kutaki | hxxp://trendsaajkal[.]com/wp-includes/images/wuay

Analysis

max time kernel
300s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2023 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://trendsaajkal.com/wp-includes/images/wuay

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 14 IoCs

Processes:

Credit_Note.batCredit_Note.batCredit_Note.batCredit_Note.batCredit_Note.batCredit_Note.batCredit_Note.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe	Credit_Note.bat

Executes dropped EXE 7 IoCs

Processes:

juuzlbfk.exejuuzlbfk.exejuuzlbfk.exejuuzlbfk.exejuuzlbfk.exejuuzlbfk.exejuuzlbfk.exe

pid process

2848 juuzlbfk.exe
876 juuzlbfk.exe
4016 juuzlbfk.exe
2640 juuzlbfk.exe
552 juuzlbfk.exe
1868 juuzlbfk.exe
4704 juuzlbfk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2848	juuzlbfk.exe
876	juuzlbfk.exe
4016	juuzlbfk.exe
2640	juuzlbfk.exe
552	juuzlbfk.exe
1868	juuzlbfk.exe
4704	juuzlbfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 6 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

1316 taskkill.exe
3824 taskkill.exe
5088 taskkill.exe
1096 taskkill.exe
656 taskkill.exe
4584 taskkill.exe

pid	process
1316	taskkill.exe
3824	taskkill.exe
5088	taskkill.exe
1096	taskkill.exe
656	taskkill.exe
4584	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336703638678011"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4316 chrome.exe
4316 chrome.exe
4316 chrome.exe
4316 chrome.exe
2448 chrome.exe
2448 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4316 chrome.exe
4316 chrome.exe
4316 chrome.exe
4316 chrome.exe
4316 chrome.exe
4316 chrome.exe
4316 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exenotepad.exe

pid	process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
2568	notepad.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of SetWindowsHookEx 42 IoCs

Processes:

Credit_Note.batjuuzlbfk.exeCredit_Note.batjuuzlbfk.exeCredit_Note.batjuuzlbfk.exeCredit_Note.batjuuzlbfk.exeCredit_Note.batjuuzlbfk.exeCredit_Note.batjuuzlbfk.exeCredit_Note.batjuuzlbfk.exe

pid	process
4512	Credit_Note.bat
4512	Credit_Note.bat
4512	Credit_Note.bat
2848	juuzlbfk.exe
2848	juuzlbfk.exe
2848	juuzlbfk.exe
1320	Credit_Note.bat
1320	Credit_Note.bat
1320	Credit_Note.bat
876	juuzlbfk.exe
876	juuzlbfk.exe
876	juuzlbfk.exe
4164	Credit_Note.bat
4164	Credit_Note.bat
4164	Credit_Note.bat
4016	juuzlbfk.exe
4016	juuzlbfk.exe
4016	juuzlbfk.exe
1956	Credit_Note.bat
1956	Credit_Note.bat
1956	Credit_Note.bat
2640	juuzlbfk.exe
2640	juuzlbfk.exe
2640	juuzlbfk.exe
4076	Credit_Note.bat
4076	Credit_Note.bat
4076	Credit_Note.bat
552	juuzlbfk.exe
552	juuzlbfk.exe
552	juuzlbfk.exe
4344	Credit_Note.bat
4344	Credit_Note.bat
4344	Credit_Note.bat
1868	juuzlbfk.exe
1868	juuzlbfk.exe
1868	juuzlbfk.exe
1780	Credit_Note.bat
1780	Credit_Note.bat
1780	Credit_Note.bat
4704	juuzlbfk.exe
4704	juuzlbfk.exe
4704	juuzlbfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4316 wrote to memory of 3976	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3976	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 3600	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 4296	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 4296	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe
PID 4316 wrote to memory of 1732	4316	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://trendsaajkal.com/wp-includes/images/wuay
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3d529758,0x7ffa3d529768,0x7ffa3d529778
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5392 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5704 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3156 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5808 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3136 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2380 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5908 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=308 --field-trial-handle=1884,i,8092457316865693546,17451607020351676262,131072 /prefetch:8
  2⤵
  PID:2808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4512
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3324
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2848

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:1320
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im juuzlbfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:4584
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:876

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2568

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4164
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3920
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im juuzlbfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:1316
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4016

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:1956
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2148
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im juuzlbfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:3824
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2640

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4076
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:1552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im juuzlbfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:5088
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:552

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4344
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4900
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im juuzlbfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:1096
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1868

C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Credit_Note.zip\Credit_Note.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:1780
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4488
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im juuzlbfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:656
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\880cc583-5379-4004-b13d-55287ed40fee.tmp

Filesize
89KB

MD5
c422be913a293afb2ed288f157cbd20f

SHA1
dc2425de3b33628e4ef2de5de2ca28b9c3498198

SHA256
dec23c1c3c5d762130bc78aadf635660787a6df8bb7ae0bcf789dd2f679963c7

SHA512
887a3002280d5c15067543fd3c095acad531090b87926d513aa56c7eb6f186bd79ec6d1e277969fb580a359bbcb87098ddd915afee0177eb7a7ace957763220c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
08a77baac2563902aad88ed40a81a377

SHA1
6114411fec124c361ebe2244735280705a7c9982

SHA256
456881fbcc74fa41dc725b3ef15c4f3e3acebf15797cb2152552cd18f10f8c01

SHA512
77b7ca3d139bcd76501caa56844774bef31ecd1273b54f56c53b4a1a76175faf2c67e7f84183006a933fa8d8829dbd27f1bddfda1a637df733e273fd439e2eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bfd003cb052adf343db625d55dbaabbe

SHA1
bcb70ab4a92753869d0bdd1ca888e508695a5353

SHA256
09909fb9ab15496366985d8f26b99d04e0c2aba50435f56718ea5fa886597638

SHA512
cc63bf8f67d4fd757cd46670bafab22c66cd0534d21291ef5ab0e03f263b5d57ce39934db7d1c7f1c41b0e6ec34eae64d4f4489e8ca0be32dad818285b3423cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dc3f9180c103f8a917e8d15a22c35230

SHA1
96d3c668a43e6152da4617853ac284b9193e55d2

SHA256
19f9328ea16dbd5aa0cc989ef18e47f69d67a8eaa083d0d7a268971469469851

SHA512
0d4202dcc7e140186317a70feb2a419a212afbf155b0b11ad3d3452955fbc23c0127ec7c1b2f2f7ab78e582c7ed33595b988b7175dfae1e9c15546e6ce92fb97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ead2e72c7e691ec1b40548acb4b1dcef

SHA1
f3cca339ba36ccfa91402824f16392a8d0bf0f5b

SHA256
2bc3955279fc2b373691075dc038dfa8f4891a94ddf98e2314a6e3a7619f913d

SHA512
fb24a55d2023a0cb8c6f426a123fbb5bf9cc203e4d793965761ecf6ad68113cc93595721bc243e85516b0b28c364cdd15b709d2b8f171578c20db20ff107194e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
54680376eb4e258bd7c92162116be7fe

SHA1
05cfd01299ab0ec2afb4bfe0ec37d860b4785416

SHA256
4863f663356bc2b8374da5f590f1f0d868e0dc3c2cedb72f748e588d42eb66b5

SHA512
57459f83372dacd5ccbf2334074f6937cc7bb0b451b84408a3383c8dfd4b4ef625605151ba021d5c8a5682aa0d66e8bfe501cdc5e7192d6570708d07835b1b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9872ccd76eb88d85689aef72091abb60

SHA1
ce83cb3ea689de97b480936a53d9974770491dc3

SHA256
29c2a99184087adaeb4eb35dfa0c26ad438dfbfb946d55cc21dcb2fd9361374b

SHA512
ed2619d1296d6a05bc8e9f11c073850755f7d92bcf32dfe4ae79d06867cc5bb78bceb31a70ecfda65abfe01d158c85b9d7ba36d8e0f5d511105c87aecc118a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
694487e19df28aaa24ae7256811c4b11

SHA1
f0a9b272eb7efe74c0f572f7a7ff50cf3b2e1eae

SHA256
393fe51b69965af7a128bf99ae158189b9f4f9fa90064697515133fa990a14f4

SHA512
fedd173ac444f56e6a3a839fd9a2ceb1e92bbb2e3ef07a4adef336f79ceca6be1d82ecc0a0ad3546b10a087f3d21cb7cfffe480232820fd3feaeb6097e17b5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe8b3915f583c93375b5af55387c37a7

SHA1
0dc4a4cbd473174b5df859da41ec5140b2caa871

SHA256
a5b804ff57445eac85eafc03443a730219fb2de893defd03048e2219b524187f

SHA512
0937916c6bb14e6895d056ca33abdb51847505de88dd59cf6d28a38b3aaf51432fb2ffe259aaee7daea265f1ba27d8319965c28d6325a4b43f1985c0acc8b812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
441063ba3315309465c38416a36ff5a4

SHA1
7af4b81a20d5bef110f9ecdd5172ff630945d104

SHA256
bff6066f0aab1f9aab6724a3181ac809d1e03544882511e5aa9722e2812ba171

SHA512
4abb9db93ca804b3aa887bb26411c9ac957b10a0e10a8b0caf4a5df8ad8de51dcf666c359916d90c7997a18e098811f8638ad78c3ab28354f88150245c169a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dc4384bdc38840bcf40dfaf6c2629a76

SHA1
ddd389daec0ca81596202371961a5be5ea35d995

SHA256
0985fa1081d26a116574634738f63f5e0cc6f2f4b56fd7928fd85ab5997014db

SHA512
ff7b03e70fa147ef870e55fa258529da479466e1912b3427bd386faf68aaa895c029ccec573033b4baefed7f39acccc7e52749bd02da9c7a6c78dc327ac1fe54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1fb456264be957fee38b03d13dc63787

SHA1
28c022a4230d8daee9caafe0ff790e5c6602089c

SHA256
f06730dfe81a34b1fb1385e4f66763df6bd206df4f4fefa5708965438bae647a

SHA512
c5a0831d4152f508b5f24f328b0a588ef71d3df492c2a3717e073ff9de8dc86b07c87e6ada0232d7a16e1f08c20447e1ac9fc32e736435c9486cd372061a52bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58630a.TMP

Filesize
48B

MD5
24859dae0fbab755c9281fcd957c402c

SHA1
71db988c684fba6562dd3b19083d8add9ccbd605

SHA256
a5db24fbf7da78228c24aca8f1eb0e29fd1c283072360249217e626106d80b01

SHA512
42f66dadf512090aee716c2b32432ef4393173e9f3016e2ab54027b958d2b148092424f4f848216a4199f9d698d861741fc3ad8432909642459e163a62f4609e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
7d00d387ef913ed1099edf038894ca15

SHA1
4354a79573d4816d171afd76224cb219f7e1d34d

SHA256
fe27dc24ea416f472191cc4758e9c595d2c24afb8cceb5fcca9745d832609b31

SHA512
3b5f57358ad91c4fb21d14f97e2b458ad1cc29f2e495e5ade02e92f0cfbd9dbf2b6899361d1d75b345e9ff8a99bd52b3acac8f4966acc909e9207c47ba443255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
5cd38b24c87400dac6b71cbf339047d7

SHA1
44236e4a08416cba01273ecc618e553591c0136a

SHA256
238c4b39cee195672d73bf7cd85b301a355ae39effe9edb12a391330c134007f

SHA512
b06a68649c849417b8bdfe617897d1c3c091a1422a50e7fa93a29007ce33a69169d364fb7c0338ea9fe48a9834e8067e9ed9e636c71a4766e987e37a547d3274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
65b1444f22cac9ef27381ad98de3ba4a

SHA1
152020569f3a78cdbce91a54890ba93acd1328a0

SHA256
edf3aaf8385a63aa603b2228416afeb69385a2848971e4723bcd001af3ea8d2a

SHA512
49648660e4032cc315739933df4308800ba86db858e09a006a685982e20c80c41658202a1019e0e3eda8e96733b6cabbc514d9bf7c52764d0e7daf5f354bfb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
b5a41f1038f95072fb0b862c97e8419a

SHA1
8102d3c2945044a1e291b95a4e917414008aa65f

SHA256
d64627bf722bd4e67b4d8066e4ababac1ea975b2f0def42841ed9b4f4f1d811a

SHA512
1b81dec2fbb640f671e2c16722bd422abdb6338754f6217bcf7ef2dd881983308a007502381170fe92f5a7dd4b02b1b97748d94327a8b9dc5de12016234580c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
a17fb84cf11427d63f96258a2437fd7e

SHA1
92bb0ecc9eb1ff09e30972c7db8cde06f16dfc53

SHA256
3f31fb8c044eae66fc637447ea46b757a049a334bc20980b17d4c75ed54bdf31

SHA512
63142ad40095716235a724bd21ead31dd483508534329ea5c3e3e5dfb7aa6a3064c9ee19fb8668aaab2952f8cfe18cfa903ae604ab4bb6af1b00eaa90e539239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
e060e2a5aad2248ddb50c84c2b0df1a4

SHA1
f74de2add5afd5775293dc4e7958aa0d16cae39a

SHA256
0ff149524f9d81520ad9d1c8cfabef99c2a65699a596ba17c5aecdf6aa0b4cc7

SHA512
ab8ed76a9c0d78aada9735ba35cbb11c3d16ee34d65e4f7620ece7414af6bedf83736ca3dc28ae6e892bc78a56747ce1c9df7db2f74785c7a990d3cb6827a7f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ac0a.TMP

Filesize
103KB

MD5
7f2e2723e7cd12714aa138160efdeb08

SHA1
2d6854751820cfbb8619af99c5500cba5f091f49

SHA256
12da5c792ad89c49cb59e6ba6fd4be46d4b97d90f41bb9bbd6ca90738cb1afc1

SHA512
eb9506b2d9b55b5c5286794bcceda4bfb3e68f0c10239db715fcea5675a993f0446ac090a2eb384e2a970561bf29a14d28cbe364be8d44d10ac0d13d1c62c914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juuzlbfk.exe

Filesize
2.3MB

MD5
936e8f78227efa357442fac6493c2fb0

SHA1
52a99aa656bfe9666e8ad50da45dcb06f97b5f26

SHA256
267a729e85ab0fc811506ccd88ca44aa7600251d0d7ac4e4cd8437172cb06a94

SHA512
6dc544cca0d9cd6b399f269ece189c759c06f58457a572f2a8c5234aeec4d32bcf34873da086c344379f0c989c6d161cbc6366b8a97545a3796fe5eb33937ae3

Download Submit
C:\Users\Admin\Downloads\Credit_Note.zip.crdownload

Filesize
2.1MB

MD5
3d29b71e817c9347d143dfda238bf390

SHA1
d7147d5dc3133acdded78ea82f056dd18b541980

SHA256
1b5a89899862775fa9c18d7c830373e4570238177d723332a7dbffc51d84a781

SHA512
a332bf825c44ffb97da6f879a8c24f27866e30ac3a63d0fafacb4feb91c60666ba60500c6f48b89f63a3b439aa04ed440f24be08e1126e15b3b942b1da948d1a

Download Submit
\??\pipe\crashpad_4316_UKXDGLNXOLSCUUUN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit