Analysis Overview
Threat Level: Known bad
The file https://github.com/Zusyaku/Malware-Collection-Part-2/releases/tag/2.0 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Disables RegEdit via registry modification
Downloads MZ/PE file
Disables Task Manager via registry modification
Possible privilege escalation attempt
Executes dropped EXE
Modifies file permissions
Checks whether UAC is enabled
Sets desktop wallpaper using registry
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies Control Panel
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
System policy modification
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-14 13:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-14 13:00
Reported
2024-10-14 13:01
Platform
win11-20241007-en
Max time kernel
78s
Max time network
80s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\windows\system32\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\windows\system32\icacls.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\wlp.tmp" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\ui65.exe | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\logonuiOWR.exe | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\WinRapistI386.vbs | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\rcur.cur | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\Crosshair = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\IBeam = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\No = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\NWPen = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733844222641904" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "217" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Zusyaku/Malware-Collection-Part-2/releases/tag/2.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff857acc40,0x7fff857acc4c,0x7fff857acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4432,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5056,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5076,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5064,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5232,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,6583775803078303115,4605694159222772651,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C8
C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe
"C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe"
C:\windows\system32\takeown.exe
"C:\windows\system32\takeown.exe" /f C:\
C:\windows\system32\icacls.exe
"C:\windows\system32\icacls.exe" C:\ /granted "Admin":F
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" /r /t 00
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa393b055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
\??\pipe\crashpad_1764_KMTPOMBXLOXCEHKE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | b05bae2209b20be64060371e6b15ef31 |
| SHA1 | c079821a3265b4b89771836bad587788a601bd50 |
| SHA256 | 0abe089d192b325555a4d84a99cb586af3d679662666b585d8176e541d88a1ff |
| SHA512 | 493af2607a047c13f623122b6897e2aabca973ba0021899c640a08a22f12b9fc23d5446c31ec793ac6bf54571de64b1f8108b45da490b50b28d291e2bf2cf1eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b28a24bfd6e1f823fc1006121a5fd23f |
| SHA1 | 63c3289b65851f1012c13db3b417d1e1b9fdcb92 |
| SHA256 | c1877eed1cd62d6f17e3da3802f91f903182f624fba718400b57c3fa4fccf0f7 |
| SHA512 | 0442d984358900141d42a2bd65bf1f7e5bd335f23dfda5908a8319a483e24577d4a93985dc3bdd651699161f46803ce5e547f5e20c68982e08123caf22657764 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bfa03996ee35b243a4099b0582d91779 |
| SHA1 | bf878db4580da52964bf8dbf71c9a7d80371091e |
| SHA256 | 92d7f21b88f2035c192e8309c27cc919cb9d8d8ca8ea2081f10745f8cdf18184 |
| SHA512 | f9f3ca2286f28802f599be674a1cc247676e2b41f627a458842abe09f06edec5266da60d0f3298b6f5be27252deebd838987f27025fe0b92d1ffe1f7b542a1fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a9d8029aa24378e460bdd078b0fac26 |
| SHA1 | 6a032f6c4d1b903e18b83c3edabca02189f97432 |
| SHA256 | ebb01a27fc9d93556cf1d5692388a4d3996296da1d9000665ca9375741212268 |
| SHA512 | 423f14b3efd05b6b40278c3bc28a281d51a3beca0fe232ae58962c852660f526e5bf784adaae95bd90ab2e54942ab32137e329d556ef802f73e804603175c48b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d4c86991280e86836616f232dc2e11f1 |
| SHA1 | 5819e47d125ad0fe58c63c5333cf7b8d16ff6b06 |
| SHA256 | 67e7c3e84343735927885639a3cbcd87b3ebcb98fe42010315fd15f19f235a24 |
| SHA512 | 783cd9a24a52ffaa67fee9ce11058e462e224f62ed1bbb21bf38c173a778f863aeccfc6b596f00a3964d238ac036b92bcd7f30cd642caeb845238d3c727a0d2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8e0e68879c18a35c7e65dccb8b32076 |
| SHA1 | 8265b2e8152f7c9aadeb7fb0c1b2357b1cd7c04f |
| SHA256 | 55d2e6fac23b5d3ddeabcdb072e2ea4354aae8733d170fd7e3dfabd8e0eab856 |
| SHA512 | 2d5e8671cb24938f5b43c37c293e0eb0dc3f5107f000d2cd936fb3853727c7a9387cbbf6cdf971fbe6e7df411abe5505d2175485f0a2c139b922f044bf496b59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 386e8aad61a9c04cf7e4ac28b9290196 |
| SHA1 | 03873f9caa34b709401f0c9e4ff08929fdde067b |
| SHA256 | 3ff4fc31eb28713b791463e5af80e1d183569dced235ae85b45e2464bac6404c |
| SHA512 | ecf21955679c4ccda84f3d7eee4a5c066d510ea79b5a92eed5e8f66f7a953cfaa4e5333619f0410ae7b2b73ecf4071756fa42304481d0be5d2e09917bbf2401f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a27f78b42a4494f208b762549f9721cf |
| SHA1 | 38494682001902ef915889851681501159ba64d4 |
| SHA256 | 4f6cb47f6b886487797f77416a710d48f67da48dca92d74c5b139d4fcf813da2 |
| SHA512 | 87a353a18bca7ca946d9c4fdacbb7bc7f8dcf529479eee189659f45f5580c6d9a6a8ac0d04016a1b3cfae627a873433d8c29409a04c5b76eb36b2e74626d6b69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | af28c0ad8ea4105b70d3e5debd41dc1c |
| SHA1 | 6b9c084c7825c471ce46e1d7ed0f5c9a67538480 |
| SHA256 | 5bffd8967256c299ddbe63c4cdb40bf38d2c83bad580364082c3800b296c8d89 |
| SHA512 | 140da9711b45cdabe8172892d231cd6f0f0044092f52f2a532bf08a06ae3cc6743586ffdf891a221999f071026c27196532956f8966f8015093182ae6533e967 |
C:\Users\Admin\Downloads\Unconfirmed 553400.crdownload
| MD5 | f2fe1f7dc11f7c2b0e9fec2330b7aaee |
| SHA1 | 8c2aa931e4bdc36d9e8885794525d3e12910580d |
| SHA256 | 074d2a88cc8e779f9ef59a545d37211208c1cf326fdab227dba61b6d8a98bda0 |
| SHA512 | 8f72c7c68a68e2cc3ef2361b2fa3b4639cad741c4614d21b1188b2a4c3df90e53826749f6435fd58b84b9378761caab6815db3451753219f58c1f0780d7b49c9 |
C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 639f6d460b6f951297540f63dfeb5f6f |
| SHA1 | ebefc677ecc8398899ef998207c4d56d7704a174 |
| SHA256 | d0dbc6cceef03b6bd2b99a92adb8d817cf2b04f226efb83f94c656c008d16e6a |
| SHA512 | 71f33e3a4b93b07212fcfd4c7aa7ebbce498538c1fb3038d492dfc00333a54e62b384277f92612eb3a04ac6ce003a417c1d8041a7737bc5ce964b7e18147c45e |
memory/2972-232-0x000000007459E000-0x000000007459F000-memory.dmp
memory/2972-233-0x00000000005F0000-0x0000000001C1A000-memory.dmp
memory/2972-234-0x0000000006C30000-0x00000000071D6000-memory.dmp
memory/2972-235-0x0000000006720000-0x00000000067B2000-memory.dmp
memory/2972-236-0x00000000066D0000-0x00000000066DA000-memory.dmp
memory/2972-237-0x0000000074590000-0x0000000074D41000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 996453b47f9a045e66fe071a36d72fb3 |
| SHA1 | ef922ee3ec0440c4a3eeed5da6451d1859134906 |
| SHA256 | ec6d46b3afd82bc4f06793dd4fbb2e75f1bcb78553ec3470023cb6bec8959cd7 |
| SHA512 | 33bab98dcb86facf6365e3da76fa2773485a77cddbeade331ea4b359d1e597cf303603da50fceb84299943c728963dd8e8dabcde58dee7ceeb324d96b7d3ed26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | adfe11d9d7692a31f0b1755bb96bbc90 |
| SHA1 | f5a75baae09b4612fd471c91c3f91d8581b824de |
| SHA256 | 64f9a4a55e813adf7681639ef4c0d38e1c8669c0d5df624bb817c106ec839a63 |
| SHA512 | 8eaee644df46feab1f53d00005630596448d37638f0b967463f36a0744326fed145aca70889b71b8a042feb11831c595ab535856066625278d6b8629943d288d |
C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe
| MD5 | 44758e777110e8f80f7a31e802716f23 |
| SHA1 | 06e6a9745572fa6e0ce7a93c1d3f564ffc95c365 |
| SHA256 | 45d64586e97e7200705db1072e92a376495d74f6c364763f3eb98dc3df6ce45f |
| SHA512 | 3a828f5a789cbe78ece5a4d21be30bce677b54e521f013df5f2bd02eede5a28f935710c04bd8e77de8ab2e172148187e10c7d667ea60f5190ad2b91e9e04624e |
memory/2972-265-0x0000000074590000-0x0000000074D41000-memory.dmp
memory/2972-264-0x0000000074590000-0x0000000074D41000-memory.dmp
memory/5008-266-0x000002813F0E0000-0x00000281406E4000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c565bd43e384f58c03095cde2dd2fdde |
| SHA1 | fe8ccfee583bb31caf836abbbcee428ca0f6f9ed |
| SHA256 | 104b7f2f187da87bd2b4bdfb50999ec0697a49bedfa1fc7a0dbd18ba8ed69a1f |
| SHA512 | 1aefec1402a4953335dd7709c45d68bbf425a286149b59847fccc6cebc4c8f68713ef709cc36417067a854580e320febfe20b3da77a74a3955bebb152f721e80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f16ee81653bbf506035908c91df688e8 |
| SHA1 | 1e48700927053bffcf44a907fc21e32f7c68c986 |
| SHA256 | 7e3cd68791612df25d29b0bbbe4ae10f3cb79c317588f0002c36c9ade272ff7c |
| SHA512 | 75fbc775be8206839363aa95c2af307c58b6f5927c28a5cae0bec9d4e8804a857dcad8fad85644e68339c094403aa6ffb21d1cb96db822df42e02b3df6e2bc6b |