kutaki | hxxp://burnwomanburn[.]com/wp-content/uploads/2023/set[.]html

Analysis

max time kernel
299s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2023 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://burnwomanburn.com/wp-content/uploads/2023/set.html

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 6 IoCs

Processes:

INF_NEFT_Invoice.batINF_NEFT_Invoice.batINF_NEFT_Invoice.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe	INF_NEFT_Invoice.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe	INF_NEFT_Invoice.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe	INF_NEFT_Invoice.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe	INF_NEFT_Invoice.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe	INF_NEFT_Invoice.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe	INF_NEFT_Invoice.bat

Executes dropped EXE 3 IoCs

Processes:

rrrysmfk.exerrrysmfk.exerrrysmfk.exe

pid process

6032 rrrysmfk.exe
5296 rrrysmfk.exe
448 rrrysmfk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
6032	rrrysmfk.exe
5296	rrrysmfk.exe
448	rrrysmfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

5176 taskkill.exe
1444 taskkill.exe

pid	process
5176	taskkill.exe
1444	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451804551616196"	chrome.exe

Modifies registry class 55 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002169f83a7703da01ca7e7ccf8403da01b9c5799cb51dda0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4624 chrome.exe
4624 chrome.exe
3952 chrome.exe
3952 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid process

1996 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe

pid	process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exe

pid	process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

chrome.exeINF_NEFT_Invoice.batrrrysmfk.exeINF_NEFT_Invoice.batrrrysmfk.exeINF_NEFT_Invoice.batrrrysmfk.exe

pid	process
1996	chrome.exe
5852	INF_NEFT_Invoice.bat
5852	INF_NEFT_Invoice.bat
5852	INF_NEFT_Invoice.bat
6032	rrrysmfk.exe
6032	rrrysmfk.exe
6032	rrrysmfk.exe
6080	INF_NEFT_Invoice.bat
6080	INF_NEFT_Invoice.bat
6080	INF_NEFT_Invoice.bat
5296	rrrysmfk.exe
5296	rrrysmfk.exe
5296	rrrysmfk.exe
5356	INF_NEFT_Invoice.bat
5356	INF_NEFT_Invoice.bat
5356	INF_NEFT_Invoice.bat
448	rrrysmfk.exe
448	rrrysmfk.exe
448	rrrysmfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4624 wrote to memory of 2848	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 2848	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4416	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4384	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 4384	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe
PID 4624 wrote to memory of 1548	4624	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://burnwomanburn.com/wp-content/uploads/2023/set.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0c729758,0x7ffb0c729768,0x7ffb0c729778
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:2
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4884 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5208 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5396 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5784 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5624 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5992 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4940 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6032 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5456 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6572 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6176 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6116 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6068 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:1
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:8
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1240,i,17250993194025895904,1315523498190572644,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4552

C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat
"C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:5852

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:5984

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6032

C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat
"C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:6080

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:6140

C:\Windows\SysWOW64\taskkill.exe
taskkill /im rrrysmfk.exe /f
2⤵
- Kills process with taskkill
PID:5176

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5296

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat"
1⤵
PID:1164

C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat
"C:\Users\Admin\Downloads\INF_NEFT_Invoice\INF_NEFT_Invoice.bat"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:5356

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:1900

C:\Windows\SysWOW64\taskkill.exe
taskkill /im rrrysmfk.exe /f
2⤵
- Kills process with taskkill
PID:1444

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
21KB

MD5
f2b9630ac80385d5ed6d6f44af718edb

SHA1
bbae470e108e102f8f816bbcb3497260af11b3fa

SHA256
6a5dc4ef72cdc6361dd8f30c57cfe7c9ab66cb5712d958d5ec482c1bbef9a219

SHA512
d131b29b9c3d43c3003765a226dd4e1dc398dbd1e52db783b28890a6d3aa95376665f1a292e54892bae96f4855001de3e6cf29fd97f753e980251c63734556d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
Filesize
36KB

MD5
c56d34454047252287ba67345f01f838

SHA1
9ef7da832431cd9d4038a0c032834ecb1594607f

SHA256
f74b27625736086b330cac66cf94ca29f9494abf6239685c8b28e3ef8c235256

SHA512
30cd3235806acc23685b0483a52b5559d80a0c2206b0a717612cc1241851be834bfc115f2ce1137a44525916ec12200469b28249e3cff5c374da253ad01bb80a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
88KB

MD5
174859790c25e4e7d28dc22755335139

SHA1
125275b082fdddc91ce39af1e46c0ff7f08df62e

SHA256
2b1604fea50fe55906ecf07952a09096d2eb4a72917ccfec9a5a72b1a69deb07

SHA512
85c55f6edd2474b6b7379c786d655d485935990e58c9ab81c8d53ce7eaacf9ccd46a03e35398328965e082cd86746e5b8bfc731eb35ec394ef447371c26f9412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
Filesize
96KB

MD5
7fd02f660a21c7d4d4f6dd3bf1c0915c

SHA1
b9a139579d027eb2fc5c8e56e0fa000ca49f5f9d

SHA256
ae4fcbd555bd417483311af85ed24bddb5da95b1fe62db389249fc1397fd0062

SHA512
591b8534e2a6959cbbecf1eb681e10ad2fb124f9da14917473819d5064169ac037f50fe7796526575e00cf396947cfc98bd44f115b52f61223cc3a7f378742fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
66KB

MD5
7c235ec0a6e3b35ce4aa26ba423e3593

SHA1
5d44a8fe9442b45c3006ba4d96921c1ad590d106

SHA256
6643478f96946de4445c604a9428a1bf68ca714c221c5d9dbc5cd4329168bf51

SHA512
ece12269dadcf9f38d36ddaf1fc880b27e61f9e93bd6cd073e06da4333c3b6fcc7772872d65249f8e66065972eaa1eff30875c4ebd457e41a03522b564838f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
1KB

MD5
626df9e4a30eb13578d6c49a4d5a285c

SHA1
95e902086165fca53320991ccef675b70d1207d5

SHA256
bd416a70e6619619c4d18ad272e27adb749508793bb9c0a8974f6102275e0f53

SHA512
8dc4b4f2aee2e1e4d9dd8c23d89969ec184cc1ea1dbe8d73c836fce11e810ebb43e3b7a3eb43d4902d518ef7d8752229aa3f625feb5568393335c4c096da2e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
24666b4b9f9c0d2185d341085f38548a

SHA1
1e19b12587cfc13899c4879192355b8944ae9c92

SHA256
1c1c29eb3b6c93791c34d97cd10f0d063690dc811002a2e086d12910d89258ac

SHA512
59fa1cfe17acbabe06e92706805cc8925ed74cf8c3b83cd4bd612915ddb03da41afc5715e7a954f1afc4ebab0958ec6479fa8981f56cba0ec222888b78ab094a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
551c4208a4615248c202504869bb7e5d

SHA1
690e2e97ff02690586d421de55127d11ed0301cc

SHA256
44f82633e30f8d43af1073b7d1704ccac050d05300a7ce90be85edfea5f43a81

SHA512
0bc7fe1429732d8a2e232bcda697fd9ed144f381eb369097dc6667f9c78300d55eb477b07dae8e58aa0908660e4328b9eb682fd5e33cd30f14648be3a9550f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c95722a0fb5ac9d7f30ec544f5b2db64

SHA1
59efe01b75680d011ae52c357961371bcada6fcc

SHA256
aa98c03add8583b08559566db64622b65a756fefb4d881bd352849fefb63854e

SHA512
1345d7e2641251feede105e208e141990d69651f86bdf5141832e40bd012822f399f506b33b18dee00213fc4e399ea8e7e07aa758cba8b81c721e7d98f8698f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8391a139-5ac6-49d0-924a-cc73e724f93e.tmp
Filesize
2KB

MD5
7f60684f95939a2760fc4569d3f9c85c

SHA1
83af7e51b87170086b1c64f16973f1c3bed743d2

SHA256
55c616cc57acbb67128bc06d2618f3f190cd4bcb0e400d0088241769918b6721

SHA512
cd71f1dfda0420ecde39258de32bb978fd107a4c1f373e592675e46a2f581de01ca0a0ead833c13542d559d7141f18f61021abfa08e48fb7c1731eb80378ba6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
a1d4f7cb21b22c2177a86f1a4ddeec25

SHA1
2ce0285f86f87ea75b766753bedfd6eaebc7a485

SHA256
6818c7bb6c6b0875f338427c8824436458930abafab4ac814d3449bfbd47337b

SHA512
c98f183e68ee1c8693ce5ffff1fe7c4369a6b6d9e1d2a4e8191c3d9b5d5b972d2e5a4673c3355d86bf0ade51aeda6f9861702f61c69c84fec6e2e26e37f92e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
d8b51104bdeef3dd743e01e888a36684

SHA1
64bd4c8112c29638ab5216235e4d99edd9e3f267

SHA256
b70df9d5e468cb20a50b1b6e11ece892e14f55f3d03759539c11b06b08fbaa9a

SHA512
b574bdc6cdc82af3998db8d3fb4f3dfaa31dfbdfba95085653820d68f7621d4ebcbf90902dde962fbd9571e33cb50047288b9e3e1581abbdea51837db809ba16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
d79b2ba1d53870d761a8ab93d14b4c7a

SHA1
e9f4eecc4c2e8a4487011b699554296ab39a6b9b

SHA256
f79e477261b42decb229e1b7d75353e4c7a95f0c6a23be69d4cc76e7faf3df75

SHA512
de1686d5d9bc1070865b03c662a930610c63425450a6b649e9d6717adfed2a6c9bc8a2b05a623661c8c7b80a83b6a72c2a9e5b9657c437afcdc716f4594e060b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
883c592ff10a559a47e55cef687ae0a5

SHA1
d0596f2d7233e4f55f03d9cdfc673f5065e6583f

SHA256
874b3e0efdd2163fd6ab192adc64312eb90dc80ca830dd2a9e1158dea738c91c

SHA512
16134109ba4013a31d9c281ae4e2e137d625d02cf3922f211ba6318fd6ab5aa6801665f126e46ade372252fbed4913b0170773fc4fc085e5d583924c1cdb6ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1672ee87f42cfeb8ef64b56b35d4c95b

SHA1
ef19f535accaa9b4920fbf2f43bb792290499e8a

SHA256
950ae56baab69d6ecfc5865be7a39ea495400584547de33e116c78d1379a4bb0

SHA512
13e830e6e4d5be997de902b8f4b696a542103e1a47ca5d9ff6ea0b530fdc34c0452244cc6d461c677934812b174b7be5f3aa77b2fac8f9f9295d5d27e31363c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
52ed7a1cad6353039706ab4ffab5dfb6

SHA1
fbd48d1bce26e7eed6f11a9a42287112119a9d85

SHA256
b053d860aa5b04f4d7502302adb44faebb6aec28ebe2dec2b2fb375da169c787

SHA512
ed5f16f879b3348a7b26f0361ecc760e18ff99f7fb7874d6036208f397cd7db4842f4c9c67fdad1c4c8f880683bd98d6b609de71636782f1ea9836cc11201947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f240dec076ba996a66bed0dabfa5a89f

SHA1
9508e80c0ffbece3eee2c7b1c6ba3f6f94c91ccd

SHA256
d57b6f4376469749e04df090a0d4cb2b8a6cfd3369bf923bb0e679662a1e60e2

SHA512
7537b0c734ac227432349f0c7a233464961c8a4105a8760f107d7fec62498ab3176b882ce1354e3f163189acc8e2e7bf18c4eff8d0c2766b25ec03cafb77776b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
03895a30ffa5fb2b0b265f28f8de92e5

SHA1
9155247ce239e66d1890a582f8d04daaa9b411da

SHA256
a09a1222d65ff27e453c46ed697c2e96b2d2fea06064438cc4ea93914ccba1ea

SHA512
1456a5d2c30ccd3c700013c2147554c1333e2057ed326b3c7f1a4df65797f7257c5cd86624b3f3a958bb80eab84cb2eee05d6adab36be932622af031d69ff89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
66ff3e971c8c0ce90483de175edaa317

SHA1
a16feba9295688efc6a9768cd161af541ace922b

SHA256
288a8d84bffa843373127a23116cebe3b4c7bc862e1f89663d00cd55958d950f

SHA512
eac82dc3b525cd09c7b30a2210ed4c19d7a567154df9cb043ed3f4dd5b77a9a7d3d9eb0ae7c9e4f838cf0d7249da074cf96c9d5c65c678b6fc3935234aa1ffbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7e62c7f84ba701a98cca21b167475134

SHA1
281d27da8605c80be67ad58bb73d8e0ca8144b31

SHA256
b887f51b7bef8124ab06f42231283a634744c4aee21c71bcbcc277ad5c6ddc89

SHA512
7b60035349c51eb7972996c5bc7f24cfaf48c6efeec366a7ab8b5f8c67c9fa9b3e17812ad71e350c88d29390a194bf041c475eb8b325a70a20f97249f4bd6763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7e8fa1a37d3d1f4ad47fddfdedbd7781

SHA1
3eabe5f0affffed666eecf5a9f65a4a1dcd14d6c

SHA256
21a6d10b961c833e57a541353a9379c8357f8295f6aba868b34c49dcbd3e45e2

SHA512
83b1e01bd710650934ad23e7b1f1ba2c72de7ac111fe741447e1c89d8f5adbe398c2742d6eba3838f83dc74dd28b839af86fd0d59aff6d23cf73904973fd4dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
703B

MD5
c8dd7175e9d008dfe0f28f706985fa33

SHA1
0679154dbd54e2b8a7b681fd8f557a16bef022a0

SHA256
1b270eab15532a7a92c34c476b6e8e064d32769f60b09f7cfce5a60a1c4bac10

SHA512
477956fe72dd3acce32b064796ebf1aec04a02e5d88e854aaf6785ae45e5d2597121009635bd5275263443a277fe436e4296e242a6ade6180bb37e6bde409c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a04f64ce794d4d77e36c7f6ac5d0835a

SHA1
11da752c9b70cd18d79e57e0bf99a6bb8967f950

SHA256
339d734805449d7e2802c11c38d37748a5b9171b273359f21514a666d042f256

SHA512
7fb8af770bd534610312ee26df06de01d84d922c6778392888042eb131bf47082cf80ccf6e88a2859b7a527867061d8b92ca85f15fece318c7ccf3f619ca0610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
57ef7671c9690cde6db4ae16bae5fa80

SHA1
c80047cc243573b10507fb70c7255e2e24e61291

SHA256
5af137e07e6483531cc863d9d94318523589791e25024cb98e3b9cfaf253767e

SHA512
7e56ed9ad2844cee944def3005f7dd80406862d1eed244efd7c86a9336636f0ea12a515573ce8c0f4dcc581d204c0d1d71b09f1a7c3f34a42a0f22490dd4127d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0144686f3016c9c9bf736424cf5d77c7

SHA1
255fff34a53eff92f7957ad1a0a2317face97ac0

SHA256
9d3f975147fbe3cfa3c6fe08bca35614c37a2e8a3bac951dc053bc1fe1289e4c

SHA512
fab2baa3342095054c3770d98b3239d921e777119f7e470e1d6fdc613b47a0b903a10ba9ae26f22d607bd714dd1dbf8015430610c6f625ddfb9ee71bec9f8301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
ed018dc458965103f26b752f4b7f6bd5

SHA1
9de4d0f96e337de60e444b4b348a7b7356fd259b

SHA256
b44898cbc596aa442cff0b3e1f53b1813dce726e7d5ac910889cacb590bab1b4

SHA512
6d854288143580bfa8c374976d23900e567693bcacf8faba07ec23f1b6b96c32fc2edcc8d96c5ed7c56fa2392b6606434d319949922d85e58dbf75aab34b513c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588400.TMP
Filesize
48B

MD5
91f6d352195c2c18e17f173c7c3be700

SHA1
6282554724eb67402e3e3f7faaf52eefe77f90ac

SHA256
1e641c29d0dda952008e9fe25e1527352770df6f8c96ac94d78ae0eb596cd171

SHA512
67055c8d3802a51271cb475d3a1d684419b29350851c01ee746c2ec4f442fe12b0ef4640434d4462809d6904f28a9d53ebd27f3a86fa3477d0fb5b786e40df1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
109KB

MD5
c562fa47ea4989854ef27d4486b2088e

SHA1
34a5e483febd20b8dc8ad95c622060b5fbc50302

SHA256
9e4a98b5f4677f7ee5bcb7cfce11154a2856491b851b97923b73d0d19d24f1f9

SHA512
4f78aaa6c4dd35f793e713dedad0a5da95568d701df29eea51e5c34655cc84a725e001efbbac4c210d645c21b0618e640570ad1b5d2225dc3663fe585b1cbdcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
109KB

MD5
2e948ff8572ba46fd0fdc62a74328149

SHA1
3cce6cb0f844d041ec0e247effdac77081c4edf2

SHA256
b8c1b4271291a73ffe05f786c39dc48ffa0a4e81a877e00399791bd41674c9e0

SHA512
6b531651e8a130dfdb2a1588748411290d11d4d185b3900919930b78705ae1de789ed3ed3afa3bf1a407f6ca269428ec1c7757a3854b767d5231f5ecbbdfd055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
109KB

MD5
3553aadba74bc31e32ac0994a97dcf75

SHA1
f0839c3ce9c76dfcc94b1ec25669446ddd7ccaa7

SHA256
ad235a5d9e38391cff84668896a4ad1a8c3798fae9577e5978a12ecc33dcf279

SHA512
cc1d61565c271e552ffd3cf9b8104d3ba3ba50beede36b9761c015b9e2e36e18430e64860212a478439a1ee64c800f65d26931dc0b258b3bdcdffe427ac4b106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
175f73a1fa15f4529da18adce25a17fe

