kutaki | hxxp://lifeinfotech[.]in/admin/ttm[.]htm

Analysis

max time kernel
601s
max time network
490s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2023 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lifeinfotech.in/admin/ttm.htm

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://linkwotowoto.club/new/two.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Kutaki Executable 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	family_kutaki
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	family_kutaki
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	family_kutaki
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	family_kutaki

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cmd.execmd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	cmd.exe

Drops startup file 4 IoCs

Processes:

Tax Payment Confirmation.exeTax Payment Confirmation.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	Tax Payment Confirmation.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	Tax Payment Confirmation.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	Tax Payment Confirmation.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe	Tax Payment Confirmation.exe

Executes dropped EXE 2 IoCs

Processes:

srbkkrfk.exesrbkkrfk.exe

pid process

5840 srbkkrfk.exe
4712 srbkkrfk.exe

pid	process
5840	srbkkrfk.exe
4712	srbkkrfk.exe

Drops file in Windows directory 2 IoCs

Processes:

mspaint.exemspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

3808 taskkill.exe

pid	process
3808	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437768144880282"	chrome.exe

Modifies registry class 3 IoCs

Processes:

chrome.execmd.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exemspaint.exechrome.exemspaint.exe

pid process

5036 chrome.exe
5036 chrome.exe
1168 mspaint.exe
1168 mspaint.exe
4312 chrome.exe
4312 chrome.exe
6084 mspaint.exe
6084 mspaint.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe

pid	process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

chrome.exe

pid	process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

Tax Payment Confirmation.exesrbkkrfk.exemspaint.exeTax Payment Confirmation.exemspaint.exesrbkkrfk.exe

pid	process
4224	Tax Payment Confirmation.exe
4224	Tax Payment Confirmation.exe
4224	Tax Payment Confirmation.exe
5840	srbkkrfk.exe
5840	srbkkrfk.exe
5840	srbkkrfk.exe
1168	mspaint.exe
1168	mspaint.exe
1168	mspaint.exe
1168	mspaint.exe
4044	Tax Payment Confirmation.exe
4044	Tax Payment Confirmation.exe
4044	Tax Payment Confirmation.exe
6084	mspaint.exe
6084	mspaint.exe
6084	mspaint.exe
6084	mspaint.exe
4712	srbkkrfk.exe
4712	srbkkrfk.exe
4712	srbkkrfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5036 wrote to memory of 1140	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 1140	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 2352	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4100	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4100	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe
PID 5036 wrote to memory of 4520	5036	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://lifeinfotech.in/admin/ttm.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff965e29758,0x7ff965e29768,0x7ff965e29778
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:2
2⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:3832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3176 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5100 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5812 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:5296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4628 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:5552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:5880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5816 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5428 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:5540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3084 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3968 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4664 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:1
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=1848,i,1939013664820864943,11081690840388012156,131072 /prefetch:8
2⤵
PID:560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Temp1_Tax Payment Confirmation.zip\Tax Payment Confirmation.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Tax Payment Confirmation.zip\Tax Payment Confirmation.exe"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4224

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\NewBitmapImage.bmp
2⤵
- Checks computer location settings
- Modifies registry class
PID:412

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\NewBitmapImage.bmp"
3⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5840

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Temp1_Tax Payment Confirmation.zip\Tax Payment Confirmation.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Tax Payment Confirmation.zip\Tax Payment Confirmation.exe"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:4044

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\NewBitmapImage.bmp
2⤵
- Checks computer location settings
- Modifies registry class
PID:3768

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\NewBitmapImage.bmp"
3⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6084

C:\Windows\SysWOW64\taskkill.exe
taskkill /im srbkkrfk.exe /f
2⤵
- Kills process with taskkill
PID:3808

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\22812930-3307-48f0-9635-3405b35c5e8c.tmp
Filesize
7KB

MD5
4b79d7bd597af47d8728b6a0e685fdde

SHA1
b5cc5b1d2ce13e0ede8444d5ceeb2ffc340d4134

SHA256
b44a6af0d80b953da644c141d6b842e8042c8de507238dfdc548ceb1f35966b1

SHA512
519bfac91b193e2d90016e20cb9257ec24fa0cc017840d3c455857c955300ae0881f503ada7a845d3f5d120a8cba0c8d67f3d1de38db52dfa97cd896dde18d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\88508dd9-e618-4848-ab0b-9d8897dc8c28.tmp
Filesize
6KB

