kutaki | hxxp://revolutionforsuccess[.]com/images/icon/bqiw

Analysis

max time kernel
671s
max time network
537s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2023 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://revolutionforsuccess.com/images/icon/bqiw

Score

10^/10

kutaki keylogger persistence stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe	LICK_Credit_Return.cmd
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe	LICK_Credit_Return.cmd
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe	LICK_Credit_Return.cmd
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe	LICK_Credit_Return.cmd

Executes dropped EXE 4 IoCs

pid	Process
1492	LICK_Credit_Return.cmd
2280	qzzevdfk.exe
1308	LICK_Credit_Return.cmd
384	qzzevdfk.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3124	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288677326493549"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
4924	NOTEPAD.EXE
4168	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
4764	7zG.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1492	LICK_Credit_Return.cmd
1492	LICK_Credit_Return.cmd
1492	LICK_Credit_Return.cmd
2280	qzzevdfk.exe
2280	qzzevdfk.exe
2280	qzzevdfk.exe
1308	LICK_Credit_Return.cmd
1308	LICK_Credit_Return.cmd
1308	LICK_Credit_Return.cmd
384	qzzevdfk.exe
384	qzzevdfk.exe
384	qzzevdfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 2784	636	chrome.exe	83
PID 636 wrote to memory of 2784	636	chrome.exe	83
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3912	636	chrome.exe	85
PID 636 wrote to memory of 3924	636	chrome.exe	86
PID 636 wrote to memory of 3924	636	chrome.exe	86
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87
PID 636 wrote to memory of 3824	636	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://revolutionforsuccess.com/images/icon/bqiw
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba01b9758,0x7ffba01b9768,0x7ffba01b9778
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:2
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5304 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4836 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5936 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5712 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5588 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5248 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1804,i,16686957352603830856,18428367071508079881,131072 /prefetch:8
  2⤵
  PID:2116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4732

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LICK_Credit_Return\" -spe -an -ai#7zMap6989:98:7zEvent16953
1⤵
- Suspicious use of FindShellTrayWindow
PID:4764

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:4924

C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd
"C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd"
1⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:584
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2280

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b3bbf449d90c4652b54709e453420524 /t 4488 /p 4924
1⤵
PID:4768

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:4168

C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd
"C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd"
1⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3476
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im qzzevdfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:3124
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4d0b3c8c-664b-42bd-8702-1b92ad8e7270.tmp

Filesize
107KB

MD5
a58754ba7eefa4c82c9bc7885da07992

SHA1
377f571391ccba6ca9ff79027d0efbfcd286ca0e

SHA256
3e8c87ec78924969e04a62d3d0a8c65fa07ca846e7798c041f87d4124426e66c

SHA512
2f2c6e24fd5a6bfcb678c92b49934a27e87d3fc04ac477e004232de549992b9e8b4ca7b9c31ab3d0ad515ebe760084cd73f7033be40e00e87e512081bb6a4e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
162KB

MD5
475f3b2f4b6829f089f959d8291c69ab

SHA1
10cfe4b0bad5e7fc4c1bd4c4f79f9cc32ed93c99

SHA256
4f40a7d3b7ddf8e77c9b9556b37cdbc062bda1e20757b4c709adcd3ee624b219

SHA512
fb2b2fb4b86dac393e35c42e66e327af699fa1c6baefdeb4ce9f95298990faed0ad556475d16ba6ad31868412f6179d996cff7c15329f4ef92778be592e9d712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
501cfbf8368fa50d20c177e1abb3659b

SHA1
a512fcae5accef1b3ad59691caef93683c00b80c

SHA256
0c350f1867518ca39617aca85a73b84f3b229e182869a0256024cfa612b4d0d8

SHA512
ac9283a97c29211a01910820d76aade8a281e77b77b77bbf2e6fe9375adabea27349a8e46b281fb4cb8eb0a2aa88b8db9cbd519ddecd8120fba62795febe7b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fbd011b636eb22edfa40fc81223d6756

SHA1
22fafde5cfcc46e689fb1ef60bb7bd5da8534df7

SHA256
14004e3fdaa9bbffcc2c875d357a1e4b40bf653193ca67b68144b0802b0aa91d

SHA512
29fc6304e188c386a7e34626672c7ae05565d7d5b7f53d47cced16c19a1e9fa75839abe1820c8cee93505d4a2c403790671bb8febb8a48ab922d9d1454e937aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
66db6e0f0fe2f86f8034782be110c171

SHA1
d929348f05b4913618641d745773267c013b4545

SHA256
343bd2e9e659990976a610fac130a5c77b86f31b67b6e8a85a82e2d3f79c3688

SHA512
2f65efcdb78e646dde7d8f9f565195e0bd76d368775423cac66738ca079b3f24395242df2f2d5d8684fb876efb33d922bd02913b46035a239642c265fb6ee129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c8ceb36ee3093ec59db924a89b7894d8

SHA1
933d77f5643504e62df390dc13cfc4a3eb9321b2

SHA256
108f07dab7543d316afa0eb332f00662db6a1f98b87fbbd4a118eb6803b5b691

SHA512
ed8d9c8b4d766f6140c007bc9ff976748b10f50b595555c68b5df57344c2a9aa799d802cfd11b7620b79cfbd28c23b82cf4e3cfba5f948676297b8e50948ee2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5db68f707d03fd546e03573e1d907412

SHA1
0e0824f9c322dae2bbf6e79d3e6ffb63b5e7d5e4

SHA256
cdf94e700e3adacc5b744abf2f6067a036186bc79a0d27ded4a9b7f5c6d36fd9

SHA512
3b0c485153b7661a42c15dc92c89d78cdfad9ca7f0d2e13f9b6e461b17234995ce8bfac9c42923b6cbcfb0766d970bd354fefde2a60a7e2e26126a5ecd80593f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
813B

MD5
466c70b7d3b81079996c8398887dd4e9

SHA1
a20e4c567134b549d93e3adec49e76cffa92d737

SHA256
64a55465bb6857871c1ac619510c84c557df261594e86b196ef40f7238252e8b

SHA512
65081fcb961988c2a47041279ce34a1958406ca6db167839791032f4a452d54aba4601c6be00f7d437f1206a7bc18b8868b5907f752645c95d6d2a65e1019aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bf9b84cc894f5fba45606969a5395fe0

SHA1
1f2a1a1952d35e10611315eee41f495ba4d3be32

SHA256
c88d5443ce4adfd06e02f876d8f4c0a15c3374465602d1db3f12021b0a3afd7c

SHA512
3c479b0279746fc1d1ecdd9dd792be858c90db4fdd5caf6ed70ea68cd07031e6166dcec43a00b48e26a516716c5e468039afd3e4bd6e026224063fbc83c6b9ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
b276e8bd4307b5c8c42994180c6e5bc2

SHA1
01dffeb741227f110e0b4727bce4d1ebb41ffae5

SHA256
856c62794c2e94d79946a523cedffd64af6947fe31eee82402cac026de538620

SHA512
14aeb9979e282b12c124bec1caca4277f6baed60ce41532098116c3cb937ed37b6ab946d8403df0d06e9c5e07181bd1ef9199eecd96dfa79fa274606a413d67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
690f9acb86941e684e1c399ff5befc3f

SHA1
697ad812c3e65645b65260cdd240f314ae6456de

SHA256
a69095078df26012f21cde5be888f7e811211b221f0e5ccb56f7c2f951c0700c

SHA512
fdad892d39f7a3679c5b3ead59792ced0856ab10f0dc4d51a5667fb9db38176e3e669f745cbdcf3ae147cffca4a43644028c34b35ee63b731428ba8d96a1ee90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
22cd928ef453cd370db415a14afdfe19

SHA1
11a68f415bdaa11b65f7ebde8c2d6523abe317e5

SHA256
ac7b0fc387175567b3002ed873aed583c8159544a6f63221eeaaa16f6e539a1b

SHA512
9fb807ca8f49ad77ba79197046fd9270e367f91b749bd0e1d135fe2148813658e46e1340a4c1425b2b4369b57d7e0cd6cc80376de64605fd1f6b1e2c4b450bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a4a3ea6fb95f511d727658efaad4c1bd

SHA1
1d4793dde722b74e316576aa83137c1cccd67b2d

SHA256
95462e7d10e5c667b5861518d1a150868bb1b3ba89512db1a4623c4928c23a62

SHA512
0949c7afc83fd88bc902762d0c17d9b117c09ec69e7fae5e53c1d5f7c251feccbe270e84428a024fca3115bba1167927202a907eab823e700f352970a76182dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7fe77cea95fd31067cb025844d9fa0f1

SHA1
c3fd648867c45bd8c4a0042babec9e4e6688b205

SHA256
6223f08baadcd881b061981ba016af895ef9477b2fd672a9b570079c03274dff

SHA512
8c60d3b7a1a18934820317fc0d092955729a0d863901d205275363f16fc3aea3e5ef816ad235dbba41d1a06da89c6dd1bc5fff5b6de5a633ec740df211b04c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f053d00efdf8a7295112d60c5be91398

SHA1
5acc5dc26839ca39f6c9e756c233e21115b0c704

SHA256
ff7a49e63a3bd90ae73098515f6faec51821def39aba545927229996a37fa921

SHA512
8d108ef72fcc3e7cbc45a1b573d23e7b6369e431967063257703fad0055c5e4021f3bc86cd30fb818b20bbc2261e7719df2b2c94d3b66f595e61ed7deba35a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e956fb4fe60d246532b80b831806c90f

SHA1
ecc7348c84c92a4062c0d43c5b4e16df51da04ef

SHA256
b1ba30090b4803bad49e7c547b4f12338b4fb4c9e9ad034048b7bfac630a9ac0

SHA512
86c6c54021b4dcdaf246f5280f012420af142e9083a75c259c3cd1c226dee1e59eb568dc4f5be09b9b77fba4fb2f31255375dac8eee107d347697ad567d3e81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d8d4b89ac46a5f721b7f7321f4566fc9

SHA1
93789a2d49c4d5832d21478f22e8dd1d028584bf

SHA256
fbeeec7930a2f1dfd68e1e190b1175d604af7f0d271d9b09a1e9e67c95d48c72

SHA512
1f5e766a1aab723da21890931b57650a9f942b0fe7f3d8e55a7c1663dbd365f27539b281782a15df3675c66a8fa986b25dd8b8fe8cbaf5638f3706927ff0e4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d32624c75498ab17b03c1550eb12ff7b

SHA1
839de6644516f40a9a999420aae49026eaf09b39

SHA256
7550f6699d4dc9504cd2ab0f948c169e17477168c4ee0e63c8ba63d947de8a2c

SHA512
98796090e74a2c579e2fd13bc80d518542e3c30a2a768c5619c92789cfad77633c1b5e852948d0423ca6408a3b13e86fe19bec1baec37b2137836ea75d27f127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c8eb59b42c24f72a4e4ae03b12925ee6

SHA1
f1f9f5638b75055de06803962480502dda23e8a0

SHA256
04944d87f830be3ac7f242d33aa9d446f899161f850524e43ae52c0b18d6ffc8

SHA512
740f022a691217a580a0b96c7548e54642fbdf42d94fa58dc773e4f5d8abe1913999f928c45aa6dde33828836e84b806c2a996f7ede8e2b0e164e00e007caf08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
59907235201926f5633eeafd2eff8ffc

SHA1
f73c518139d129afcc82f52dc098f4d663e5f631

SHA256
4e6b6a6b33f2f628de99af00590c14ff6b60cafe021c81f11aed539ef7d74d2a

SHA512
3d3ba17b1e3436046f26c6d66537353dd830263d081dcfa6dcd18277c305c1e85b6093207b44f7db547b1d688fea458b16a668f939ba55bb58bbd2c5f477d50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
105ba17a3cbaa8125a2748ca88d849a2

SHA1
f49f69d869fb2b86ab5f44fbf60ccf6b5b62bd56

SHA256
c24a83640f7607b8e7af82377cba9f7cb47a80b2c14f18e25553a17360f2d592

SHA512
5a8a7c1a1220f10ee0dc06602552ec919cb2294a24ab5a447041472f9c020b8f30c68883da8a95fe3fc165126f178b170365da9a19882d79fde9008e91a9680d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bf6f996d149bea59ef0d3d4646c33e2d

SHA1
9d1bff6c120da8d445f711066d1e910df887c937

SHA256
8d8dd45f99a61260194aaf16c5e2e1748990b907794179624479e4d355e7a5b3

SHA512
7d43a88263fc592be4587bf090ea75ea449fa75a6c2e62fc96022e908b13a520f6c8a1d5a9c105e67ced95735ca6345d914bfef2cde7610b44517f292a683e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591fd3.TMP

Filesize
48B

MD5
29224d2c61b0bb62a148b174fd4be9c5

SHA1
996bd998f1683cc47932a7da1d7ece69d38ae89e

SHA256
b4903f009a50485145b2c7c00ecc5e64a6599e20cde6c5efc65e01b5b6827fc2

SHA512
4f3012131d73e1334f8c7d38af47f9bf2520657b7d7467d10702132d3bd0023018336c391325dc1c21b92977fb5d4a132629b59f43ccb60c00355ec816aa4be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fcdffbf54ff2ab6cae6b0c011db7fdee

SHA1
35b03b8d26bcc6943b9b5d31edb5872abb205a7c

SHA256
1f1ece73beba03b88625d4e57c7b6f30bbfda45a67f2d3ec92533ba3288e7cdb

SHA512
c85583fa2298208327a0f7c1895e5c62b39e5f08997c6127f8cfbe67917d5ed6207c996cb9a12f1cfc9cc81a11957cb8f9b8f1859ae5800d38820f79a12b48ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
e59dc3cd55f44a957c0fb796b1722fe1

SHA1
0aff516be08d5eeb1d604eedf822d52b97da490c

SHA256
f90a81de93f87444abb7e4619d1a040659b932bf0eaf4a150fdcb5bc5fa171e0

SHA512
09571292d7fea90a373cb390d7627719cb3ef5be742d7eb34c941f9c8281aef3db5506bf239645d18faee24a5a3a195cd3f85953f5bd1a687dbab23202077567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
6fa00c06202faa0ab2209f4f1a5a6594

SHA1
1903868f6c530fe7dd5c133031336a7417fdabfd

SHA256
9209aa0c7ef96eddac1e0801ead85f4c0332dfedf1e3d3fa24117e92b071eb2c

SHA512
a64e15b10aab25ed5df0f0217abe604c0b6d548c4af0df08e85c3be73a9ae1ef6bb8abd131c4486ed393bd6f3c7c6440273c303b3b247e27a89dcf1d2ed70fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
f3a78cd4c85e8fda066cc994f0e03e1f

SHA1
24f93c435d463d65ad6834f2f53969bcf46fbc36

SHA256
9f719319f9a91edf2d0ae5a6c2f0867e019258a0c5e913e63e4c9d7b9b24d01a

SHA512
f5a475096de412de3dc9e8b25c6697727f3063a23fa57c4034a886064e1b57860bfca4b341868552bbff77c544761bf43ddc2f158463556d6a9ab15d6dda7e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
a49dff5f862c8e56bfc7663031439fe4

SHA1
130bfcfff5d196faaf1f373f728592ac31aa7bec

SHA256
a274f0fc9783c05797d69598c648495cee493fdad1e7d7bcb8f51d5d547a0c08

SHA512
b2e7e94d99cd04913897ee0e7f8fe1b745f6dd9250067c6bc95b6352ff64514d0ec3c356adcb17faeb0171015dca049970c5c394a2b8bc1df2a126adcba6ebe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
02faadad84d2b7d80bc3f1ae3e9bf13d

SHA1
2912c80e9503fd8bfdb4200d2b1b1b87cadeabf2

SHA256
56207c26ffe4470025750e0f7ca627f73718e1c959a9bb3e4033b5afa0741016

SHA512
58fc6d773844fbd1f46cb0aa36cd1850481b1a254c9e87b66320455afd902589bc18e17cee555cb66085bbf3d1359261e204c208e6398a61d4e6258c5937de24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cb3a.TMP

Filesize
103KB

MD5
65a608b2a3b6e1ea230c1bfa13c6664e

SHA1
221be424d7efbdfc777d4767afdb99c9e1db17cb

SHA256
0d724e265e967a072f7c08ced2cd58df0f773099aad7f001a700ee4784b051ca

SHA512
4a09a0e86b8f0e03e54c4cecbeeeb7eef4817f0f7d22ef3f6646854814c7b6e16b7d65e6a255250256161d0bb39b35fd41059d56ba2c662a272fff883a2ac63e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qzzevdfk.exe

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit
C:\Users\Admin\Downloads\LICK_Credit_Return.zip

Filesize
2.1MB

MD5
4261b42e1eaffa7607790a3a5d4ea192

SHA1
df3806181de61412307a8aea4804614628740915

SHA256
36a28f5eebc2c87b065ba1ff1ded73b25a4f8e0f55aaff21179baac6cd15c4d8

SHA512
6319d71b281d0a9239d3081ef0b83a3e18c82256077d723d63e86ed25fceedb441b6fab5d0c50afc88811be594eeaaaf8f399294f7d0796be50268745b1464a2

Download Submit
C:\Users\Admin\Downloads\LICK_Credit_Return.zip.crdownload

Filesize
2.1MB

MD5
4261b42e1eaffa7607790a3a5d4ea192

SHA1
df3806181de61412307a8aea4804614628740915

SHA256
36a28f5eebc2c87b065ba1ff1ded73b25a4f8e0f55aaff21179baac6cd15c4d8

SHA512
6319d71b281d0a9239d3081ef0b83a3e18c82256077d723d63e86ed25fceedb441b6fab5d0c50afc88811be594eeaaaf8f399294f7d0796be50268745b1464a2

Download Submit
C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit
C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit
C:\Users\Admin\Downloads\LICK_Credit_Return\LICK_Credit_Return.cmd

Filesize
2.4MB

MD5
3f810c13d21fa903e0e9c9daf93f7a8b

SHA1
17a27b25bbe260ee45b50a181d2c04030238a1a9

SHA256
f9d30714fb0e87894da5d0a690375eb17b66652b0aacd24ba336bb166f9e5efe

SHA512
a031e87037ff964c6612f24eb785515926ddd8b23fa58e313df4ae94a023a60849d92d2f97976c2bc0542f52f15e9eb63fefdddc0d90aa487be36667b45a6e3a

Download Submit