kutaki | hxxp://doctor-fateev[.]ru/NEFT%20RECEIPT[.]zip

Analysis

max time kernel
499s
max time network
498s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2023 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://doctor-fateev.ru/NEFT%20RECEIPT.zip

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 2 IoCs

Processes:

NEFT RECEIPT.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe	NEFT RECEIPT.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe	NEFT RECEIPT.bat

Executes dropped EXE 2 IoCs

Processes:

NEFT RECEIPT.batfjlljnfk.exe

pid process

3636 NEFT RECEIPT.bat
1772 fjlljnfk.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3636	NEFT RECEIPT.bat
1772	fjlljnfk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133458113449356928"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2696 chrome.exe
2696 chrome.exe
3368 chrome.exe
3368 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7zG.exe

description	pid	process
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeRestorePrivilege	4812	7zG.exe
Token: 35	4812	7zG.exe
Token: SeSecurityPrivilege	4812	7zG.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeShutdownPrivilege	2696	chrome.exe
Token: SeCreatePagefilePrivilege	2696	chrome.exe
Token: SeSecurityPrivilege	4812	7zG.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe7zG.exe

pid	process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
4812	7zG.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

NEFT RECEIPT.batfjlljnfk.exe

pid process

3636 NEFT RECEIPT.bat
3636 NEFT RECEIPT.bat
3636 NEFT RECEIPT.bat
1772 fjlljnfk.exe
1772 fjlljnfk.exe
1772 fjlljnfk.exe

pid	process
3636	NEFT RECEIPT.bat
3636	NEFT RECEIPT.bat
3636	NEFT RECEIPT.bat
1772	fjlljnfk.exe
1772	fjlljnfk.exe
1772	fjlljnfk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2696 wrote to memory of 3720	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 3720	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 2036	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 212	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 212	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe
PID 2696 wrote to memory of 896	2696	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://doctor-fateev.ru/NEFT%20RECEIPT.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc36a9758,0x7ffdc36a9768,0x7ffdc36a9778
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3660 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2812 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5688 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5696 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5864 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4532 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2804 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5288 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6184 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3132 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5048 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5240 --field-trial-handle=1876,i,2625940562420105590,3845693915497587935,131072 /prefetch:1
  2⤵
  PID:4964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3648

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT\" -ad -an -ai#7zMap28419:112:7zEvent29869
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4812

C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT\NEFT RECEIPT.bat
"C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT\NEFT RECEIPT.bat"
1⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3636
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4056
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1772

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT\NEFT RECEIPT.bat"
1⤵
PID:4000

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
0d2b298e8fd6fcca0fa962e124616c5e

SHA1
34e02991828b5d0c48ae990ce1f59213e7ec0339

SHA256
97825f1284564b8fc8b10cd179ca192106a35145998e5dfdf265080f6512723a

SHA512
adcd362cd92eea224914ded1e294b6d170bd2d8eaa1e20f320d9178a58b9f6e5b2c76124dd3dd2bb0e1a81672c383f360178014599a1c68bca69252e1d7138a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f9299b3b06d28ea7919eee346899baa

SHA1
18b685e72187d14ad8363c2d719f71fec010de69

SHA256
0e10ef374dd24ab167bb4f3245c9ce507cdd7800de7450abdcf52280e745883b

SHA512
5a0755c3679cabfe1491f30447f91373472ed2990f9858f6890f06ed3d5bd2a786874f07150f661a6192cc1c296c44aa5e536410e07f9e25d2c2c579d9cc230c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
28cd0f5e3b26402375268973ff83742d

SHA1
656af52d1fac73dc2cb4fded781f6e51ba830275

SHA256
8c18bc058ec296670e268f1542afa14166e0209c1450efea2a677a8f1683f59e

SHA512
1c354a14da3e81c7f77eff30223ea9eacb6f2ed1581043c84a450ad48b6b08228e465251ab23d03cca49932e7e9509419da5da3bbe036e4cf82416c3f0b0c7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2e2e6b23a0c7924513af1d80882d01a9

SHA1
86f8c64ffaa52663806bab7d647f0d0ea8e50c65

SHA256
a3b103cc6efcb94ba926ce85fb1dde4328ccf86a212f57943c36d30baae00da3

SHA512
4e031ac9a3ae382b954cc97d6e552d0b30e61d6f2fc051546a678495c488944c32f59b71ac1809fdd72f951b080670b6e3cb4008c5f1cf26ae6f9c7d27be7b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a54624fd26d44046493dffb9d7ea4b74

SHA1
dc5aad89b91facf999b2bd465ea0373a444e055c

SHA256
ebdef786499781be0f5e2521b5714f03246e3ede59bcec24a607411f2f305997

SHA512
b49c4a8ef538452c53029e9ab04d252aee93f9f93ef0be8c14448ed1e8695f5d005172ff52b316d9d6951224cbe370f66379966075b46a45937db9f5c77bc93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
225ab111048762049b15d9fa3fb24a77

SHA1
b1b9a2472d78b6256e5cb1cb96ba9b416b021b6b

SHA256
3b71d82b3189062802e06e5f7cc1a2e449514cdc16d8c62d785ff1a425762676

SHA512
058647fd15b9171a3bf2755c159cfd163b5e389c47e800ebd466875730650255d1b4086a0fde9e264e8b3c97c62436f142e196a09d22127118eb4cc3a43f4bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bb9263e8ec700e2f49b4c8e32335bc47

SHA1
511fa4204b3c1742d6ac1f9757450aebfc2a21e0

SHA256
1f435745ca673c24f476f86458af66d56a73b927f166c2059a0fa881f73c1ff9

SHA512
c61a05cfee279e3065c4b5a14f158cdf0443df069178a060af9d2374ef9441a905c355665ad582413447dbef6c3d71fdfa9be39ef102b4e755f3f7dda13ef0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e81a08da77e10ee323d86a78da1a037f

SHA1
b9112f0fbada94d8ce62db59ce44b27612cc571a

SHA256
8ccefbde150179248fc7d21f5a3d7fe8220faa1304d4b44d5f4d85b6f84925f6

SHA512
bcb26b58171095313e458917feaea690b14ee92262badb7433702e39b1b5e80ccb2d5546d35bc6fafda59e606831cd21245a7d3a224dc0ba9374ef972b2dcb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
c062073880aa25d23902be808c776279

SHA1
220bd46ace852677efe67e1546b63c3b2ab64cef

SHA256
3a3e1851ac79bf0c8f791732e0faf64ad1c76e5d132665d7dbc5fe2f9729bc0d

SHA512
b81334de629cb759f1417ad317379acd08cb6aaf9ccfe2220b66d40329debbffb178535e87138a6c557db52a4fc6883206e66e15e310708341548664d266b4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
865B

MD5
364cfa132673adfd5728a089cf842615

SHA1
db047cba859665826c9a2f20f7e5738ff3d3e845

SHA256
e860dafe4ecf9757a60d0f610c38ce41d018b3d8e8ae3f786daa2f45ac8462c7

SHA512
bea0caadcdb703ec8072d2784070ac2aed623ef5923c2d176de6f59489bbf82439cd1c88a5258a29bb7391a49493b53937ea41c404978fc09458fc6ad7b1d90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa9ec3c643cb2fd68b30cef84545cd8e

SHA1
a44789167a9d6b21c724d2f5c738a0808f1d3b33

SHA256
8ce0459355944aafbb80c35ed12115848f8e3e211135351af9e2081c2303fe6e

SHA512
782bd930182f4ef31234393a9ec7f7ae32b1f1b7e79c13a95a735b2da56277db0ec0b6edc047fe6fac5fff67e5559efef944b90a54dda5def397b4dc83776d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f0e332ac931255006bf8bc95e4c3921a

SHA1
93f00660597a97b514c5e7efc36d4a8ca5acef56

SHA256
730789d54569455ee26b4162c4051d761d6e51b41aac65caab2d3d3d8f35d1a6

SHA512
d9336b79294a39271f5bd2ebbd9f397a06080cdde0ce3df4adef24b0f23c82e6d7f794fde25bc3a8b70151ff2f20df9f97a65b7fd48ceb89db353222885d25d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a57acf89cb427252635ffcbbc3167263

SHA1
c019afdbbba4f30a5da64e67ff66f6317f86e00a

SHA256
1091ee11a26983c1792f5c3f5abb738ce96d4d311d96207dac45bf56d908f572

SHA512
d7a16eed64dcfa9473c26f4a5d997c42cf6f3f91e07540546b228c3e70400cf3360b1e334df9fa797f9258c543160df7bcdee7a790175e43e542abb94f2cdb36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8b679de4c4041e12fb0f5f445a739e46

SHA1
2a4d4165ba437544b4202463d6a156cb19cb01e5

SHA256
18ad067c55f9306168a09898a646da06ffcb8c004c8dc0f8aae6ec042c2014af

SHA512
3bf1f19d7965b17864a1ea63ea4be4fbc3de4a4c09b2a5dfa8100ab9f30beb891e875eb242f918efb3be8a53c4edd299f6668bc49a8b329abece77fe7da2de14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5cb229f9288db236a30399126b30426c

SHA1
463a1768a9c9c307fd2e84d99842a5189e4d4845

SHA256
eeb73da89bb280897ac0a5c153e3fb97c94be86c71602c4b83aa12cc657a0717

SHA512
2314bdbdc8ccdb945d9523af6aabc306503eb56698516970db735271e228d87efc9b6ea9f8e855182083237ab030bc88cbb694abf666a907d06273c0465156c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e0898f809de11f7c73bf62806005f64

SHA1
1c881516e5f959138c60b31b4d3d124537e5d4c5

SHA256
0189ff8618cb12b16b7690964e84b944e33fe4e3e42b8d8187f52b0b816f33c9

SHA512
9e12339c6fd6db182c856839559b7cbe0bf1fa8d1fa52fd66168cf0242e41a9b89f532199e0b15c49c1be1937a2035e2cc832db8c27339b8c64fb18054c11730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c8dc1.TMP

Filesize
120B

MD5
5e396fb0900be4d6544d143cf8c41c5c

SHA1
101330e2bdadcd8394f026a862b40b0f419d69a5

SHA256
14b62dab69f558fd41cd1a7feda27f16697f7e1c7a0b36d05247ae86d34a2fbf

SHA512
760a52883cb12b867aaa210836efff180a2c4a6940b6e8b410df0256b5a6a9173f3dffbd40788da3a7da1b3c1113cb9017ee331df4d4935c1779bfc95be3eec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3e3e047056e92d256b4eb5af971fa4ca

SHA1
96d9bdbea11c7ff52a85fdd649983a67682ab91c

SHA256
dc44332267428936a9d9d3af607ead3569fb3ddfaf7b3dbd9d4e2331119c6d68

SHA512
114b835c1f77a22c9f6dfa02aa08c2e145a789920b35a84f172afcee9472dc6e9c943357febe61857359c1a155e7a96de7491594d26a5022c140e250a1dd33a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5abb23.TMP

Filesize
48B

MD5
02b01b13d909ceb8bbb69ef3a8a0a96c

SHA1
0f5000dbaa1843f53bc91a2b88a64b40186556c9

SHA256
2413153956f4e2e115953663d880e1fef6f92fdc985edb9a50ae002e674dc2ff

SHA512
c293d804131aad3aa8fa0ed5551d42311faa19f7372384b66ec7474c2fbb100f3043b35f8fab33314703c993c5e8a0d87759082dbb9726dd6803f11ea9eb7869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c281f145-0ae0-4a20-8c75-82cc86bfdb97.tmp

Filesize
6KB

MD5
cc1a362c6175cf2a97a04e73036a6962

SHA1
5d4166d73b4f963e7589455097f078807d65efec

SHA256
c97d429113df0fca11de1dd0993d87850b010b61fe63a9a7aea8ead7df0ced12

SHA512
b062a0b022667a6e0d118afdba67c5fd755e09ee710fdce196f680e86cfd8baf4f3d1c4847a4975536f5ace5a102427de39ec4570a98b0039705ff86d3b03f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
f4106bfcfb57aab0c506199eff158e91

SHA1
bdff1feeb27318e88f6ea510929f72e9d547a8c6

SHA256
7bf90a1a3c938457a53f743cb993683b1ee0b74a4e15ab89939a7650285a7032

SHA512
d03aae0c8adc2c5a15e21697beec7b4269b2f282a46f23b6c24a7ab7e817ec238d4394b7e660e6b79367a8522f42c6e6ab24a128db81ca9743591cc80b41c23d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
0adc9b84a3763fddf2a4fb4753da4f11

SHA1
1d877aa17907602fea34de3727e0c28100e3e358

SHA256
5129cbc960cbdd42c13a3d26ec4699b41ae6b6db1e962c0f8b010548f2a474cd

SHA512
f2d936b9536efce6a64c3292c7afdda59bc66b18423b17d81c03a208044db5da9dd232593fbe507b4afb31499bc3505084bb508bde474a8da0d10099af2306b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
ccc97d2b3c30d1ca5386390de5a603bd

SHA1
50230a1bbb59946149eb6d9b50680a9bbe3f5176

SHA256
3c47f6a62f602cfce3a5f533c7a2f2835653fe838192b8b3953c1bcb223ec8a5

SHA512
e5b60560b326e33e59f5a2270f06e5fc1b9437305ac9598475d5e353f586db6379bdb76099208211b336f645ff2c04eb1596fd1ad3b4359d9fdef781d2d1523e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
8c897f4652b28796f1d081d175b3e61b

SHA1
0a48282b282741c809e27979bb4463877013835e

SHA256
931c57b19d7ab66de8f2f6f7f8c405c6cdea5509ddb6e1d7edd23ec7dd3880a1

SHA512
5833c6b6785ea95fa6ea0d85c9e1752b8364b860cdff49a04ff98d911a464eda012390f24d63a88b9082b5e3d7b7ccef2a6c7b14a456df07b38549206b875d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
b578dc2a195af45de6ed3eadba83becf

SHA1
5065dbd2173e19b1326fd0465c7ff518cfaf278b

SHA256
112a805663fb67943817ddf7721c6a4feddfe6eb1103a38f051f6a661942a5a5

SHA512
ca8ea26a7812b414604ad13a579d67075c2359e14bc3e57c64dc61cb30a122609d23342da836a6e538076888c7eff1141e725076d689230c018f595a7212224d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab547.TMP

Filesize
107KB

MD5
5b7c35222a1f69afacc916924e059386

SHA1
99a74e7695691e743f14587bac72e7da7ab7b656

SHA256
7ec69738472f2a77b6e0dcb3c9d50ca3837b4bfacc95f352e259b8a52de8ca64

SHA512
aa4435917cb8a14de371b8ea1f41b7bec1a5e09c05d5bba6e330cae55c0a9b3fdc3e6d3afc3c038633e9cef513ebd448e3d16d680df8b579f1f4bc1d287a0ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fjlljnfk.exe

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT\NEFT RECEIPT.bat

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
C:\Users\Admin\Downloads\NEFT RECEIPT\NEFT RECEIPT\NEFT RECEIPT.bat

Filesize
2.4MB

MD5
5ee81a84ebf389055aa233770b09a710

SHA1
45fe4367dd86f888a70e0c82b899a6602596bfff

SHA256
0ee72014a5767e3f99297e27fb4cd66fd8cbdf8577e494e9eb6aea61d4194626

SHA512
9208ea252f5d899fb7337052892175241bb2fa9c4943113f6731cccabb2a36dd94a44299b2e207fa760df303b53171af309a7c00580bfa0b7f67896054eb54f8

Download Submit
\??\pipe\crashpad_2696_KECBGWKFDUXVVGKN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit