kutaki | hxxp://kinderrozenkrans[.]org/jjksg

Analysis

max time kernel
600s
max time network
586s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://kinderrozenkrans.org/jjksg

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe	Payment Slip.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe	Payment Slip.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe	Payment Slip.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe	Payment Slip.bat

Executes dropped EXE 2 IoCs

pid	Process
4888	qqavaqfk.exe
3400	qqavaqfk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3496	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133424812600221137"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4260	Payment Slip.bat
4260	Payment Slip.bat
4260	Payment Slip.bat
4888	qqavaqfk.exe
4888	qqavaqfk.exe
4888	qqavaqfk.exe
1216	Payment Slip.bat
1216	Payment Slip.bat
1216	Payment Slip.bat
3400	qqavaqfk.exe
3400	qqavaqfk.exe
3400	qqavaqfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 2408	3276	chrome.exe	21
PID 3276 wrote to memory of 2408	3276	chrome.exe	21
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 3032	3276	chrome.exe	85
PID 3276 wrote to memory of 4920	3276	chrome.exe	87
PID 3276 wrote to memory of 4920	3276	chrome.exe	87
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86
PID 3276 wrote to memory of 1844	3276	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://kinderrozenkrans.org/jjksg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa44e59758,0x7ffa44e59768,0x7ffa44e59778
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4132 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5252 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5488 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5928 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5876 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1252 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4860 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4876 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3224 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5572 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3484 --field-trial-handle=1892,i,10889411340428638690,14991784847069888817,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Temp1_Payment Slip.zip\Payment Slip.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Payment Slip.zip\Payment Slip.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4260
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4796
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4888

C:\Users\Admin\AppData\Local\Temp\Temp1_Payment Slip.zip\Payment Slip.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Payment Slip.zip\Payment Slip.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:1216
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4624
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im qqavaqfk.exe /f
  2⤵
  - Kills process with taskkill
  PID:3496
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
184KB

MD5
990324ce59f0281c7b36fb9889e8887f

SHA1
35abc926cbea649385d104b1fd2963055454bf27

SHA256
67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc

SHA512
31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bd0a1afbfbf2cafd09ae869e7f9ff42e

SHA1
9d73edfd4b72156635df63171daeaab90fac6bd5

SHA256
b2af0f80506f7f008b7d2b1fad640bb9e8f97d96a57f4ff66ebe660ed41641fa

SHA512
a07912c2028b368e0d4aa544120b8bb3a964d472f5de2762711086feee1085ea5edabd06df61a8dd70496449fbfc7450760f3bb3be17f43a57eed5dd00d3c6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1eb2501214670cbf020b0543b7e2053f

SHA1
872f2372f9926e0e7f6290fea877de9b9f49b4d8

SHA256
ce8ff4c4c3b25ed31cdfe5b237b46058afdfed7a39e147e85eaa50ad58d576b7

SHA512
d786480eb3b54df682c4b63b947e37dc086facfb4a2777fa582d30efc34b03d84f7013f0c6f3e9626d05066537e580bdb3f1f27fef3cbdd27c22f9f45568bed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d61703844878aebceed1e7658efb0cb4

SHA1
bd9e0047f0da0ef031954afc03a11e3777646181

SHA256
0376d0f0e10a7075360251fb05c5f21e2fae79e28a386b4b366163dfba3f1066

SHA512
10fa6ccafecead8004f7b1ac6396c2b12edc5a18d7ae4ac4a44b2e2a3cbb043444c5f15f5c298c8f601e6ef878910be74a790ccaa211595240dbea264ba99f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c1913161cbdf2be578614a7b2835def2

SHA1
8a4b8770b389631438a82f70401f7906f6fc9819

SHA256
d9c40dc1a33913dd1477dc40005496c0a90d4af5b1eb37a7c3e5d6ec7d4ce7ca

SHA512
d80f1c56b129f2aab93ec5569e38923d92e53675d6021d1e9c0c9bd9eb85ff20fd31d7f513c548c1877fa3b10ea6258ec6d1e4d1690612b082abdd804b35f9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6eca8efa7ec72556af6bf796879354f0

