kutaki | hxxps://clarkeshardware[.]ie/mips

Analysis

max time kernel
136s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://clarkeshardware.ie/mips

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki
Kutaki family
kutaki

Drops startup file 2 IoCs

Processes:

Arihant Outstanding 2024.bat

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdldbxfk.exe	Arihant Outstanding 2024.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdldbxfk.exe	Arihant Outstanding 2024.bat

Executes dropped EXE 1 IoCs

Processes:

xdldbxfk.exe

pid	Process
4080	xdldbxfk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Arihant Outstanding 2024.batcmd.exexdldbxfk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Arihant Outstanding 2024.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xdldbxfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133769546730498751"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1576	chrome.exe
1576	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

Arihant Outstanding 2024.batxdldbxfk.exe

pid	Process
1364	Arihant Outstanding 2024.bat
1364	Arihant Outstanding 2024.bat
1364	Arihant Outstanding 2024.bat
4080	xdldbxfk.exe
4080	xdldbxfk.exe
4080	xdldbxfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1576 wrote to memory of 2424	1576	chrome.exe	83
PID 1576 wrote to memory of 2424	1576	chrome.exe	83
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 5008	1576	chrome.exe	84
PID 1576 wrote to memory of 4564	1576	chrome.exe	85
PID 1576 wrote to memory of 4564	1576	chrome.exe	85
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86
PID 1576 wrote to memory of 2992	1576	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://clarkeshardware.ie/mips
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa4bdbcc40,0x7ffa4bdbcc4c,0x7ffa4bdbcc58
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3768,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,4183600291839084571,9408868864729674013,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Temp1_Arihant Outstanding 2024.zip\Arihant Outstanding 2024.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Arihant Outstanding 2024.zip\Arihant Outstanding 2024.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1364
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3780
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdldbxfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdldbxfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
19e57f09f346e29e2068756de4ff844b

SHA1
7360ca075b26283ea36ff083afb4db59c08b21ef

SHA256
d644c7c27d8073738272354844dc823bb7db250115d578c91310e89cef3e9118

SHA512
9f12ed3297508f2157d0c0fdf6113be8ad83097bcbf1cd54365cdac2b09e1074359208f0c6ded66a9f3822440c88cfb4d7edc991204496a74145124ad4cef7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
208bf0a5b432b376670e4e9ba20f8302

SHA1
c7cdf0e62b006898d7d9a8403d0fe3f66812da24

SHA256
23788fc3edac85dd1095fd84bc17b08070bd965729b9a33e75e3eabf8534049f

SHA512
e1b4cceed179d37c0221bc50e51cec67274a71fe520bba31d7ca9bbdf5fedf04aa09f977a063f25ffa357e73dd5b6b18c9e7908710bbc97300f876d111c9b6bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
458bc62f228e586e0c40d6f63558737a

SHA1
b5108faf3ba1ef5d3e8f930b6f65c66cdb73dad8

SHA256
7e8fc3c0fb8b372b29f47065a11f67b0459ba9574adc9fad09dd7607c39de68c

SHA512
afee47db722566008d3ef1ff2a9dd43c64f659b8f7a962b6f136af394639eca7470804850d55c4183c48d92f57ab344ed70bc26c00248d346c73f38759bdc60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c039d29c4db36add77ac6ddbd841e6f1

SHA1
7e2bd02d0f532354f2d6d98cbe08383422c05171

SHA256
7765f64699428b463286f212984816d98d9251d7b427702fee21cea567dbc913

SHA512
ba89a5ce1a44ebb9c4c52223e560f3883cc148a340f100cd610bc5734eed1b2d3048eaef6769593c89b6b127ef6e644010ac797c9ad3a35446dc0cf23b537e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7a6a5c8b46c33bb2b7bf8463b11c8f4

SHA1
ce93d60ac9af71f6b42e3342c221cd15fad1ebe9

SHA256
31b5a149330bd3efd15e49f10a90bc510568a6cb0111acc3f303020c0431f01e

SHA512
fe936324f5940115eaf5365597bd6c05b80fab9b317654fc611238f834a8651f9aeaffd64274dad36eb5b68a882fc5927a0fc938e1277875737c3132bc20d289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2152cc83a02aa4797835ca646267a619

SHA1
e578d10be13b0b30780afc44bee9a185c7e3690b

SHA256
7ec277c8ca586be58c09df6fd447c297136dada9389d359bd8d9671d8a41490f

SHA512
ba3b2b33dbde06dfaf64d84564a3616d73dacc8c214d5fd8ff547cda87d156afcc1bdf9df1ba1c5984a235c34c4c3a27260c8d013900bab16e39353b392ba15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d61e96976f607789666c3296176578c

SHA1
8f22cf5db99cb2084f713f5c117ec4b08e7d9e20

SHA256
32f13107c70e1d0307961a57465b2ab94a6a3a0755e742ed2be670e3df43424c

SHA512
7081caf564af054276aba0f4805edb58e954f19e92777c7b326914e73888adc4f5f685d7ed283a3fa2cb79ef2a42f0492587ad0c93ea2d0fc7e4134dd004834d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a901a2c6f6ed38ce7335da248cba5389

SHA1
e71ce9c30cb536142d30d0c93853cffeeec89f00

SHA256
71d81cd1e73fc482822a74c05005d9d5c585415c95089210b64292fa3986148a

SHA512
a8272bff8e86368fd856db82b704ffbb58967c0e80d3bca03bf3d63de16e6d110a8732eb3e6a6bd0477a1773275df3dc937464c028186f3e3a9d2400fbba6ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e78481c97d6fc0e763cde5d1191c1b78

SHA1
9f16265821a3bd3586f0bbd6d91f3c48252e7642

SHA256
18d513a0770d0ed77b704ae31e844414d5a11672240330fdff33ace25ce23c07

SHA512
62f6d721f76fab9a96edc56c25bd9d31f824c343ab359619ec7aa5c158f83f7816050e9f815728c78f2d6f98d449667ad660441fce66aec013e8230edf7c08b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
45c6a26a8f502589ca991250982a017c

SHA1
38da07a70853b66110bae376ea3d17cb1f54afe0

SHA256
babc159f70da83068bad781c5454c6dff5a7fa37c41171add232f9f46e4a8c16

SHA512
3f0e74538f243019d89949abd4672729b6ed5e7a0b98f140077cb7fd893741e4a987cdd56331651cbb75c03636f66d4fc5855fad68f0d5c7a5a7d81cfeb43097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3a71e69074458350c285645c66a39486

SHA1
db14f40bbdf83db92016af6cc828c4e8a88cb230

SHA256
834565751d4bf7a19debd58df459f070e5d5f1fa5dba416a5e2e47b1c8bc9724

SHA512
534bc9b9bf4a7ed83bbfc3e41f4ba114f386d37e9894657118da66fb6e9f0b272f074cd4adb8a86c75d0d5ac20ad55b1489ba96fab7e84b2443e44b9ac0160f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdldbxfk.exe

Filesize
472KB

MD5
c4e5ad3fdb96a66d081b6000feb8a81b

SHA1
4769a4d3f2c3e49620cb09d73c044f7320d61388

SHA256
d08389b199d2d5b035290c2aaa3f917542217a7dfde408f29fa420740199a12a

SHA512
0a6b70648e6a8861d093c673e8e12bb6a9f5ffea4d753ef66ab34a1e2733687e5f03ba9c33cd9a3be1dfac3d027ab38bbee99ee4e2bcffde9e175b96bbc350af

Download Submit
C:\Users\Admin\Downloads\Arihant Outstanding 2024.zip.crdownload

Filesize
325KB

MD5
d9d3182a4ee9a42e285a907f66c69e27

SHA1
39dfcc23fc7664891927084e7d117029272a744a

SHA256
ef740d2cd94f33352b20a236e48f7d3fb29b39b5dedf6dcd1d3f9f52be36278b

SHA512
46640836988574c33d4601cea36acaf77826bd5ea7843c63b3bc62da5062788a11cd2800d5e572e3b211781cb2d3ba505de8d99482e24d0946f06233933e93cc

Download Submit
\??\pipe\crashpad_1576_KSYVYCYIBJTPKIWP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit