kutaki | hxxps://skgl[.]in/[.]well-known/acme-challenge/tools[.]html

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://skgl.in/.well-known/acme-challenge/tools.html

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki
Kutaki family
kutaki

Drops startup file 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe	NEFT.bat

Executes dropped EXE 4 IoCs

pid	Process
1056	iwpprjfk.exe
2388	iwpprjfk.exe
2404	iwpprjfk.exe
2212	iwpprjfk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NEFT.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iwpprjfk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iwpprjfk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NEFT.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NEFT.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iwpprjfk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iwpprjfk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NEFT.bat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs

defense_evasion

pid	Process
4020	taskkill.exe
2252	taskkill.exe
1884	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133862855756050172"	chrome.exe

Modifies registry class 58 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000009bdadcdb4c81db016faa78f85781db0195c8647a8f93db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
5332	msedge.exe
5332	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
4024	NEFT.bat
4024	NEFT.bat
4024	NEFT.bat
1056	iwpprjfk.exe
1056	iwpprjfk.exe
1056	iwpprjfk.exe
4784	NEFT.bat
4784	NEFT.bat
4784	NEFT.bat
2388	iwpprjfk.exe
2388	iwpprjfk.exe
2388	iwpprjfk.exe
4860	NEFT.bat
4860	NEFT.bat
4860	NEFT.bat
2404	iwpprjfk.exe
2404	iwpprjfk.exe
2404	iwpprjfk.exe
1724	NEFT.bat
1724	NEFT.bat
1724	NEFT.bat
2212	iwpprjfk.exe
2212	iwpprjfk.exe
2212	iwpprjfk.exe
5196	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4752	1840	chrome.exe	86
PID 1840 wrote to memory of 4752	1840	chrome.exe	86
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 4492	1840	chrome.exe	87
PID 1840 wrote to memory of 3920	1840	chrome.exe	88
PID 1840 wrote to memory of 3920	1840	chrome.exe	88
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89
PID 1840 wrote to memory of 4160	1840	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://skgl.in/.well-known/acme-challenge/tools.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe35bbcc40,0x7ffe35bbcc4c,0x7ffe35bbcc58
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2104,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3124 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4980,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4508,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3208,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5664,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5656,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5140,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3152,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=728,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5172,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5320,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5800,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5972,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5708,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4584,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5116,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6312,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6076,i,4413869716277680171,3012793917258753544,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5196

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4024
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2276
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1056

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4784
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4900
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im iwpprjfk.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  PID:4020
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2388

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4860
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3260
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im iwpprjfk.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  PID:2252
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2404

C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_NEFT.zip\NEFT.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1724
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2248
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im iwpprjfk.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  PID:1884
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultad51f871hf544h4160hba50h35089fb4d15f
1⤵
PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x70,0x12c,0x7ffe23ae46f8,0x7ffe23ae4708,0x7ffe23ae4718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1399487019635628854,9879813369640246308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1399487019635628854,9879813369640246308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1399487019635628854,9879813369640246308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1ce10ca8h06dah4227h9b18hfd51db28dfae
1⤵
PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe23ae46f8,0x7ffe23ae4708,0x7ffe23ae4718
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5865167965741830831,18049903295758621198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5865167965741830831,18049903295758621198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5865167965741830831,18049903295758621198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:5232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
79478d1d20b916a7084144f637eb9f3a

SHA1
880fb4c945b5184a5050f6608a58d00567204b6c

SHA256
135a9875dbfa69e75005e943ab0d3d890541edc994d4268dbea08d6a1b44281c

SHA512
5e397909df1ff345bc9dd66dbb323cdd98d438fd5204058bb3ffac0703b0d473d68fa5ce0ea5267a3ce94bdd5e5ac9bb7e73645d60be08250a3b3ab79bfd8861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
215KB

MD5
786c4894e2393c2a6df8fe0fd6aeee3f

SHA1
2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0

SHA256
258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4

SHA512
73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
111343e730c2202dd03960b233ee7feb

SHA1
8c52374dec47bb56e05fe248f1c883f53d728539

SHA256
74b0aada8e797935e9d5f78c3d562fc43093bf209453d36e0fa1aade803f5c5c

SHA512
97cd9e26c38152c32e673486f2887dd4c6e4a89ad5ec67c1399b568e335526f373e89c4e357d0abf5bed9838490e5c7225b3ef40fabb796315f333deadb29314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9d81b27e3d305527892ac4eaae0f6b79

SHA1
9a3d89a912a2ced00cebd38cb36098e196721b3c

SHA256
76430eb24b181c587f681adafd84202aaab55738e05b0a39273a9612bc359369

SHA512
14a39d433b0ac4486bd5bbaaca7e923ac96c89e9daf827b73f38e14ca4c0743df337542455eebfb25a05897039bc68e0632f4b5c8a3445e008b4457c039d82ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
12c9f6e920ff8ce2e5da4dc89be9772c

SHA1
bbdc150e8fb594957c646f2ef58a15e529dca700

SHA256
d1731f5638eb2cffd4176f14a05a9808db083c79746071b840d32499dd461cf3

SHA512
36d2ccedf4533655c00df07612f546daa2bdb1f0487ce73528e4ce3e537006035f8ac1c92f217cf9e0a3972b502839e69fb51a76955885de0ed098a08b3f33bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5cf75e2fe7efb099669ffba7f633684a

SHA1
f5169d3996091eddb5894767fb080bce1334e3d7

SHA256
24b6e711eb4adb4d29ef092552345acb031a940f595b2e0bc5f6283235963949

SHA512
da40de3b341f435b86a476e57bb10b0f1d03312823a7331b11df703e864cb0f7e7192ab59fe48e951a55247e9d6b61bba4f2fab96b88a1a0df2b502de5c3f4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
a2a1d7dc06c5f90e77d6a5bfd5600581

SHA1
96728269d159214d065f296ff59ad8a06019de2c

SHA256
1a4d64975416d46f8812f7d829ad7732072f52cd489345ddcba8695e96498e0a

SHA512
916e35d9336b3ac018a68a3bda657a3ed883efb9b2ea807b92ef21265d3eb3506f83e95e4c6226cbd7dc3b0d19e52235aad5ed4ade99dc2621088eb7679f3fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
74bfc2fe6de9b0c9913dfd3520b38ec0

SHA1
729117f52c3eae5f88abf47ccf4205953cf6393b

SHA256
4d27e247056a0cfcf9b250913b3070a3c6eb9b988da25fd30b6926be4d3d776b

SHA512
9e3dcb5dd6f03b7e1914c8c9ad3aa161bd777d35109f173d016284b40bd07c2d33d0e7ba9f064d8f1b97516a1bd1129abecbd37b5fae4c693d760b19305cfa0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ad242ce10ed5b80abdd93c55e08cdbb3

SHA1
ca8603cb9c031ff80a2964fccbf90fd7ef342cf5

SHA256
fdb22a80c34a23a3cc0e2557ee881dc5ceb52227825e11ea2eab2c528d8130df

SHA512
5ada21b2537c71e69b77aa42c7f0c10dbaa221e90015a371e308e7eff8e86dd85e8a792df3aa7d23a5e9d611af961fc512b83d13dc2bf5a05fe2394ef3369339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb4183e7e6af5dc273d1fec78a2088fb

SHA1
c45a9f877432227bc6d0d49a4bf1ea0cd36537be

SHA256
402128932d88a21a4d34edbb1158bdc073eda7d11d8241250a09c7296f4706cf

SHA512
48e0d5e39ca27029ff8bf21e6be99ad4adf30f014a9acae10c318184f01ed6c288bbb3017ea711e2aeae90ecf9fcd28270d79fe07e4a7073eae379b46f79e343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f8c41e0cbc060b07c9ec2698a1f3225

SHA1
b06da5150aec1e68c4966a1edaf7e73b9a7a895e

SHA256
f2a404226bf01317c43fd18b70156a9e72a87ea65909cc606906869664308c29

SHA512
9604b3593930a2c92100ed05d98224aaba3badcae9fde06d77b0fcddfa85d66f68cb8309399d77fa19cb4884fe57760c8bacd03db8d5eba88dc601b3105c4ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aff265425ba52c1651ecd170c51fa060

SHA1
4dd80ccb14c3e03f423c9d854f22d09f810bb20f

SHA256
8fad3351cd3c47cf5f48b0887272911f63f777121adcee362bae6ec0c01ec67e

SHA512
1c881f8e7711233a094946fe6eb2ab71015692878f3b5e909ee29e8f762d935731a05718e9aa916809067778b75e5824f9ad04aa5d312140d50c8d39d879d8d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f47e0f1e1e1cb82c8ddc67bd4a01f407

SHA1
1d1942e34d7f16a58403f427b6d839402f96c001

SHA256
144127a11a09e488a163c052bde5b329e010d7b320fb8aa625081d8c7edbf510

SHA512
16071dba1ba245051a4867440b0c2ccf371352410eb86606005b98996cb651fc609efb4b95df17f27aece1991d17dc66295b34b146d8ba9bcff4c475fe8be493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0038738a6728861a48aa8f2534d2b12c

SHA1
9a3f3ae258bad4d51541a3d1e18741a2be6b018f

SHA256
7e43b52c0e23b4b4bd63c095c6bcdd7eb804a68e48e59d02273cdfeeab8fea01

SHA512
e0812b01c93ac957490da8cd8b658c58f8a5142bfa1135b4986a0f96256eb8663ed1b48a6734f32016983f5fb7fe12be47764948e2a88e1ecc196b74bc23af4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
649b12f3089373bc594175bfabf008da

SHA1
f5d4a9fc1e5149884d4666b7db9e093aadc3300a

SHA256
35ab380d19ab0ca14f9ed14f72339ffe25286d28c9e81615190a44dacf7d108f

SHA512
cbf3d057f6e86a30e33716ebcceebba7ebdb64c56330ae7b0e3b7a9e88f8f416109ef460b83801526f0be33548af6a7882e22cab1d987f4dbc91d4d281c7bfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
495edd1ef6d1e67a31d41a35674082dc

SHA1
cd617373bbbd5bd7ca561b77f0f1cb546eab2dd3

SHA256
e5d7cb77a03f9a77b9697c9b911f84c8bf96b399d56972ca451370c613fb060a

SHA512
8fd3767675a20684105ac1fa466ca54a05ccf1c1b3d1662428d3fb1f62da81974e96248cd7592563e0973aa910ab5fc2f2fcac3ac4af926fe004edb5b25338e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
56223c29dff5fdb733415c36854359f7

SHA1
cf8f1fe439e5f5259b65a3f2aba058f091055528

SHA256
99817d1270dc0eb2644ea3f0d6ef8a5c62dfc30ea7f2a4d92d9352cf8a301c58

SHA512
2b70b6c523730e2633c14b7bc727423dad68d45750bda2861903d1775d16d2ae36505a561a1d14197daf6fbde9333665de7fe4d33ef82077a3f69803b71157f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92dc2a85b124fe8a388746c37e3bef29

SHA1
ad2ffb208cca80c59eb02185d09bb3af1e945e26

SHA256
70cea3a1c73e8b5db6aea0acd423b5b5029fb856428db02cb6e7b1e1f88dc9ce

SHA512
78be4ef46efa920e7c9450f30d210f2436cf510fc81786f0d716e13ae0171bf6e75081524a6e312c9066f959ded07b50e6fd5a5304e17a14e07395cae5c3ea4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be552e46b88ffce6b050c9e925ba0757

SHA1
2cb1b8fcece14a514be10136a00c97dbcde7ec17

SHA256
88360bb9514a38bc79b0fd23f2f1661b20a969bcd45adad5f00a0e661d1fc62a

SHA512
fd04df3ad8a494c814825656304f9df3641f7411ee3ac0ccb67167da7df914098cd42f28032a1164f89f772d06851bf530faa01df92ecf192126d85e2b717c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cff2d50a5a50adc2a67cce4c33783892

SHA1
0612c3ea7229afe1f2faa6b520ce9f55db7f26c8

SHA256
8587c209c16c7c798bb49cc9a90fb0423311928b2c6ce1247e665176bf9e7bcc

SHA512
03ceacd541ab43307e7503b0cc26074de43971a1691144d61493fcea50a07b55fc5ef7d1b8f8a0523afca1e276d93a5a32ab87ac001020c9a6b15d5a7c99026f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b12ad8b2e4b06aaa62dba463ee68d84

SHA1
6e95d43eca4b06a0164cf71a2423b401f4fee993

SHA256
e9361b6daf868253340ccffb785faae891f682353fe6a58317f7353dc66cfff9

SHA512
dae6255ce6c07b17ae0e09533bdf1abea16a60a28aaf77423def600aab4d1309f7e53250d2dcc924d27218131cd9093be8825cbaaa57fa790ba8cf5b547a963a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4659078aa46298c3fc79b7031ee3a173

SHA1
31b0831d2cc44a0c77745b92e9cc9e1f66eaa05b

SHA256
37da4904fc12a5ec459139c3e434c150c5addde1746b3a39aa33cd56dcdf427e

SHA512
d6e5e6726bebfdc56ee23fc679e81d83f1defbc1488bbf327480707302830f8800120caeba3f16674256b95dbd1955d70d4f24f077eb1957010f9b3bfe3bb522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
126ed3240d3b70d3b9c768769712a5fb

SHA1
12b61e70bbeb63baad6b1fb051139ad86858ebfc

SHA256
27d15657d503ce3247e5a6994de5b72c5be067f5d9124c611a7694a650aa1a14

SHA512
f8c7300e30729ae500dbeb0a26c32052518d96c74b9ece31ff398e45103165b261624ed179ebd09056b12194fb8212003782cf90887e3bf3ada16b7bfed68122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b544fc1182d7d40cbfcd8191731142e

SHA1
f26d203924e8ea20efac72b06a3a35b2b0054ef7

SHA256
5c3bfc78913584476ecbc1f753b46d55eede0a4f75b36b2f5f171a67218adbfb

SHA512
a4db6fb2f54064ff7dce746da48ebb5e26747bf8073d5b4d92a998a59a7c39ee1d6bdc38e39d525bb397cfe517450c1be0e8d52de9a3b846c948144d2ce24ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69fa96347712dc5065b2a78220e9a3c0

SHA1
be585234b9fdf4e9d7d6086c569ede896e166da6

SHA256
7c26eecd3defcd51d77582ce7a3daf550a0cd5f1c896f5f291281e688b79e0ae

SHA512
f855403a2cf33c9596d484140159e356bc951ba16f2ca16aa87cb429008b2f2350886193ec2e5bd527163db2f9f91365a42db94700b738ae49774d31baa231a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3bbfeb73ad3d2262495ab36573249d70

SHA1
e7d259e69515aeb79c819a1e3dab229dc99bce03

SHA256
8abcc92df637edeb7774e840610997f61a2eb72112cb7cd4cf5e07f5aac625d9

SHA512
589d771cda682a39e1c4ef365215eb9de21afb59d0848fbf00504d1f3f6160db38653a7f7418d09ee3687d9f6ea86e35adadc3c8bf4fdc897637a8da6d8e1087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af19c52d7243ca50dec40b68ddbe31d7

SHA1
eb2afd6c72f206da028d424740646ae4af2b3464

SHA256
114f3c543cb3c8b8eeadd98e3176fee927598b22e1b97493fcdeb293a66d34ac

SHA512
221510a56748e1fbbe9254c75ddbf6ee2f5318580402daee5dad6761475887f824c0c344f85d4c1b59bf72f0c4deac00396edede6aea0d2a2e09be89821a998f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
362dc8e6f31e2cbefbf077ce0245512a

SHA1
65c9c11f2336748b05152141b2a138ce5e9ab084

SHA256
134b84ed605eef115cb35a8202c264b18b9ebaa11b5872eaebec7e4c6408fe90

SHA512
09aee6c138568310bb51a1362f1f561ee7cf69a723cc921e2c3ab8ade6f8e7568f3729eeafeaab8d1064a1ab2a1e3631adb6a6e75031ba414fddb66a64141a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
332a474a50b504ef8ca4ae18816c0477

SHA1
5491153da88c004e1f9ae4d81d190c605ef2baa6

SHA256
8058f92d58e4d899d9a0d954b4ac5a268a9654775793a69da1af52c5b267e5d9

SHA512
9122f7358b7bbb77cb742f91a570c5c94bf51cc4451dc89ecb07c9e8a0820b12c613154f9996d0e31497784dc5907427d64c1d2d3e88b7416a22cd7da968db18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3e2deadef02c30c1615f2cb4df517d53

SHA1
7a9683f3d65faa463cd5263098c2d2502e431648

SHA256
21fe9d0770ce9650b09abe47ac9d84cf5fe5bdc0cecae375a66794d8910617a0

SHA512
7015051ae61cb05bc6ad9145b1a1d5a5ad92a58d4c9c385693317147436da19a6bf253c10095d3643d752b31150404c66a748c899cd6c2b3c3eece11b5653599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab927b4c23f4f930379aebed06df9aa2

SHA1
980703c708d7a4e7a4d101304a573d78ac87233a

SHA256
f072f3f94c749fbae5b9d022ee5371ad923b449d60b1bd4443ea8fb1d6e7eb18

SHA512
50aafff51deb753b68f8d63f6a0c986f79a39598538fcce9a84120f8b2dae9eb58a091d15fe61cdd06a1c1e13f56fc46b7f6d4784c0e8a802b683b9e235f5234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
90ebff87548ea0d9d76e887572aa14db

SHA1
b74e50ea1122fccc615e9da08e83b08727b271ce

SHA256
61b72ac132414edeb35b97d9f61f492fb867c57e0e0a53dc51dca5824b54f8a6

SHA512
601485ec34a712119e959fae5c296abdafe9b09f064c22acf1aefc0c4382e0aab9604dff283a357a5d0c83a72331a5abba36708daa7a27bdca49f44a5d40853f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25f01574285b8b4435af5ff586d7967e

SHA1
56dc6e594e812f8c7369b88958d4358019eca5e2

SHA256
838f2060be248ec4dff9d75fa158a9c085a03ac5ac78d754dbd64ab0bd2b3d16

SHA512
d143622190566a1fcf64900f0a9235e1a59a9d9d652cb98f6208931ef8d4f412896444b26d57e6ce5747e33da986dbf3328a5efc1361e3a475389694b3538520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d5d264171cc3b5d0c01544ef24bbf48

SHA1
a844e7c65d2dfca484c558f674e964ff30584923

SHA256
d46f135fc0b2ee65b7c90decf327dac9b4e8e9dddd50960bf25e5f3d547d5a4b

SHA512
67f861dd7423bb2f27a58c61fe7fe061b05e46d0beeffe8d1c04aac55000dbc5da79232834e6cd035440e92a8d15a8fdede3388b38e2a0d3fd986469312b1b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db42b14746de8080bcb3d5cf167db29e

SHA1
be5fa7a8d871e5ef110b0595f3cc95e59bb7ee60

SHA256
1244036ebaf8bd830fb7574dd4e8abf99fa930e9ca665acdd49d77eff62a3f3d

SHA512
111a798aaf68b30e9d6c652bd1fdc0972c6a730512cc84c8ba13fdb011677b2a9f190e34f5492a3f25781e482993f7af8ee568deaff2e01f8676c389791727a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5e052700542ba47e458699c55de9405

SHA1
f17846396814cf6264943c8b7286834f5ddfc7bf

SHA256
df28014184b8a0b2db95c06a8d356d4c61e31ec4b1754207d013a4ccf5f12882

SHA512
99c8a9889a392fe9a863b70d3cc2e49e834ac9e704a370b0c28aefffb656ee0e10cc5a5941ce3f390a357e7d4c35de5ccf7e8a4c20e27f4d031e5d47e6e17bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
75506dfa42645fcbbda8296aebabe7ed

SHA1
eb47de36f4982b0567078e8d470e39ea0d86c966

SHA256
2f7de03435b029821187d757bb84b1d82d124754c3038819908cd5d9afc8a0fe

SHA512
5ed11806230fed71192bdb65b2feb4b4e966bb413e1ad747bf319ca6bdec51e23bb92da3f6480d3c21a17925aced26d0053da431caac2bd75a59a6cb5f1a3b89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
2d13621ecfaaf5cf5db35a9caf3ab6b0

SHA1
76b1591529888c9831803fb42f60cd1f7e352419

SHA256
8b9e626e5be6f92447e79f8440a4e744b65ffdb6d02217fc8c945ead08ffeaf1

SHA512
1044fe909381658fb021e7a470947f85fca0f8b84d169d4fabc1e1fd15fbfb96a87542818e078cdb09f0ab4d46e4f3a2abe6294e40f4afec93df0d612250a4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
0b82801a4ce26736234563a9ede34e18

SHA1
bbaaf6c9b2168fd73591fffbc10ec16799c43090

SHA256
621c555d39db2f912a7d89a66e6e2529918d94cfd2adc16f48925f3abb0483a2

SHA512
8097084556d09a37407ac8280e58727ee504c199c111ae8cbb9799c92d9773675d4fcbe2940b0e994049ad65f11cecab97fe4d939d7955439e997d1f344f2e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
55a90ed15580954007fb701230bc9853

SHA1
febfac4b65d6b4aaea108e0e4a677462754c31b8

SHA256
35e52356d88c8bdbb144e054b9bbaa00d9d7ff45de08b6f1e1437e6ed55a87ea

SHA512
d62aa3ad6c9263e372c8305a98395c929bf2d3173569c6f942a7a472c1c5c6d38e19172f795f1baab819ee1eadbeea892c8821d4ef2ae8eb36292906edbbd5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
ede33606b3fa669494020d7fa06d8786

SHA1
02038acbce645d11204d3b437d357988f02c713c

SHA256
93da77a512a9b91a180793311c9129eee478123ea5dfbadb6802c5a5036a372b

SHA512
f501428d64392d978feaa17dbf1f12d5ecb94a7ee521a71cafed563c279ee0e940d9c904377ffc92a833f0c7aab26fd04179e6899bb1499ae2ddc98b41b1abdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
a8fe7512991ffc08cbb1c06ed5fd623b

SHA1
85738ed5018d0e105795d13cf3cc470872adc15f

SHA256
e17729176895953ea3bec891d13ccd62349c59d1620f84e89303448721a9e677

SHA512
d68c9e5fd7bbfb1192c42de8144692c74ce7a987707c8a18f4f90ec960bb4b945f4b92988512b9186c7bc53fc2469540cff49771a07e4f5b63369b605ee77b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
93be3a1bf9c257eaf83babf49b0b5e01

SHA1
d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a

SHA256
8786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348

SHA512
885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6738f4e2490ee5070d850bf03bf3efa5

SHA1
fbc49d2dd145369e8861532e6ebf0bd56a0fe67c

SHA256
ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab

SHA512
2939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1a480153-f3f3-495b-8a94-3480fdbcae12.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b883401cceeccc4b6c31c02483474db

SHA1
9a5ed9d300a568439985565e16e8bc5b8b729311

SHA256
ce9373a5cb479aa933464e874a5bfa3cea102a7d2cafd2ab8d0b4ea543d7ef99

SHA512
6f5d186c5678e596b3e2a581b8b6de877600e713b551da895f4a4556484e828add7bf490c01e56909d871e3fe8cf64595576f2fb867fbbe76890c879d1acfdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
0b70bdb140078a82ac86e839b9fb0600

SHA1
064ded9a23af0e0a189ac066962b9e4fec5e3797

SHA256
a5b79223193e0c5649b7cf5fcfd6f6eca93a07d602a4f9eede73e9cddeefc474

SHA512
56fc06ffb843914187c4e97a7cc6342d4572714a89ca99f6c92c61e0baf0dc644a32e35b95f8f3b723ae3ee476b5f2dc9bbeacea95c9501b843786bc5370e75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
6048c6eb05d6e1548ab37ef894a41f79

SHA1
32f2045cd3be85f0511fd4e8bcdd6d6382bd337d

SHA256
94ac7a4410d6533f855f67a4521fe3998209652550712b1dec7b1fd04d86e68f

SHA512
8b7165c3c1954052672ed355add20c505a0bab17a43330f001b448c533036b0b0f1a7ee2ccaa8f9b14497e3f694f150039e45bcf8c8695da537df133ab278384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6e6eedf551b8b20e92fe56102e5f8e42

SHA1
6548b941d70b4f9ee3ee376fe389b7aa3ed3ccbf

SHA256
8e3446ba6e1fb412b6935050865b0304aadbb176f75438c6b34348f81ffd4ad3

SHA512
33fb1ba1255062dd3cfd6899e435718b8a661e7675491d054821e93faf6f5842af32593552413e79c44dd840b7681b0c5a5e39a3a2454c02c79a6024e37d5b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwpprjfk.exe

Filesize
752KB

MD5
9dbd964a2bc35d8520e2a02d2a126482

SHA1
1b681ceec5e4598a6212071374277a5eedf98e3d

SHA256
94056903a54419a77beada550c2582de99ab9215f647949dee26cf5a5aa270b2

SHA512
f0f3a66d784615fa52819f6998b2bafc336474533fc5fbe2ab165e3d66d54c4342ad824ee305e194b2692707cdd6df9464dd987ee8961b2f903a456ccc1b4c5b

Download Submit
C:\Users\Admin\Downloads\NEFT.zip.crdownload

Filesize
423KB

MD5
a689a1e96be0e15f53cd8a5785a4166a

SHA1
4a3aa0f85e4e44ce1f42401f2bb7168dbdbe3cb6

SHA256
bcbae27b284cf778e82f00d2601189f3588a2bb577eb7ffe42c5dffc8b5bb568

SHA512
88d96c04807b81a99e2938192138f9013c6df2b52c654e3961cda7c3f4371611475855472ec053d73b5392ea8ca920b774fac06899ac2def15c6e946e28f11f6

Download Submit