MD5
f76bb5c9f343dc4c3b6f7959e1c6169f

SHA1
ceefc30e4bfabfcecf8ad751e56b506a7a173960

SHA256
ff22a532fb19f36b00f96bf78546a83dccc370d632a42b5b5a38a291e2ecfa62

SHA512
c85fad92082562e8297c85d5ba24c6fd4c4ba75700b4475a84f2083484257708f040cea5daaa7a36f4056e5c3b68f7ab42add077c8a6fcedac1dbfd71a18f563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
186KB

MD5
4a2977698422c3c6e58b664643322efa

SHA1
939e0f3f916f936be7c8c49121d8f245b99cab1b

SHA256
d60610d21436821de350b6e21d3915e5ea1617d97cf20f7aaa1d5ae782cc4cd8

SHA512
ca9d91650de72ff1faed43344dbc86ea3e81d4fd615b89347d31c7676fde084ddcae30a9dbfa3b341ec32b00966004fe7d6d96e383b18363ebd8f02b982ffd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
4f0f9f6dee7cf5c3182ddb446eecf94f

SHA1
a9e65ab3a6b3335b8afdb63681d81daada4c14c3

SHA256
e4956432e55e4121707d276baae7f2eced2d6ed27fea1cfb53a29c1627881b28

SHA512
131518e2ff2df01862420126a66852498b2fd92ff658907d2a468bcf0afa6839a372a9304beb77d2ed1ba8145822ef49ad5b66761c05c9768b50be02a21bddfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
1c8916ea0f543c02fe9bce91f07472d4

SHA1
3c9801938285d237369ad19ad955edf07f15c29e

SHA256
67da8743f8e730dda4b5456d0be2a4b40572b9b4cc7497a9f8320b35fef980c0

SHA512
8530ef084278b5833edefd848999d9bf861a97f679b8d5af3a87e6187446d704333bd27e6b853bb1eec43d78ac22f0d79dd40cf1c15348ddae6d3a6be3e04944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
31d4503805fcd10b7018a2ad47a35be4

SHA1
fd2faca70f361da7d44e4e2ec013016c1ebc5a65

SHA256
8f3f80c3151bdd0ec568472483649a4173d3587d9cd49a39f4dc31a2e6c727cd

SHA512
e4657d065f13e92ca9cd675e1ffdb969c7ebbe27e264da6ff604270f779431de2a8a0aad7975a8e4200b12139c738694a4db4ee99e5c238c29df6676bf9f738a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
323d58c8d10017252fdd6a7a3fb4982a

SHA1
d3687a9e0db5ebd38920e831b0e5162fcfce2e43

SHA256
f85333cc9aa2607eb8ceae6ad7bfeec23880e7a9a54381d9afdc9d4190cd7a28

SHA512
2d7f33ff6a5e02c1aee603801d1c773174709d7e4cf6c5a3cf84fdd3822e6f98febc7abef6801f126ffb7f2a932e8b538a827d2d7a3aa359ef509aa36ecaaad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
06be8d459261f35697fa2dd2e29635db

SHA1
4299ea833fdcfe7cd5cd9a813d5991ddbcc618cb

SHA256
cf33c3884cc914bc0b2042af6862a744b5bb58fcc30552827d530d0ee3228d05

SHA512
2a6865c3e6e0df293617946b75da99ebcc125d3e23f42103f4cdfcf4454218abde16b871c9f3dd6394bff43202a33af4c8ca660a0f43d0d72afacd5065a91a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
257f28aec9dabdc763c8307255c92ec1

SHA1
97944b61f685196adb2cb1db305bef6fae71eced

SHA256
cdfddcdf8436c27e03c64a9ff83ff6824c3a10a2ec0aa55351126f15773b9aee

SHA512
efea4955a18549d32e2bebf0f1aa211ca469fbbed031173b05b05cc788b8061d715d7bbc6daafdae09b359fb21e44886140f3ca4a6204d09a53a51911aa4226d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
5b9bbd274a5ad3eca95368168bcaabba

SHA1
4ff41d611c8a56672266c2afa7be48eea3f92f06

SHA256
51aadc0df0eef119e230cc6667848c8d603fb718148e126806d986303eadf51f

SHA512
a1308a855bfef537ce395350bd0ad748a6d18da0417075ef01e8d9041c4ccaa15d3a3bd814c9908d8967455a87737b4a27c3d80e26364e5ffe757a4143c87d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
5cd15631a99d9d7e73b62ed5fe4b49de

SHA1
957815e29c546f0a3c6deca2e197b71840232acb

SHA256
cfd542ed0e018803c2c3779200f7a51beb450421a813f2179b03bbb73e4f29a5

SHA512
5c17e7af4bbd6710cb3b92598a1643f00cc00a8aa2ad0e5d88abf43d0516ed348e1ba65b5d4d04a4af26e5588cd19fdb24202e34db788eb214d821745b06f777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
8ce270afbf6db888564520ea4485416f

SHA1
82cd8e57082161ac1e685607fa4ed5a0257bf672

SHA256
f32e7b30f5674eaa739fe61f1486241ee7b5c330adcdb19884a1238e5b125f24

SHA512
fc04a10e5b7b71e6c5309eb9fa939a7c576c92f124319d2bda5a1dd93551c1327ea2018604047751e3af379e1bcedcb2d7d6dd3849268b434169b150ef280c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
faa0181fb1ae66671a21f75ce46cfaf7

SHA1
5ff9252eb88ee6bc0f888136dab3eaca8fb2262d

SHA256
47992e721f79e344b7af8944033e6679ca3141b312a7c2b8185a95c8217de603

SHA512
7a887407b145c5cd8882a3224ec2dde782ddb424a7e389a684fa7952f2e21d3d2d255388c192614b75093dc61352f58aea084952a3e30d55674cdf607eff96d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\8ad4f8fa-024d-4dbb-a7a9-6751ca02a1b4\index-dir\the-real-index
Filesize
480B

MD5
bfd757e4d629e1a8b0b18c5c39f8cb0a

SHA1
7f0c509d7c7bdd1ddc1696863679a90474031612

SHA256
5f73991d38cb3a2634155911831d9d6b09443d681be6113e22f30a203471850f

SHA512
e579e21d203660bc681d2b75c0baec2f55bfd30a4d33ebd0be37c83933780ea744587bbe0fe48df22c9fc1cf51edfd7f16ef15ad575c1f1153a1fc4fa4ead020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\8ad4f8fa-024d-4dbb-a7a9-6751ca02a1b4\index-dir\the-real-index~RFe5a952d.TMP
Filesize
48B

MD5
63c45b5e8e8dfd701ee3649f70dc4be7

SHA1
990b5d74b86b757ae76d4fc262c451d14f7a0ba1

SHA256
11bd234633151424206856f2d47e70ea9f0a9b9f4e510cbe9252e0798b8108e9

SHA512
2999a0a124c100f3547182a890855522e0f62674461849f8b5eb44f82a1dbd0d8034ac3d74cd41f80c7d2ba862608cc6eb02a8c159f7729b0f8eefc145415d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
Filesize
124B

MD5
d1085f86121d63d446df13d620de2f69

SHA1
d966e837e84327e2224a59e994d098fa452e4c39

SHA256
f63b3aaf8e40876e01b6dfb4a491f2df59a354c9156e260d940b6a79405ed09f

SHA512
f5b9002c61885eb2b76e10e7670107422482109e3c162d9f99ac368bfbd33de383f46a5de98176244b7bc40a7108345ea8ad09b5800738d75d96ba31f6136e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5a955c.TMP
Filesize
128B

MD5
131c5a3f28cc8c7eaa01b885ae94a2b6

SHA1
7d32b2176467bd46845246f9555d41e43f60df3b

SHA256
29357af94043dc1e24dadb0eb71c7a9b06ab2e75f390dbb7dcd985cb82d5b67b

SHA512
275f76eb81871c6766d326bbe64c347451a5d5fa446dc14713a2f956b113674b3531f050935b6ae361387c80ed476879fe76c835a82197c046b23a3ad4c7c5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
111KB

MD5
60b1a3ac21081def96d82590d22a59bc

SHA1
b222be6c48819a89f223a5d9782c2beacc753c50

SHA256
18004a14fe49143a5b5a3b2a340b0a556a12a479604a986f130fe62473e52c7a

SHA512
97702388393fd35ab0c01021a62b5cd675b386b6a21fcb85a2e112f9d864506fcad35e049e07f3696b33c43b0af9f68cb9729e46ae15d49f6d5b6a17859b85d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
e4247f19a6fef0c35b45a10efbbbec5a

SHA1
9bcf11972874e2a91c6bfc0d2c221166990bd4da

SHA256
53112353b61ed6427a57ef0df7fa11124c104e2452402b762f3b66863ac5c6be

SHA512
f324a07ecc278e206f4772696fd5bd1a638e15fce8e77b69700833c1a96a6607438edebcbe40df29cfc3f352478eab6584e51fd6685c16c0db736e91716551ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586ed2.TMP
Filesize
48B

MD5
ca8e55e48a6ead0b9f3708a4f9300f3b

SHA1
96fbe0d0ccceb8bfadf4990862ec476d582352af

SHA256
6658eca910d0194f85d1e4cb9460185753d0e0cbb32c41fe82eb98dab8b85c6d

SHA512
00d91bba6f624ee8da8adfae908946a8448b1cd557f61adba4174ed6c7e9d9636e796cd040e2df3e853e02ca041daf5251ea4401d039ea59e452e9d2f868beae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
109KB

MD5
936509eb39d8c4b871b71504368d0dde

SHA1
d251c53b39ef01923116c83cb2b2839c421b3953

SHA256
07edbe13c6bb36cb79bf83d1d3635583283a0342ff19a481ead258c623f521f8

SHA512
596f7b922be920f4cec936243b01344654b1dcb7a2491992e627c628926fc01ec4e85010e76d4dcd9e10e73545eaa28333d40ca0e2443b81f0cbc8481cd939ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
109KB

MD5
3af150d047b01b4547948c9afa53cb87

SHA1
361223f3d81ebdf52f02f49fe27f5cc5d90c091e

SHA256
509717a25c131b84549a5bc8369976daf6beaa0c9abcb5e0d491ae6b758876aa

SHA512
5601ea5974ddab4a9d23311801533e5117ba45982f74f628212fff9557c1f1947b080ac820dd577ba45df972810a9059ccdb5f38b2963b146c6ba9966b26d3a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
109KB

MD5
616c4933933ff09b2758e3887958c727

SHA1
0472c0ff5f572843663b6496ec796a847e846bee

SHA256
1c5cbd713f3d82904fd6d298c97bc0c7c9a554ca7972bd4ea1e46b21c9bd1870

SHA512
7293527edd2b6a4676c154cc31c457ac49578f568e4c66c1e1b2d724da8e7a25067b352f82fa043467500fdfb7f63c76d71fc7c08ccca5508ff3a5e754328aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
258b8adffb94de8e72bce9f5aaa77d58

SHA1
04333ae38dba0d73e8a03199d78a6a886170564e

SHA256
2b8f49bd0f1d3580898133d846be4fe461e474b49a29c9c6011457a57cacd65b

SHA512
971c4b06f1692189fd878ca9204386dea8033f057d712113c0b2549829d46e09e32aa86375651491815a5b0d664cc68f450ea5878e1c8b4b22e52d7b1a132336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
4c764e11418fac09cccb41c196c2ceff

SHA1
9888cd6fdf2cedd535041f61d736ccb0c89cccdb

SHA256
6d1b453ab6fe22fc70e30664e41e9d43137d521628bb1e7d2e5f43ed645ddfce

SHA512
60ed1b268b0329b8c9bae8b95694bcb92d9f0139847c7de06ad9d69fdab9231248b3e3a89ec4f7c1d06b66e37e937e83887d7e98879d46a17bfe157674a023ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
8183880bf6dc34e3920cc04d26a29292

SHA1
4b7d3fe21e037e1cec33b5c24402276f24466b97

SHA256
d7936063913f9966d3fd4c1b2e54e8169a5e1edf0589c757d4c77926a928aa4f

SHA512
5074292077b1124323bbf1803261cecc228e031e75b54d21227d1de309de3f88b3a68766c4440c4b18468dee3ee768307290f84aa79c46b77a0aa761d153d4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584ca4.TMP
Filesize
103KB

MD5
a5f41c00747933dcf5faf13b472c8baa

SHA1
3c7af437e03e883547f6ea804c5359a5d5c07a8a

SHA256
aea9feb5ad1a6410f504471f785cb73e07c8e8f5ad0a1d35bcac972eb403e2e5

SHA512
3659391f73ba4386e8863a3d278011d6b93c65b01fe00478ca091c79ec25e8d34f8d9f6cd6a8a2ff7f36a7269c3d6dabe36094672bbef744f2bfb6c6301e5670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe
Filesize
757KB

MD5
1bb1b114532b07e938ab520ea2e6ea36

SHA1
261c45b65738259010e7c8f55966592c9b721499

SHA256
fbd6a43e2786985c5cd1568f5c9778384ec8946cf1e5bafa509d4cdbffc64c9c

SHA512
7db2b30fedbab440ba245fbda10e559d61978971992acbc20526e96a8a13666f9907d4f8f0eb531dad53cdde360e3f1028feb839816a34f690e14efe20d34e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe
Filesize
757KB

MD5
1bb1b114532b07e938ab520ea2e6ea36

SHA1
261c45b65738259010e7c8f55966592c9b721499

SHA256
fbd6a43e2786985c5cd1568f5c9778384ec8946cf1e5bafa509d4cdbffc64c9c

SHA512
7db2b30fedbab440ba245fbda10e559d61978971992acbc20526e96a8a13666f9907d4f8f0eb531dad53cdde360e3f1028feb839816a34f690e14efe20d34e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe
Filesize
757KB

MD5
1bb1b114532b07e938ab520ea2e6ea36

SHA1
261c45b65738259010e7c8f55966592c9b721499

SHA256
fbd6a43e2786985c5cd1568f5c9778384ec8946cf1e5bafa509d4cdbffc64c9c

SHA512
7db2b30fedbab440ba245fbda10e559d61978971992acbc20526e96a8a13666f9907d4f8f0eb531dad53cdde360e3f1028feb839816a34f690e14efe20d34e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srbkkrfk.exe
Filesize
757KB

MD5
1bb1b114532b07e938ab520ea2e6ea36

SHA1
261c45b65738259010e7c8f55966592c9b721499

SHA256
fbd6a43e2786985c5cd1568f5c9778384ec8946cf1e5bafa509d4cdbffc64c9c

SHA512
7db2b30fedbab440ba245fbda10e559d61978971992acbc20526e96a8a13666f9907d4f8f0eb531dad53cdde360e3f1028feb839816a34f690e14efe20d34e2e

Download Submit
C:\Users\Admin\Downloads\Tax Payment Confirmation.zip
Filesize
395KB

MD5
a830204979354d501e6550cecff79884

SHA1
db12baf0a49de355c9efbd8200a2e3d683b6f38b

SHA256
ff13219370cdcfc92a0cf224cad820087e8c13a9df998b71b15a0a0a3191b918

SHA512
37fb11b7d89fb57cfa1428b4b44b8a2a2f2e0e72e261aeb58c08fd1a20583b5326fbf5860dc6f0a4eeea1e4331c16c3e4f42b21b4cd332a6ce42995d8a661d55

Download Submit
C:\Windows\Debug\WIA\wiatrace.log
Filesize
1KB

MD5
1c7beb7ac89a4a060a9935c5d71e1aba

SHA1
ba795d8b4c2a5afd2f3e26521b269a8d38f67a25

SHA256
37163b299de143336fd36aa1dc71e6bf76e664fed404fafbacea21882cc62c78

SHA512
2a6614d7c550eb8abed0605e4c1c30d37ac93cef2e52515fe3aa9ac5341cdd67cc2dd561f526bb06f0e05d8aa1219a403bd4775627cc6b38369f14b6254880b1

Download Submit
\??\pipe\crashpad_5036_JVFHPWYAZGPKRTOS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit