hxxps://www[.]virustotal[.]com/gui/file/b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8/behavior

Analysis

max time kernel
354s
max time network
325s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22/05/2023, 12:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.virustotal.com/gui/file/b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8/behavior

Score

8^/10

persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
624	antiss.exe
3188	antiss.exe
3152	antiss.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001b000-559.dat	upx
behavioral1/files/0x000600000001b000-680.dat	upx
behavioral1/files/0x000600000001b000-991.dat	upx
behavioral1/memory/624-992-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/624-993-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x000600000001b000-1094.dat	upx
behavioral1/memory/3188-1096-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/624-1101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x000600000001b000-1103.dat	upx
behavioral1/memory/3152-1105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3152-1115-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292326195790994"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
624	antiss.exe
2452	chrome.exe
3188	antiss.exe
3152	antiss.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
3572	firefox.exe
3572	firefox.exe
3572	firefox.exe
624	antiss.exe
3188	antiss.exe
3152	antiss.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
4140	OpenWith.exe
3572	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2612	2452	chrome.exe	66
PID 2452 wrote to memory of 2612	2452	chrome.exe	66
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4468	2452	chrome.exe	69
PID 2452 wrote to memory of 4912	2452	chrome.exe	68
PID 2452 wrote to memory of 4912	2452	chrome.exe	68
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70
PID 2452 wrote to memory of 4984	2452	chrome.exe	70

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.virustotal.com/gui/file/b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8/behavior
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc949c9758,0x7ffc949c9768,0x7ffc949c9778
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1996 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3868 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3324 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1628 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3168 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1792,i,2647722219379911902,10760037542453763351,131072 /prefetch:8
  2⤵
  PID:4204

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4140
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8"
  2⤵
  PID:884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3572
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.0.1671165301\2104269685" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1616 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b37b5a5-0adf-4717-9f81-cfefd8bc0ad5} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 1732 288134f8758 gpu
      4⤵
      PID:4328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.1.1963869438\1323138186" -parentBuildID 20221007134813 -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce662e23-2bc8-4d18-90df-f1f76007acb8} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 2108 28807f74658 socket
      4⤵
      Checks processor information in registry
      PID:2260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.2.1506428459\116592388" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3044 -prefsLen 21897 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e9750d6-03f0-432c-b1a5-55aa824a59c0} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 3060 28817525258 tab
      4⤵
      PID:3600
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.3.115603870\1851692705" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea8de33-ff3b-45dc-95db-3bb488379d3f} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 3520 28807f65858 tab
      4⤵
      PID:2204
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.4.1901104624\96066848" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26796 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {717fa2e8-0471-4b9f-b9f0-c7f143d18384} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 4784 2881a2e4f58 tab
      4⤵
      PID:3372
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.5.1522086323\1282200906" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26796 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e107f603-0248-4594-be19-6e2112035f40} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 4916 28819370a58 tab
      4⤵
      PID:2056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3572.6.741713754\601046398" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 4728 -prefsLen 26796 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d96f133-cd55-4f06-8a0e-e62d29420cc4} 3572 "\\.\pipe\gecko-crash-server-pipe.3572" 5108 2881936fb58 tab
      4⤵
      PID:2900

C:\Users\Admin\Downloads\antiss.exe
"C:\Users\Admin\Downloads\antiss.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:624

C:\Users\Admin\Downloads\antiss.exe
"C:\Users\Admin\Downloads\antiss.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3188

C:\Users\Admin\Downloads\antiss.exe
"C:\Users\Admin\Downloads\antiss.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
162KB

MD5
08f3851748975142ef7c08a8ea1ce61d

SHA1
31ffb52b4d2e4263a2b5a19195ee1784bc884a15

SHA256
e374d418c7975a482356a79e25f0722ab71616be443cb19d96ef88706937bf30

SHA512
d4b86e69582cf1bc33991cd44eb1db26eff3013dcc7ed34d8b7d890be510ef3949a50332e732c22182a8fcbba418c6ba18aa031a6f0b5b621ea2211e665af3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e1b04633c63d4561f1c22da661394c7d

SHA1
3f549af2fef52070252fb775e3c2c6c771337703

SHA256
aea22941e0f8ec2aca63d516c99524c96c72ed2fb8b885f325e30d51256a49e1

SHA512
c991ba668bc960d1795522b9bb741e599fe0d8a7955dcae54031ee6bd15d8414ac034a3bb5d9648a65c9c213574db5f9f34c746e693a7d4b2343d2e71a97bd9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4d95e9a0890bd3729881ef85354bb940

SHA1
e27a6bd6d012562ec5f8aff3940ccae7a876a326

SHA256
270aa073e05a3225824038822b053ff56cc372a39d99412b1c1f39b299d2a453

SHA512
7243d32fa5cd9b6d1c03b99ef66693df956fa8082d4ac52efc2cc015d2d7f37adeac593fb95134e2602494f23468506c6fcefe6f4a5616e9eb2ce870a40e156e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d9245241a5f504e6cdad5d727c4bfcf3

SHA1
a51e16b385e35134657698d2d3bcbe6cf7445908

SHA256
51a9f1b06672c8f33a5047e32476c2175f70a53b1e5c1056edcfbf9dbf79fce9

SHA512
870409b8eea1632944f24d629f362539430ac04c0a498678fe8f278bccc325e17423fc96d57ac3ee4f991141d449921036b2b1203fd99313abe6de51c218ee7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f3cacbbd34317d2a570bfbb0e234a30e

SHA1
113fcad6fb1245adad2c34bd4d0d8122d22486c1

SHA256
2bb598871dcad64e02010ffe5b86c868ccf1ea3a75691ea4f822dcc1fb40af2e

SHA512
eb08032e1f4d416a500aa948e064422fe10c53486c255e2c532b5fecdfe72dfb2b48abbb5c63d1ef3112886bc38d91b6eecabd8088e652b9183a4947de3c1ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9b22c5eb93364e045a52a66f6ec508cf

SHA1
85db3edbbe3073456ad237d5fa13e6b132eb8562

SHA256
05e23ed9da842184beff50b0f0f4d1dc87c1b051db54c23facea86f19fe3c0bd

SHA512
4411ece2f4eadc4595da6d529e1aaf164a1279c9ee4f8be2e1dfceae5b8e845598798bfb3d41c00509a6a5de39f242c66aac9e38e8a66cbfb620c100bf062702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
09de292821fea22d9613c659a05a970d

SHA1
82c36110bd69df662c1470154926f8df3f03e82e

SHA256
7aab612d1c02792acc0f192e2bf2f24900de6a31a27240602ddafadd949e4218

SHA512
43873ff49649f9935651821ee1ea84bc0f3acb687d612ba2043d81e284c4c039ef288527177942369e7252d2d0282310ebfd32603996b7b1b232e0f071b1925c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
02c1bde0cd40f8802dc04d8e7c5fded4

SHA1
32204abbb70ce6c3f8e8e6ea6663b6d629af0d44

SHA256
45b9fe491275c546ea49a011bdce8c0ae1da8112e75f5be2e5ea7286aba0e8fe

SHA512
2f9a2d9a75be9fec6d8759e38f9af06d0fe17a29839f689f23bb9aaa3944e2fbaf1c9d87a0f555558bb069761877b031fb91c08bef8958295a797912ab0963d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
55bbf6b5c262ddef55cce3aabc0db4f4

SHA1
0cf6ad189f76e978465332c9d1d0cc4b49a210c4

SHA256
51b80ac009e3305b9985b25e60a6e816c304ffb295aef773eb75569713eeaccc

SHA512
757a33d71fce22ec4f5768bca3480729da7ab9000f12d3d08cbf56848a124eb92ce234326b0c30ec81c9e05fec9c84dc802739e400e40290ec6ac921458d4546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
624a2ce4179c10eeefd471edb428c448

SHA1
404e49933ffaa061ee2860941c96305b516281bc

SHA256
2737b56bf0fcc6afb13676b7eded45bf637c7d563c4f51784275ca9537e92e06

SHA512
e30b85ad46eb117557d7f071210a929b8945e9dfe012fa7227c56d31015e643737e3202321d77c6d19324ec853ff3bf30e43199b56c3ee870604f44a8a0741ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ef2522c7c7a9f2767ead6760f8fe7a8

SHA1
eb8ef4dfe3a65b0e2be2e51332a8708143ed1513

SHA256
35225c9b68e6aa63120c48e51020ca861debeaedd102a6805c539a6ae0c667ff

SHA512
ce96229e556963059622f056414ed29a4b0e5a5a13d5ab2d2f58d21eebcb203c7a5c489afce839507d10dc9876825acab5436aed90227c55f05e4a07d17f4e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17f18eabe9ef066d8cccf67ed91fd575

SHA1
8c04f0ba2773bc2f21cb53f87655e84e401b08fc

SHA256
4cc078bd279adac12ce12fda958d23b55ad0966b7d7a9a5109b8e8406146f271

SHA512
82291ee6ebb51aab9a0238bc51166342dff14eeb8fc99445e15f7981dd8b960a3a6dd83056c9825c583df2aef438ba0a747e6c5747d2d01602ffd6db7c9a1ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
877468156f9c23fbfe0000bfe53282a4

SHA1
d537e971cc46fe18f727ba6b46c7cd214a2cbcae

SHA256
c833244796bee28ffa3905078c9e07ea9d4948168d6b10b213637ed4bde37665

SHA512
b772a6b84b99ecd2a23768b15c6abe972efa516df15c016ecf7b4456fc86d5ee0c74effe497706080eda62db731008bf916297010adf3fdab62060bff6044d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5eec806faddcd5278f0474e398a7b535

SHA1
2cc3ae2a5dba609c173eab2333c47eebe9716c28

SHA256
1a87cf6f81447cb2c655b879cf05c31473440676874e37c17ad07e3eb3940255

SHA512
1867ed6461ea0142540ba76b507ba890f48f8e25f8b1fecd36e9f8117d11a3a4dcfb8a8445aaf3da8eb233daa5b1c4c5033c0e24b935aac95351bbfd640c428d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7866abe2e0f6d4c893fadebe3ed48c9d

SHA1
c1e0fefe187658b39637112885e2b5fafcec521e

SHA256
db2ed4580f3e66d6815bc27b640c2b1c469b51f841486c9dfa94401729dcd404

SHA512
664376197cfd9fb15e7f245302087139ce3ea5598471a7bfa70647652fe7a142ca0f1bdca9fc2d7945361a3037cf8bcbc1c42d9af5993f7d6cac4898131ed128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1dff821c566fcba28024fe1c241cec76

SHA1
797edf96252396d745237cd3c0d8899ac980301b

SHA256
d3e02cf080435c404df05fb3dfd190f85ebbd35f266365269a5bcc4b81a7cf24

SHA512
86315dd6a809bb9d22e640bdcc3dbdcf608228021a98426fe78cfd5fc7ee81395a434809f07810ba282a59b84381a78e4f2e78e3f9fc9b30dad1d619d06d34bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aff4cfa9e2e5c53754a0f60ed1c543f7

SHA1
19f4822b2d62ede857f77e01d2cf0e146b692cfe

SHA256
224edb41b2a56bd1b54a1ec86fef123f58acf664036e40bdf6ad141dcac6e1fe

SHA512
a546189ba55aebf19bbad7dc4a661c19a812eec98f590c540b106b37ef9ccf5883977d756fd409bd849d1af37a0859b7947d019b4fabd40a09a0ae5789b14f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\167647ff-8c96-437a-830b-8d453aab749d\index-dir\the-real-index

Filesize
1008B

MD5
e470d8b821f67c622df5f4a49e6422da

SHA1
dad0363cdeccea12c7f6b7ddb25099684b7a86a0

SHA256
823d185c54bfe8bfa7472e1a5477efd9153333dd8707cb8adf4fbca621f7a7a6

SHA512
3a614cc692e39f7da56ef0dd7be23100856dbe94795a8c210681abd02749e6fac18c5601a6a748203a08b5ece065aa319aac2cb5d945662c4939923aa84e0510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\167647ff-8c96-437a-830b-8d453aab749d\index-dir\the-real-index

Filesize
1KB

MD5
db6d652ddc447c1f7fa9b72d64ca5c0f

SHA1
d281e0a627b10eb869f38fa26cee0a4b9cc189ce

SHA256
a3a7aec47e86932ae76f790e4b845f972c004126eb85233feb7270049ce71ced

SHA512
e76671e46e178fad4d5a6e7345d93a854a23de10c6aaa449e16d0fba5a851894e658bcae0ce10fb74ea0bc0faa43763f2351a395aee40e027e110b8df082cdc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\167647ff-8c96-437a-830b-8d453aab749d\index-dir\the-real-index~RFe5808d5.TMP

Filesize
48B

MD5
353c8b4f58d339314c375fc5dad04966

SHA1
7b710ac4fed2c57ae020c8942f95ce1873bc387e

SHA256
3ebcd871b454d09676971c87eaa580d304dd8caa0df38862c4ff10889bd457ef

SHA512
87ab48c7e20e6ded78e9a48a6c5f1f1e4f5a799dff1cf1a89d18c993f766359a83a9f81019acaa6d7dd092c231888f88fc7c70504a2159b6f12e3e934a1d6e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
0fe22c7011ec99c39f0fe5139ac31852

SHA1
eb4aa79b0fabf7605d90e7a63741007cf2c90296

SHA256
8977f2ebeb3c48fe6ca2e4afb738a3128facd78be35061cc510277a0df62420e

SHA512
eaee22b21f86d15deef8b84acf585046fed8b4ab6d6d3dbb6d34f81f05e294a0328274525efc537b6c52345104ca3807608d8365825606723f036a409bf34bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
4523b15a5098b0673cfe7c8df2ec5907

SHA1
c4682b8ba6930b87fec0de912e3c5e4f54ac2ffe

SHA256
6c0554fd30412bb33dd6e6b89b98d16320eb5558db9b2cdda99fe7f349882024

SHA512
3e2751abe4ba3d7333bb77543e562481263afbd399b81d727eb7904265d560aa3aa0a9ee6062403579140ae64c86688b996b03e14c53b15b4809f804cbadf2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe580904.TMP

Filesize
128B

MD5
b61369be06b2c888a773a1b0ba52a811

SHA1
c28cd5120ed621bf6671a2dbb0257beabc33f895

SHA256
c0055f3c096239985b3e93447dc1639f3f8af07694f420824f2b50143e1e9bd3

SHA512
63d4ecaeee4389b88f09839439c1c227c11305465cb158d6f3e85de55c3162d4e1f9b6671e4e2d49b7f12984a39254c69445a112282f367627d0663dc183a5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e63573e8a109c17a9b07dfa69135d5ef

SHA1
05a7eaac1e8a140ee16afca730685a80b2ace552

SHA256
a37db6d8a2d3745f1681e0d897e86174345a32b1c9c9527df1292a47e104a1ce

SHA512
ec39065e39762043f8a70f92e09f2950476e293359229e9c41ff5a903bb0a42bc272aedda5c711d2a44630618eae752612b224eab3d40ba4dd94f8ffe5c496b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5714c0.TMP

Filesize
48B

MD5
2766ee804f563173a012f8c2f3913b8a

SHA1
768ac988ef8ee8056216c0b1b0199e283e100fdc

SHA256
1250546c3482d46b90372bf44bde3ea538fef9890bbd36c89fc4f055c34e2e10

SHA512
3b422cba13fd3fcfc660cdc1886d7faaff5a966ecfcb0929c6f76cb6595498a42aad9dabfaebce62a8a411c31c0bd2cc9879f3389ca6c54e8c5b23bf3f103c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
9fd47f9db82bc923234af74c8e8f43e0

SHA1
6a180f423df2267a588eb8e3000c6c04a5fe7d21

SHA256
af3e9fccb7511252634d741ae5c177b7e6dd970c708af2081b7de90e92085d00

SHA512
d3a517d5933e15a8f37b66f2ad04f24b5acee38dddd5db2eeae2d6237c8efa5fe9c0493254413b93078d1f9aa2cad2cab51f6662782e1ee797db754668c5e386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
f265fcf57e32660dc7cbcca5303c64bd

SHA1
39af7c84e0c1b73278a00302839b89b111c1c3af

SHA256
5439d47d98aec16d9fd6563a57fef93151be047362d0b730cba05998f92203f8

SHA512
c12bb6a7bdca116cb8b9636fe034d86d27e351aff0ab0a10306394c8fe235db631d317f55384377045d65165d4436e14bc95d43100c1d3f2ae8ad5fdeae3dfc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
07960438cd77fa11b2980fe3103e3f7d

SHA1
d557e9619929b50d90f766320915ac450b8de3fa

SHA256
c55543a7739c01c429a04a23e300674555dfb6e789c37673f6e05b1cc1a813db

SHA512
d2f29e70c71ab77c91ce4c91b0973146e703cd5de5b15dceac3da8e97fd9fca66824c5848598b33e8b890bcc844cc502591e75191fed5e2a626f625f8b25d51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
cc04eac7bcb10db2735200828f8dafda

SHA1
1f953b769ff7fd7efb139892b18506f38787232f

SHA256
b49317a78ec67fe6e498b5c2f18375505b80e9a20e43d69523fed4ba36a8be59

SHA512
9d4ef3aaae6fce57be7af2723a8595e64aa68d6f2a27e11f7af4fb86f5caa923629fa844b31c4fdccf6cb9c65c8d7e0df3a184dc09136241cd81b0bc50c3b89a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
cb6e223469ec377435bb8a74c8c10ea8

SHA1
90df3afbed215c0c14a40314dce0bff1f643a99e

SHA256
e53d2b55b8d12bcf0056d1c47b081c0095b79d4ec0bcde8b981cd0d03aa01190

SHA512
f22256a8130b62b0f149e65ede748e05e1b56e67e9f9a6210bd0523c8c37d784de369429cf05fd48aa593ebb5ac445d3b86d822ffe84a2e21a955e9492619eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
a8a025697bb56a1f53539ae53ccecc7e

SHA1
9513a8b1213a7370c60912c95267ff7c49fa7300

SHA256
7404afc10cb3573dde8ae9c9c40c6e02e6242012fd2b70a1e9a40d0d0e428ef1

SHA512
230ae930535fd69419e3cf7067f48fb5cb2e4c8ef736e7dce5e21c731ee08a8bcb5f8235743b640763c5ed64fd225b752770792fc9ec0986a583d4592fa9daf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58390c.TMP

Filesize
93KB

MD5
2a4d77c50d2ec2bed81f8d7534e892f1

SHA1
5e4f40628153d5164743d92f8b90498ef3dcbe5c

SHA256
59250312a98c6d2e1383484514a68d93333af54b902045a8ba379a0bb3007d8b

SHA512
31d5e49c5d9dd60dd0b52782c415e639b5cfb22ba7b385893882e5d791ab7f564a2a78ddf73ea5ed99c5d674ac8ddb858900b675e39d3c5c8e2c5fe416849d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
4bd4e05b3cc0a9f2d8b6fffbd59c498b

SHA1
a237ebffc4ca3191f619aee72e0a6ef346d0e2b7

SHA256
f85742c6c6fb6e053e5e4254066708b149e8c0fe2d6b2e9390bdf6a248cd5209

SHA512
fc859a145ede7b255d91be5d36e7bcb2116633739f1f9520a4116cbb12b38d7a4dd66c21b3df1e10d9c412f1af1868b6ad97db0245a299f7224dbe715c22e4e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js

Filesize
6KB

MD5
fc03769491e92557713bff75b3dcae44

SHA1
a4f4687575dba8a950a014c93d8f9f086a2b68d6

SHA256
3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

SHA512
8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9b9191b9e83667c1c2ad75e4ffed4e52

SHA1
e69d02209ec4a33bde4fb3910fe94fd021cdcb30

SHA256
63531242a716e08be587560e119beab267d6f4889703ea23cbe47860de53102b

SHA512
794a6fedfc3f5ad07e0e04589de025cc9190a0960a6f7bc29ba523d9a52ef2cf4f8684e38ea6e3b134862c05502a29ae02714c7b2bd772e577974b87641b1f19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore.jsonlz4

Filesize
647B

MD5
4b590a6c8ae93f5b76348a59cf202384

SHA1
ee612a6e106e7302abbd26f13e8a4f2c1da1d7ce

SHA256
4f12bf7a369cddfe479b6dd08384a5d576d7c03cc219a7b2743eff8ba7585ed3

SHA512
4f41cd5319314697b113ae1627f8583fe0f003126b59cdd1852b63c1456b8c2c74105ec6a08e55dbcb9f528a1644cf94222972ba55f693cc657f4e9704ac6a58

Download Submit
C:\Users\Admin\Downloads\antiss.exe

Filesize
36KB

MD5
201959938bf752dd0b61b6a111b647c2

SHA1
b260a4344ef06802c69db955b045671dd2533001

SHA256
b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

SHA512
0e3400f7a289183d1c788579598784471b27baa4cfd00f3a94f6fd7fb823a345a01efbfb2453b268a8b876d43fa6fa112e7e8b0e880d856149a11aae11888349

Download Submit
C:\Users\Admin\Downloads\antiss.exe

Filesize
36KB

MD5
201959938bf752dd0b61b6a111b647c2

SHA1
b260a4344ef06802c69db955b045671dd2533001

SHA256
b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

SHA512
0e3400f7a289183d1c788579598784471b27baa4cfd00f3a94f6fd7fb823a345a01efbfb2453b268a8b876d43fa6fa112e7e8b0e880d856149a11aae11888349

Download Submit
C:\Users\Admin\Downloads\antiss.exe

Filesize
36KB

MD5
201959938bf752dd0b61b6a111b647c2

SHA1
b260a4344ef06802c69db955b045671dd2533001

SHA256
b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

SHA512
0e3400f7a289183d1c788579598784471b27baa4cfd00f3a94f6fd7fb823a345a01efbfb2453b268a8b876d43fa6fa112e7e8b0e880d856149a11aae11888349

Download Submit
C:\Users\Admin\Downloads\b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

Filesize
36KB

MD5
201959938bf752dd0b61b6a111b647c2

SHA1
b260a4344ef06802c69db955b045671dd2533001

SHA256
b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

SHA512
0e3400f7a289183d1c788579598784471b27baa4cfd00f3a94f6fd7fb823a345a01efbfb2453b268a8b876d43fa6fa112e7e8b0e880d856149a11aae11888349

Download Submit
C:\Users\Admin\Downloads\b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

Filesize
36KB

MD5
201959938bf752dd0b61b6a111b647c2

SHA1
b260a4344ef06802c69db955b045671dd2533001

SHA256
b7a299a087ee4ead0e827366638ddd79464b69c004e22f2294eb5ba901883db8

SHA512
0e3400f7a289183d1c788579598784471b27baa4cfd00f3a94f6fd7fb823a345a01efbfb2453b268a8b876d43fa6fa112e7e8b0e880d856149a11aae11888349

Download Submit
memory/624-993-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/624-1101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/624-992-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3152-1105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3152-1115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3188-1096-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download