SHA1
f59e92120a7def6a409c37ef334ab98a613724e2

SHA256
7584cfa43645ac149a844194216bc34e042c980edb9ed9229e58b7e638654d73

SHA512
710c10f1e67d1bc1699670c4e29283944cde59059617c8264ba3d5a5537bb509268d9571c1fb7df98f718a53f47bff6db43e9bad5e22c67c2beb66ae5d8ac383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5942bc.TMP
Filesize
107KB

MD5
9417bfea62df7a2be0c6195b9f035f27

SHA1
a8a89f4acbefd690ac52e9c4abbe747a9b1f740e

SHA256
9a616264859c4406862f0646d4c189a0f815976a2e607f093471227e8f7ac720

SHA512
beec558df250c40e95f0a4f1b8410b57e36c64ce07072aed04041319c4639dba97ffcfdff8b5436c87f305b6f57115fcc3c459e5f3cbfa8ee458a736643a590c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
Filesize
2.4MB

MD5
a8402d87fdacd184ee281ada81f3aeec

SHA1
0a2b2d7f46cf6b6c8649d4d1c48c313c2cd629b7

SHA256
e853852e378eb31800ac04c7e2e81649fb0b36040e8fb95f9f50c21c2e603b92

SHA512
aec2f4451898b83582dea4726b384722fffdf22579afeea8046b33316aeb1a8f2a0ecfc3bbfba310778c848729280e936c0e08bc87d0e909e39af7e0b662a5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
Filesize
2.4MB

MD5
a8402d87fdacd184ee281ada81f3aeec

SHA1
0a2b2d7f46cf6b6c8649d4d1c48c313c2cd629b7

SHA256
e853852e378eb31800ac04c7e2e81649fb0b36040e8fb95f9f50c21c2e603b92

SHA512
aec2f4451898b83582dea4726b384722fffdf22579afeea8046b33316aeb1a8f2a0ecfc3bbfba310778c848729280e936c0e08bc87d0e909e39af7e0b662a5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
Filesize
2.4MB

MD5
a8402d87fdacd184ee281ada81f3aeec

SHA1
0a2b2d7f46cf6b6c8649d4d1c48c313c2cd629b7

SHA256
e853852e378eb31800ac04c7e2e81649fb0b36040e8fb95f9f50c21c2e603b92

SHA512
aec2f4451898b83582dea4726b384722fffdf22579afeea8046b33316aeb1a8f2a0ecfc3bbfba310778c848729280e936c0e08bc87d0e909e39af7e0b662a5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
Filesize
2.4MB

MD5
a8402d87fdacd184ee281ada81f3aeec

SHA1
0a2b2d7f46cf6b6c8649d4d1c48c313c2cd629b7

SHA256
e853852e378eb31800ac04c7e2e81649fb0b36040e8fb95f9f50c21c2e603b92

SHA512
aec2f4451898b83582dea4726b384722fffdf22579afeea8046b33316aeb1a8f2a0ecfc3bbfba310778c848729280e936c0e08bc87d0e909e39af7e0b662a5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
Filesize
2.4MB

MD5
a8402d87fdacd184ee281ada81f3aeec

SHA1
0a2b2d7f46cf6b6c8649d4d1c48c313c2cd629b7

SHA256
e853852e378eb31800ac04c7e2e81649fb0b36040e8fb95f9f50c21c2e603b92

SHA512
aec2f4451898b83582dea4726b384722fffdf22579afeea8046b33316aeb1a8f2a0ecfc3bbfba310778c848729280e936c0e08bc87d0e909e39af7e0b662a5a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rrrysmfk.exe
Filesize
2.4MB

MD5
a8402d87fdacd184ee281ada81f3aeec

SHA1
0a2b2d7f46cf6b6c8649d4d1c48c313c2cd629b7

SHA256
e853852e378eb31800ac04c7e2e81649fb0b36040e8fb95f9f50c21c2e603b92

SHA512
aec2f4451898b83582dea4726b384722fffdf22579afeea8046b33316aeb1a8f2a0ecfc3bbfba310778c848729280e936c0e08bc87d0e909e39af7e0b662a5a2

Download Submit
C:\Users\Admin\Downloads\INF_NEFT_Invoice.zip
Filesize
2.1MB

MD5
f3df5cfeb9072a1100d840b7c9f9d79f

SHA1
80fb8522506d3ff89b33f0917549af2befc99050

SHA256
181bba3337297ea023f1318f62bef7d53225ed92854b024399df71857382f49e

SHA512
e1ec232e348a911abb5966728566d581cc0e714c8bd1099ff5ca8179ef54d6a41dca820aa80d219fbbe3775ca5af7d3d3a3b91be495183fbd360363f368a89f3

Download Submit
\??\pipe\crashpad_4624_HOQRTWZCYACOOXHG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit