kutaki | hxxp://architect9[.]in/[.]well-known/ITR[.]htm

Analysis

max time kernel
600s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://architect9.in/.well-known/ITR.htm

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwovymfk.exe	E-FILLING FORM B.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwovymfk.exe	E-FILLING FORM B.bat

Executes dropped EXE 1 IoCs

pid	Process
680	iwovymfk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409167200042169"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4592	E-FILLING FORM B.bat
4592	E-FILLING FORM B.bat
4592	E-FILLING FORM B.bat
680	iwovymfk.exe
680	iwovymfk.exe
680	iwovymfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 2308	4424	chrome.exe	51
PID 4424 wrote to memory of 2308	4424	chrome.exe	51
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 2412	4424	chrome.exe	88
PID 4424 wrote to memory of 1476	4424	chrome.exe	89
PID 4424 wrote to memory of 1476	4424	chrome.exe	89
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90
PID 4424 wrote to memory of 2144	4424	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://architect9.in/.well-known/ITR.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffd91d89758,0x7ffd91d89768,0x7ffd91d89778
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2660 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2668 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3296 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5512 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1896 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3288 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=892 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4780 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5820 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2412 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4532 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6292 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6520 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5852 --field-trial-handle=1868,i,11698141576754772980,5671425674861768250,131072 /prefetch:1
  2⤵
  PID:2700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Temp1_E-FILLING FORM B.zip\E-FILLING FORM B.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_E-FILLING FORM B.zip\E-FILLING FORM B.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4592
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3800
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwovymfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwovymfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
71KB

MD5
70b98903b339570c809a9c17f55fd60f

SHA1
dcc39900af9c23b2fc542b789496c885231d3830

SHA256
9caea7a90c5b122744f5d70b912d3a6a86c6df680b132016f915331b42ef0bd1

SHA512
8de9fe6ba23327e4ee7f0d20b03bb21bff0400000d78ad812c6c541f8abc8c6eb0436fdaa335c796978122ed1afb10ade52298acc618577fa6585c33c15a6952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
42KB

MD5
eed13e0404f75114261f93a8418ff234

SHA1
fb3e43f5cb48a0f926ae2eeeea16b91af408642e

SHA256
2fc3edcb175bd0f7dfb95d67a7c7b5f20e93e11d3b488e983536c9e52cc6649a

SHA512
9dcab9ad574115e7c3592f4c15b92775c46ec5d1e19a3aa2dbd327e14ce326ee9ac8b573e00f3a1e2dea980abdbaaf9eaba70e92ff7c8aebf4f26eebae71cc05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
90KB

MD5
9cabf7f1b4cedb0b2014b08af077c2f4

SHA1
2754934cdd7af3787e7357e5ed2194947d3b1847

SHA256
4168b1e05f0cfe3949190cbeda35343ee0d92092b913649194fde3ece66a69ca

SHA512
2b7318ded7d2ea579e435beb82121e976b2a1e921adc24de58cf03a4fe136be4d8632919488629a9468365209da5a33284a2c857796fc711e236b891bf7a6f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
145KB

MD5
b692a5ec0bbe28b36076a86330f23e23

SHA1
ed59107df6aea7186a39585f93fd633ef10219ba

SHA256
12a717367af287b090030c6136c673990ea4366c7a76eb7161e17f3b2ef0733a

SHA512
eec1bebf899d67205d7b4bb206e9434fea1379665f7c31c55e099a331ad5f33669fb0ce4b31444798f8d3268a6b472f6a725257daae50c0d82b96c46fdf7b968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1.1MB

MD5
c40c2d70cb818beba2505dd47d637a40

SHA1
12adb1b747f6e7f83ba4043ea8d71aa65908d779

SHA256
6b835e9a15e4177bb0821da002026ef578b89bc71e520afedf081df11ed38afc

SHA512
3339cca62a5cef5b596f67d8fe84ee54479ef438b285bd27846961f5a3c660a62d0acd0651a6650acc2d034b9f42369322744d5584fd4e97feb81f9a833f3ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
538d33bbe7c1aa8cd8bd0f7b5c906715

SHA1
e1d898fbf5629bb6ae8151c0f01d0df730f26d60

SHA256
a95ecdbe22a49dce7e24e338e189b888a2ff807e3c2301bb1a3a44277ea2e2a9

SHA512
bc97e73b27a7deac511c45e46432ef450a3029dde08c4d61d6bc8167fcedb19218b761a5a12b4666a1bc2218d048ce1e94a4d733879dc94c9525c36326c9faef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5fcae7252092cfc7d21bb802a9106fc8

SHA1
cce50e4363bee891c4377db8789d2faa7a63a898

SHA256
e5ceb63d4cb3ee18bcf7803217c7121af28493e35cea0e5d2ac2ea46fbe6977f

SHA512
4c0bfc66d23750eadca1af71e0bda7e319e6caaecf505c0ca1d2cdbb56aa0d7c605862e0325ea7613f55022339c8955de5ff4bd1b02cae93189e863cfd92ccb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8099e68740c006a2adc6d223d0937ab2

SHA1
29032a9074f4fdbe3fe70b217a4556dec39d3699

SHA256
309c1fb41606670939e1d2e6d4656436ebb6d3e0be60b21df18f1fd03a9fcc33

SHA512
523ef844b7a829152fc154a6e617ba97f196337b929a1b4bbb38e66736b8a084dccbc0300a266c1876b1ae0ae55e024713513de7a37edc89f1ff2ddb1e669729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
c4f2936cab9e7b1d43f0d219c36b5d26

SHA1
774510c682e65c1e3691340577fa041be9be4c88

SHA256
89f46bf4d7ddb155c0812d54f6188107eadd48c2897c998d8d2653195be02567

SHA512
689c3c1e8155f4c1ba0732e6d4c7c5c76c7720b4881c451d753658bf530f1a6130a7ac648c262fd324dba14e6517c83aa09abf6b30763fa785737d879ccb2cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2290f95e67092d26c47e21997dd6fc4f

SHA1
6129067e6440b2666bd10986814d0acf50fa7c5b

SHA256
34bf2ff775682df7b5528f4dc67704178add9b89df8c852692ada1d197ca2080

SHA512
781401ba79ed319bd62b15fb6edee0efbb31f00cca5681930dfda8616cbd1554aac17490396ba21d59dc60d9b24713015b7f3b2462b3546639447c16a66a6310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
72c7c031020fabe5be8cfcfa9e60de2a

SHA1
75b470aba4c48477ae0926a3b7dc14373426f422

SHA256
308c7ea0943ec9c286a0e9e9bd40470bf132440e45a110428b724e2c93648c92

SHA512
1f649c68720e8d377ea7621d7d4981b0a31d4edaa88f9b2b19d1e10d7f8c10e4990305f4e464863196a952042d7e01eafaa5fb53f33ca018b827777b1a893157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0c8fc635ff4770d018d50ac89c3fbbab

SHA1
1a84340ec15da9b26c3994cf53e1f47c48b8d56a

SHA256
a21c06b10dfee5772f6a690542fb3ef83bdda1c510b013cff64c5d86371d2a03

SHA512
5ffa99990831ce2bc42d58aa4f7ff76f989f9f5472d9e8c34c17c48bba6555ae73ccd82ccdcc5a73a5e1c3245f9a1328dd76ec3f4a83344923e4d2f27ec99a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f1dd6ee419249a9c690256650f4901ec

SHA1
beac7d715cf23240f561f48df9c76e3cc0ae00a8

SHA256
f843c7e3d755f51c9662535b8b0dd8d832a28eb42f1360efa4a5ee3b0c7948b2

SHA512
1a3831f4ead46b76c4f9d8cf48f2a19e8b3d6713daa17c8be7f033a274ca23aa6b5c51f78a1b1df39c92120ea45644beb59fbdc7402bca65793bc575f73e49cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
172b98d42e0de073c2d03e8a001702b5

SHA1
bd9f1cab39fe105651cebfce2bcb03051dcf8ab2

SHA256
98799ba9f974815b3b8ac9b5a4665d359b63c3eeab064abd6eb7c86dbceeae2f

SHA512
35fc535276290b9db3c2cadc5d6bf801e8084aab76e09537806983b67fd38984633d02e0e9d83ae117ab1eb13c660727e765cb993d29dc2880a1b0eeb9bcc27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05b43062f79eb4ba4400443ad0870f9a

SHA1
3b6128310b3f89cf8fd1c7ac811f0d80b6a74327

SHA256
2cfa21cdd3e448be816850eae12485e57009784772d23e28e060fa656414f0b4

SHA512
e1e95a92873fd13a187114e5dc287345030d323f2160ee0513aacd5c3ce5d27a146ec75bb0050e6284b851cfa9ec9af77e6333e39993a7084e5838906ca77f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be2c4fac533f13c66c412ce7100c035f

SHA1
7b26a767fee05640ec375594e3c4a4cbf990df7f

SHA256
43a6f513ca540e4dfed7cc355e37ad0c59b73fdbbc2cf78e86e7268d0ef455e4

SHA512
13216d1292133c62df495c9f165a67d5ea8f82643746a78d78ed4206d8d9a599208830d06caed6926dc461433a71eca77f9b43f45a33fe778c7112e699c30c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
efda6e123ffd349f224eb076e7da709a

SHA1
1166b8d1b3e849963464954d3eeab07ad769ceb8

SHA256
989439a73a84a42662a433bd918f0d0ee527d42bc962ec6af460707ec7772db0

SHA512
5a29afe5f1b3edead13db38a40dfe51fdd27a22d7572fc34692580c91f8b63d7ee639b6f2cb7b7a949fef29b8b56600c74f31798ffb8c5c3081d6e0dc693a911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
d2ae562e91988cfbf0b04fc854dbd7f0

SHA1
6c588199895cd56950bac7c71e7425474e95c7b2

SHA256
7755c5861c7babfad336070d5b90ce0f7b43bb406d27aae88527ea3742f7a17e

SHA512
6ac578d4577e077d1f41b5864caf1a3e2aa12e8a35dc95f88ed3ef0385dea99122dd6ac8c33797850421fecb639b24c97af739a0001003320d099285c54dd4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
4a861d3ca256a2b2758e458c98961985

SHA1
db6cd95f2f58123f5e15454cd7d521358ffd812a

SHA256
8cc02c73cebad6976699961f155e4d0e2a4843d610fc11b995526921c89865e8

SHA512
253279050836c671aafa03554aefdde2ab53504c3971d768e17c9f1a9fce65ac536dcd63b2096bb4fc932170b90dde6dabd5901465052ba096b3e351e9b78dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a1f494cade5a5aeb245e06dc0dfbfc0

SHA1
23dbb6e503afe924fd43065b35f4c88526cad33f

SHA256
528d85f1df72a4ba77f1af32f53797b9448aa19e9d25b7b40f162a641e47e9a9

SHA512
a31b268853b06c30cdc09f37cd5bbcd9410e60c6a77c0e7aa3b21cf7e132fdff0afbaa4587c50411e0b9c059be2b28c8d721560950b84acda2e74cc31235ef4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a2d428a5e72fc3447241258de7a3a7eb

SHA1
0ded4809d89e57db4f8ecaf3ac7212c71b4201bf

SHA256
c908fc78a4a4c7aae4c7e2b56a3370864f91f57f99af9604a168acf9cdea4d0e

SHA512
fc51dd480fa07a325a4ac374b199db67905e2a8296c793876492a49bc600e9a04b1171124b252582fe49cfdb25dc8d10d7807919555ee53dbe8933494f7b731c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
21e6eaa64afdc311375fc9bcccfc79ce

SHA1
85c2c0eb5322eccb9f46b5b5c5462cf87d28c7de

SHA256
a32d8623b4eff28eed0623a43c38b29afd4449787a0852035ab31e3046046000

SHA512
99f255035da6116feecfb867be15fc5e4de02ff6db21cea0d44dc76f1811b176e711ad0631044b87ce6b996fcc2268e3ee20e5579be4fecb64f0e5a2f9a6aa88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
81907de5337e95f1c29f05f8d087e2d9

SHA1
68b8d764386ec9bc75ffade24228ee9fde449006

SHA256
fcf0645ec5a1c499e48c9f69208019f47115f5ac12728177b7939522df925759

SHA512
7e4eb18c8cf0601f35d619a0a513d7e994696b8d7b3988651af8e1d352285b3eb02f9ea467ad639da3ed701d0603e9e5ef3aaaef30165a2fcdebb2e3a770156c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9f27e6f7d8f63aeb3789b9601b090747

SHA1
7b0cc28a088b826507401d5c9054657658fdc93a

SHA256
2c829faa8c6eccf3fa708d25d3fc9f29e40193e53e743e8b443157ff4d6562c5

SHA512
f955c1cf05c9f7b934f5e8a075f6abc16dce6517ce68dcd1cf71f0ed1c93737296e8ab89c9e9a875924f5cfef407e3ec1d820a07742ae08e00fc246324ada97b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
59a62e2eb6a9ffcddca40c53307ed3a3

SHA1
7a5cec44929f50ad050e3d92b2dfcee2d682077a

SHA256
f3206b1fa0d5d39b4e5aa57c2b458368d5fa2aeef37159d0b59fa67122562371

SHA512
c675e677a043862328979a2fd5bbbc8262d580ecc47ed3a9273540adcb3bf639090721428b462cf07d06943e1b9c4930407e3a8c86aa2f64ef034f4df75cd4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\1e3dc168-1bb2-4f06-aaca-42aaf0d6ca98\651b3fc9f07bbe46_0

Filesize
1KB

MD5
ede9285310c3a5b93a698bd92f7c7e26

SHA1
4ef447440a2221dfa8a771c8cfc6c1c75352a3bc

SHA256
674ef26dbb6269bc2c003b68729d3c6abe4356a87d424394388222ae3e1ecdb9

SHA512
f2459491d2912bac9643165334e02e496b32d73dcdfa9d24792a1c9e6b206b718919045f97ca759549498994e9d77eebc0d1507e17dccc3b90c94cf1e31b1e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\1e3dc168-1bb2-4f06-aaca-42aaf0d6ca98\index-dir\the-real-index

Filesize
408B

MD5
aea81f4fbb5564fc126c9976dce9e636

SHA1
cd90a73ea499a5c1bcb5ebe213301ef23e950cc9

SHA256
f92c2b3b096ad59cde0428592b80a8b1cfb9c81b56b46c7c9f662c61fea62695

SHA512
230b82618b64f1b1b46055245b9b408c52eda4c380aa0179363678ebb502d12099ef021ccc48f7ae13020aaf2b58ecd2bcdea56df4bbb4d5ffaa6aa02832d4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\1e3dc168-1bb2-4f06-aaca-42aaf0d6ca98\index-dir\the-real-index~RFe5dbb06.TMP

Filesize
48B

MD5
2f4d16a651bdb38b7d4841c36e803d7d

SHA1
576c6d966c7789dcd336ed6c7e6c0f2815391ef4

SHA256
674d57ad434bf4eb6032554f01d44466cd196415c8181a38a0cfb9847ded0a1c

SHA512
300732c77cfcbaf7926a97dd6645da6368c90cd556f0e1db54f81ec59ab31dada8976c3c1b767a198ef838fa3eafd1a9c61908df243c30d0ca638a81bdb2f554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
64667e390c66d5f0d7b7b1d57c99f80a

SHA1
13b2b01a77543028112101bdc149ff69f029e3a3

SHA256
0a7e24be18ceff81ad0705c3955dfa4dfd128a762e40c594a16e678cc99a8dac

SHA512
56356a280fa53172a0907c238c992816731ffcb7c9244e0fc424304ee52a62781f4b1f015185754f5a9e32bcdbd691b4678f3b66f0479b6187098c5b0c70f798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5dbb54.TMP

Filesize
128B

MD5
43663e498f876dec12c880f3e194afe0

SHA1
06417d630b0c2b17bbb692572076e6147f0a6f07

SHA256
4db16d1bd46d1e6f9873e4b56d7c6d0a95c215c1b1a29629ad95b85078fca325

SHA512
bfc80a97fd68614bbe9d1b7b607e7043ca081f52fcd7ddeac7d4787fea0107dff68ad4cf110f91f2b5c78c22222ed752d28dc9939b0048508744ac2e633bc322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
114KB

MD5
7635e5ba32285098556fe41470e7e9e8

SHA1
fc2d9d35ac9b4feebfe0b97c86902c07c2f659af

SHA256
9e2b14c872487b7bf391de4942c3872cf2b881949167c5e22b70c6dc9d60d6da

SHA512
9602b9e0ddc282ba7dc259dbddb9ad2e0f80da7b0a6b1a6b9650c8461098a6ade7baa211317ce46df6dc92c7d11f2fcb1eb7b346c395707e0c09a485a18d0154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6f8600652a3849ccaa98a8aade7c624d

SHA1
0bae78b5ebb796831c0fde88dc8678fa7a610c85

SHA256
8d306a3e80aaca90cc6acde9a3d63f102137a2c9e7e1efcdc30fae2c8f727e77

SHA512
f8d341db3af7bfe42567cc5d8c56f4e576279bc51b1841ba53255d87d300801f751883b0b658dcfb701f404f940e769cdaddcd8ed50559f30755ea8444e98de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59eb02.TMP

Filesize
48B

MD5
cc482f1dd21a77a2230ec005e2ebf448

SHA1
fecb8200885d1fc51ee39fb7fcfc17b97103cb67

SHA256
e82623382f78556be95c71b33606838edec8e88cf79eb5d1b3ba963462065928

SHA512
70a5423b89d1df55c1a2e6637fe19e95214faecbda63597c481d657f8026596d892f7c39e3fc4f56113c9407600bba9e68c1242f6acc169505255f141eb2af6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
157967feb4d8d590aaa8b80fd4183632

SHA1
50a93bf5f0ce473c5b5b07d47a72fa94a93a1404

SHA256
153914febcdb05c307950729e69285f8ca2ee351b681f16d3e467761591f7a94

SHA512
a0ab5c18b283101ecce55d3d7ed49dfe01b1c0ab8bc879a352c2bbfbdac763482e9add7f281a7e9f69793a6ef6de4f848de1d1236783b06948706054dcc62941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
59ba41b03516ef9d338730738759aa19

SHA1
dedbc64e6b1371821125972ba1ef455225531e89

SHA256
c053d19d977fb527d8a109592db799227c77894c7c7883ee2ae7b4d63c265bef

SHA512
65e3134130fb46ad95ceee2a52443215a79645a339376e65b30da37970a9a80980edbb952bc5f5ac38b68bd92ce39bc60c057b63e2a0a4da5400ea699985502f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
78e7f2f84d6382a78a734adb2765730d

SHA1
4632f71ed63d87e0c2f11c3b2d8f138fbacfe133

SHA256
35485abd7aad2c68b498a9468a8e5c4d6632960404bc2169cbd9318c5de94fcb

SHA512
a5dd43728c41253b6d700daee718f9dc355e1129672fab272a2e685d9be0a4973a41b646abd1df2e82a0b528ce91bd6c1b03af62395e870f840d05f08c298570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
84206e0cd0889ba4d8a2e2bc4400fc7a

SHA1
f438bd530fddb75252913e601ece10e4fb2e5370

SHA256
516d193a31f05539e49e4b6c06f1e558154c388dca92ddf3dad252ad3a30bbfc

SHA512
98bdfb79f3e438b29ff3ba63a4846c862359b6b88e0b9adf2927afbe24d1e55199ecb28579c0de8f42d5e65078bb7f7db2e41bb168f93afa47192d8fa56e5b65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
88aefb315dd6c1ae56553c63c7e9ea22

SHA1
65614e40891adb80f69d8b374a8cd1de480b1885

SHA256
9663be7e428fa40017194841652c02fb91babbdd21f363af8d39cc5c44db481b

SHA512
a2634acb5a29b08d9984840424ec5b9667e11b34110374cf68919af7944514d9a297265c56796b3bcc83f7ab530e6e19fba37fa614cfcc0191e1c27c82f6bfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59dd66.TMP

Filesize
103KB

MD5
bee0d7d885cd727dc27394613123e48e

SHA1
031cac95b993ab3bdfb247b482ef09210af446e2

SHA256
a4e7e2608da174e814532d05439d848ae128acf36779bfb8d54a8ac3ba330649

SHA512
9a0a781f4143abb4e7ea63375abb6fbb2cda9c6da2da58676a3d3cd16dbe2797ebc811dc701cc874aeffbd9229ea0f1f1a5b03ce9817d325e47ff86a99f725c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwovymfk.exe

Filesize
2.6MB

MD5
7bf88f6432259b708c7057f48f5fc135

SHA1
88d0aee0bb11c2756f9f5c6c42ca2213a58f3bc2

SHA256
c8757dc69520e9a44f987147147e9920a408757cd97a5b9ea73d9a494862aad1

SHA512
7419d85d0ab9e559d07560783287c90428389c3b87105913ae6ba61c568b4f360930b177692460d310bbfada991abab05d75ff57de799bec2a267c4ec543c9f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iwovymfk.exe

Filesize
2.6MB

MD5
7bf88f6432259b708c7057f48f5fc135

SHA1
88d0aee0bb11c2756f9f5c6c42ca2213a58f3bc2

SHA256
c8757dc69520e9a44f987147147e9920a408757cd97a5b9ea73d9a494862aad1

SHA512
7419d85d0ab9e559d07560783287c90428389c3b87105913ae6ba61c568b4f360930b177692460d310bbfada991abab05d75ff57de799bec2a267c4ec543c9f8

Download Submit
C:\Users\Admin\Downloads\E-FILLING FORM B.zip

Filesize
2.1MB

MD5
7129ead5a06ce32b8502351e33be7e70

SHA1
8904f8fe3717872ca285eca9bf52a1cf65cca07f

SHA256
9bb3d43588a06433a80667559552098357db8765517e1dc4aa3efcd87192f20c

SHA512
bbc8fbe3ceabc5ff5c1a551ce614fff63999014792f0243123d5d8e87bb6e2b739221f5fde5f4138413f39f0a91da91d905c39fecaf78adef3101e58505b3b0d

Download Submit