SHA1
309a4387f6f045f6c71d47a4d3d6de9126ce406b

SHA256
fe9f6f8ca1dd1aa3680c7df9e9442863f8782a1eb154bf2f3428f75e0a55042b

SHA512
9a2f0cab6cf77c94006ded1812ae01f687b8f7f78bc9e192492da3901c4cd9936decd9946f613945b05a2ba70fd09b269536bffbd41175ffe4e7281f6e7cb318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d137515a2bdbce4178c321e26ef8a288

SHA1
cfd32b30602ccc799de09985f6b918c4dc469b15

SHA256
63b54be8aa82b16db085a35afe3a129b6f82b0086e176964d37bfae078631aaa

SHA512
a66fa5a1c5f2706b4010889934f4a7a5118880873af6e4146a4d4395e2638532715ba083b6ca872f7aa12c118bdc1e3e90bf871080ca1520572c01a2b4cf78a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
152b668972644abe3d3e473d9aed8541

SHA1
0e3a519938accc601b5eca04bf3a94c56b560783

SHA256
ee0881dcf0544dfb4e7c34157c8e7505894f2764f2cf71bd3f4b93bfa62daf12

SHA512
0329fcd87692933443ff573bd2e7ee4ea3798b8064d75f53dae633abffeb5d8e1d0daf1dcf3dec376bc00d92b2e748f2b3fcad7588f14fe470265ba111b11616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
53e6d2a2df30bd7efcac883c29abdbee

SHA1
29297102f5e241a36cd02bb2dacb35907f1cd959

SHA256
c3d35b122b152f3e4b228b63fb1dfeb68f428cc9270cd2b290f20a6395af19d8

SHA512
f0a75ecd61f0950376733e713d813d7980b08ba76710740078a38c7ab9ba4be373a0f01fabbc3e8f0192f06205b375b09af4a9f8ca4ff2cef36a758801003f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e4c2ac8bc2cfe32fd3247dd804704c1

SHA1
0a1ed5835f6b438410d887bc950a376dd2bf9abb

SHA256
6311d07b22b92fe056851f65ea378a6b574142eba1f75281c9f228f3ff462fb9

SHA512
3cd1b215370bbf952f58bd62faa125ac3bdedf2f800f56d66b85763ff01ba897bec7563077a28578731a04fd38c12744b2db905872f6b4441a591341609c8f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc5d9541ed2b2f49ccdadcaa8187e69c

SHA1
8c74706dfa10768c028a5dca5440478d06238ae1

SHA256
ce498ccb4e93ae2c1aa68473304062f4afbae4598fbcb014f85d2ad8461fadb8

SHA512
470e0902e5e252e79212a19341aaebe3bec1b3ca3eb7c35af8c668662089df34e7142e5a66926af36d9bb2546c4021908c095f86405858f1c66f0b3541e728ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
44a4e388e2fe365a052cb62d07222265

SHA1
685f7b05e2b0e9ef01c5f12a5a335907a7a6f4f9

SHA256
a365c07571c04fd4d02065d860f4b2eff7fe9884cc5d311f6572654e3ca55d6c

SHA512
93fcc96ae96ddecbab38b8035cce6cea6dbd7753bedf4e3c96a3f509aa15948d4165e6c58ff8d40ae9633f8950ea538ed9f1a42ee2eab4b344a047ddcc910d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f8a0ee62069847195a72e0b14408339b

SHA1
5172c8e70f62c8efa2acb6eb9845df278aa9400b

SHA256
d76b459f0361df69f4eb71dbd11e0c1950fe12119f02d4de3f4a88e832f53c36

SHA512
f1ecc7ed82b20c697750d6c47653c7692d0c6ead4234057c38c9e3ab763eb5bd5f309d8aa6bae141ae937787f1f1da5e2cd8c607789d3ccf3c3837a93b86d02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cf82d20d43f2b829bd564d3ff9556d12

SHA1
36da8e32fd48176ecd575fe43c60b06c88407fb1

SHA256
0d45ac7564a1bbf5b3c08da19ded9d467c465563b327aa2c67026844d135aeb7

SHA512
d5f15f8bde87919216e258cfef5f81a3732a462e6cf8a9f51c14af4366d25cf95fb33e739333086337782080aaa70a4dcd16b2e62a9237a694079792fa828a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
434f4b24747f80f3bb20e070e4f995e2

SHA1
c688fc3a0cdea583f0f428cee08893a48eca15f3

SHA256
1ee2e5c9a9793aeac863eb91fbcfbd48d71dcf807fb3f60e824c00766310d04a

SHA512
b8f53713bfcc4a30f6125cdcf5668a1fb15e12c438f772d3df59955cd3f1e0eb0b127ff110e88c16107d193ea8a0494772c9b529b5003044d1866910bfb8c0a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c556f2d0ee277462c072a0f7a71c3bd

SHA1
bd133f5f2b07a75828ad973115320b5714ccf6cf

SHA256
b1d69344cf2f0fadad69ee8823251dbe959cb174595dea3bf1fa8293068fa0ce

SHA512
079b5c0db795567794e3402c1d43872712217fec33fedefe89549f2e2bb9f1a7306e202f729a78eb9693b9c622826873206a4b770e38b56ee40318761912f986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d634d01535ff37ea940a23d6f85b2c24

SHA1
0ecfdf4b13e2bb29f12dea2564ffc2704b0f0748

SHA256
f3805a33fd795399ab7fa66ef46e8d3d0d294202e0fca75e2167d789556f6899

SHA512
15a382cf01fe2b1a27f762f7a7000b654bc9c22e8d5cdf2bae62f2f117b8d0611e631858ad370876898609c2b953e97262831ac10b4e9b760a895951ffa166eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b4c67f61baf70548579921db4dbf4dc

SHA1
df366c8e9a13a64e40a5f17f17cc7721e9cfe32c

SHA256
05a546615ff7a327ed420a291ec0069c003397e22afd4a4be61cb7ad57cf1e6a

SHA512
e963cffe957c146733ba8737ca6ac2d2c2373dbeab8e26f2bbdd43699de517d0f07c94a966696a6c669837a1e2035d8e2f9b2c03a432624b7be33b7fcaff71cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9ac2a7f95e65eed49a65ade8f3838d54

SHA1
66f9388cdf1b221445755f698cf062b40d60cdb3

SHA256
2f2f530ca174fbdec6bad15b9da44c0912592fa3cb15bf3c1b9992bb934ecd1d

SHA512
c29865c11202e3053be36788500dd48eab26359c91a30bc4bd3a8bb87ecccac79404242b38ed256a87761cb990bf9d1c449f4f3e8b0c3c5e610389ee03242ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\100917d6-0c1e-4ac4-8adf-a9456a528b34\index-dir\the-real-index

Filesize
480B

MD5
16f9153de3f8240ebde2528d143df820

SHA1
830ed8e0e392de0d7aabf39f0e2dcc7615a332a3

SHA256
5561fed513dde0dfbb49ce525c875690cda070317716758c9faa7dbf43c8f4bc

SHA512
baf84ada4d9cdd3199240238afb10470cdbbc54f78d8874f0a5d98637729e65dbd09969ed48888486845315a96c239b9bbb2b97de4af19dc2e353b4846168168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\100917d6-0c1e-4ac4-8adf-a9456a528b34\index-dir\the-real-index~RFe59cd58.TMP

Filesize
48B

MD5
46dd4c7fc6af92ae2ca1b186f7515ba6

SHA1
97804af42387bbbdfe9c009841e5a16882a7b7c7

SHA256
d2c1d5d97b911229cc4c2cfddd00ea84eea880a86a4285f3466a5dc825442dda

SHA512
8a372983d85bdbe3d8452c45098e6ac177e72eaec800bd4b877d534b203b9a570e1cd520824eb8d3d7ba036d7077c55ee86c6f897007cc29e97f93b65284b378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
124B

MD5
d9509b6589551dd1426d8925d50f6183

SHA1
d57dd41370e2900106e663b9870f51db20eb17a5

SHA256
01004bc0c284411ccbd6543cb760d1f531bed8da66265c31e00242bea1d253b7

SHA512
b96f9a8bf8ff5aec033ada089fd37a58312ff2c9521ef86c33e5de24df49386e54398290dd80862cb2be07c475e5822b1a76c35c603e517463b922aaabf25a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe59cd97.TMP

Filesize
128B

MD5
6985069e36be3c278618e69706a47b47

SHA1
f5b62d52992d581c6fb7da3fe58e9395a49c127e

SHA256
2b3719708d4b2c0fa8896d50775021557102b72a508877d952953f3b50367168

SHA512
018021a85dac1f450f0091df3f2fe58f31ce8dfbb17f1514e133679b26c10004622919e22c411116836e428131fa6c70b44fc67d91b0332c9ef1c7ca2f4ad107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d362653614edb8160b21699cca132d3f

SHA1
72105dac8318654b7091a8d5b4ba58e32bf0c91a

SHA256
450c4767bca47f4775d8cef6294dba18a41dcc5676bfd6e057703ba58be78e29

SHA512
9df3a43f9ba82804c70219ff1fa6bd8e02fdc0116e47ee710b68f83876badfc64eb1b7efa605ae8f0c3bec368f9225594762eefe5bc0b307f0808b50e6945388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aff2.TMP

Filesize
48B

MD5
df50d0cffba72d207232813e0a7c4273

SHA1
09abac31b67b5bb82e36e2ebc8154acb5f1ad804

SHA256
8fd2257e9ba381bfae4cf0d2be41dba3c1001d87bd552d54b7a8c9f78ffc7553

SHA512
5fc98abd56481550a805591a7ed7410ea8beaa73dd1443c11d4b5b1cffe444f0cae516f08d5986045067b8b93d1c068ae5a7dd3da2f183592e44976a078edc2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
4a7d73696d74e00a287d6340c3e911ef

SHA1
3a63d721564c10bf35d397260b795c9080d2d290

SHA256
1e2f6bda158b263632e828881fe567b5e2d21342631d5e0e53ac8f7c7e6d77ba

SHA512
118c327646f27c32082810786d693b419dadd53b83d4389dd5ed1b368345521c92abc245dce79c7748d3b21b4539dc51aee250c198948d4b52961d42d5309667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
52a85488af6f3298aa00ee2c98728419

SHA1
d8cd9045650c58177ff001c3a277acddaad287ae

SHA256
09e1cd4633c0f06cd7850afeb41a86763abd49edd158c91568ecd6b906c381a8

SHA512
a8d73781941e546abafb0db0b8788e1078af45336fe5ebce9d100043be51746546f324ebb80814aeb7c3adad5476e0b78a71fe4770eefd252530873d6abb996f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
d25b1b2bf8ec4580b88ddb8a23d89e46

SHA1
c63f27df56a3f8bf6e5b79f32f034f22291a07f0

SHA256
33e12b21ac362cbd2edba1324b4307d463e6429136e5d370791ccd8251c1b036

SHA512
b9f7bccc461a179de73546334f74ebb9419491930b4a7da7a67a5d0fb69ff15e8c77b1a8690bf03d27f01d1d26fa549258d2bd7e2091793832f2176ef45adf82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
c6686414e31e3216734fb7ce7d8b127a

SHA1
6a24a20e04a6cb7cfc635cddf5594bf678ca4e5d

SHA256
35618926bbff787360cd247cf5cc8fdcf9c655dea138df1e25cb2b538732ddac

SHA512
73b810a075ae33722f2b7c250f898047865339d2192b56c3468bf586eb6f93d488d86cfbf5d50899890c7a1ce978bada90cc6767c8d043a02a47af88104e928e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
0d6e7736928a25c6b09685342944efe2

SHA1
275dc9ade5d06d31fbdde7138ac7d0a55019a966

SHA256
db30253f0f7087b6e8efe37eba9657ceb5a21f37504e8e5454d5fbb8c0c2f484

SHA512
009c1657aff9d7fb66f5e320fea600c7144d91718dd5c6333e5244417fe81074bb4d9e7d7cb1a4216e807bcd96924b3d33cde16e2007bf026dd5dbaaa4f02d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
2f5f92f60c3610919e1f9e90ee765726

SHA1
2ffd94ed1be970f19cbedf7841283b7473f668bb

SHA256
c7574dd0576a6cea60e5ffd270534d18eadf20a8e4d8f51b7f2830a73a350fa3

SHA512
93b0368019adeb425d374629ce985292732d64ddb7b10d2117dae8fa57c28b0de7c893f3f10e466e5c0d0b342b35ec37e1fabbc7100f06505310f678c439f1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5882c7.TMP

Filesize
103KB

MD5
e79411666d0d04d117895bb5cb194b88

SHA1
5d42aa09ea41fc076ca0669f29606d5908283d2a

SHA256
fe89b40412d2530787c09c065d294c802b21108e70afe44c7844c81a35ec48dd

SHA512
3c4589d62c1b00eec6e447653f3f2c0e383426a3229689898b2e6f44c8a5ca2227fafca601de65ce12886f8b3eb3e2879b508294b0cbba2a77745117038332e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe

Filesize
2.3MB

MD5
ea8a33e6734ef6c18b8f4237238fa5c4

SHA1
3189cf72c0a60c01c6bb7e18f7baf0b3f0cbeba6

SHA256
5206f769ba3393f81809518357dcffeab3316879ff00e58aee803b2dd2eb69ee

SHA512
4c37fac8bbde4e3ca23d186eba4ee39a17a2427ed3526c79521ed2a67104fdafd063ef6388931b94baac5522ddb5a66298fe619f76eaa32b750f31b672cd24d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe

Filesize
2.3MB

MD5
ea8a33e6734ef6c18b8f4237238fa5c4

SHA1
3189cf72c0a60c01c6bb7e18f7baf0b3f0cbeba6

SHA256
5206f769ba3393f81809518357dcffeab3316879ff00e58aee803b2dd2eb69ee

SHA512
4c37fac8bbde4e3ca23d186eba4ee39a17a2427ed3526c79521ed2a67104fdafd063ef6388931b94baac5522ddb5a66298fe619f76eaa32b750f31b672cd24d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe

Filesize
2.3MB

MD5
ea8a33e6734ef6c18b8f4237238fa5c4

SHA1
3189cf72c0a60c01c6bb7e18f7baf0b3f0cbeba6

SHA256
5206f769ba3393f81809518357dcffeab3316879ff00e58aee803b2dd2eb69ee

SHA512
4c37fac8bbde4e3ca23d186eba4ee39a17a2427ed3526c79521ed2a67104fdafd063ef6388931b94baac5522ddb5a66298fe619f76eaa32b750f31b672cd24d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqavaqfk.exe

Filesize
2.3MB

MD5
ea8a33e6734ef6c18b8f4237238fa5c4

SHA1
3189cf72c0a60c01c6bb7e18f7baf0b3f0cbeba6

SHA256
5206f769ba3393f81809518357dcffeab3316879ff00e58aee803b2dd2eb69ee

SHA512
4c37fac8bbde4e3ca23d186eba4ee39a17a2427ed3526c79521ed2a67104fdafd063ef6388931b94baac5522ddb5a66298fe619f76eaa32b750f31b672cd24d3

Download Submit
C:\Users\Admin\Downloads\Payment Slip.zip.crdownload

Filesize
2.1MB

MD5
c5ea4c8c8fb0b76599faeae4734177af

SHA1
7b349c3425561ec1a1717bbf82fbe411be970e90

SHA256
e85682ddde192b76bbd05ccadd51691172d562d39f42f96527167afda87b7877

SHA512
26373814461761f9a50bbc4b3f4da4a21887709d7e3027518e9395b1c93f47d4b626eba6d2c6e21d0f3cfd20f140e7c2d8d1646a99fff80fbf96823c0028757c

Download Submit