca48848ac9e8696a8bdde3b637c4525

SHA512
0ff1e4704d74519981c20414b978b24105cb43bd796332108ca53b63c0bfe7a77316ded20c27970686b30f7c7661d972363adae9d240faff4ee835427ffef71d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
13c1c3d878888a33ed8508293096d808

SHA1
d2c24891251b726e860694c901106ad065b2eb17

SHA256
8b9b24f170dfd5aef03255c2f5cb4cd1e249e0695b324eb8251ec2cd9e0c5f87

SHA512
ab080520bd400c7a5137318066f4a34501b7e67a595d7f33732b90f9a81601f8f96e7ca4f9617282e02ee5595e228a4054b6043abf4e114acbcdfb8c10d5f994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
56606c2ac2e01844adeb921a72f538e9

SHA1
2020e699c2e29e2f5e36df3a2d05cb410ec0f087

SHA256
b03dbe4e49bcd735442b907b5e3b77d41096b144621189cf87dead85d4d30e92

SHA512
83e4b31ba5320d8d2681d660f547009bec6ad1a06d04dbb6954df0ed64608364b96e6132bacc8bc3337bcde1f764ef5f62dd35f61f47beff2a4805d9a1fd3148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c2fff8cde661cb678402a0404efc0fba

SHA1
8ada017dbfa0391a1e90fb8fdac028af5e4f3eb2

SHA256
aece48d29248c029dfe9835d7fd25ea5ff7281b8c7da512d05405802d1b67ca3

SHA512
b6bfb79c7f5ed368e310b4fe73b7353280d2f1418701e4b61a2108e72dee345878fb838e2b42c596c6768587bc86da07f67a1da3f241b742112cc8fc5d3faf5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nkuajefk.exe

Filesize
472KB

MD5
cba659d7b9f33e9c4ce44b14555a81d9

SHA1
b61506e07b26df5a1d5f3fb600bcdb446c427331

SHA256
e5f99004d7a7bea0e06f7530090b44323217702ccf864005a11fc75404b38044

SHA512
df18ba1e70138b66ec0e4bb81fbc7296683155246cff06a8e472168bb672ac115eb47598eef97a2933ce623cea49b04a23436229c729346bce589de173d91697

Download Submit
\??\pipe\crashpad_1916_MDPKFRKWJQHJBBMR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit