Analysis
-
max time kernel
319s -
max time network
321s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/01/2025, 12:23
Static task
static1
Behavioral task
behavioral1
Sample
MrsMajor 3.0.exe
Resource
win7-20240903-en
General
-
Target
MrsMajor 3.0.exe
-
Size
381KB
-
MD5
35a27d088cd5be278629fae37d464182
-
SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
-
SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
-
SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
SSDEEP
6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" wscript.exe -
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation MrsMajor 3.0.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation wscript.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation eulascr.exe -
Executes dropped EXE 1 IoCs
pid Process 4444 eulascr.exe -
Loads dropped DLL 1 IoCs
pid Process 4444 eulascr.exe -
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/files/0x0007000000023cc9-6.dat agile_net behavioral2/memory/4444-9-0x0000000000470000-0x000000000049A000-memory.dmp agile_net -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 43 drive.google.com 44 drive.google.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815904315966031" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 376 chrome.exe 376 chrome.exe 5028 chrome.exe 5028 chrome.exe 5028 chrome.exe 5028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs
pid Process 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4444 eulascr.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe Token: SeCreatePagefilePrivilege 376 chrome.exe Token: SeShutdownPrivilege 376 chrome.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
pid Process 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe 376 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4876 wrote to memory of 1104 4876 MrsMajor 3.0.exe 82 PID 4876 wrote to memory of 1104 4876 MrsMajor 3.0.exe 82 PID 1104 wrote to memory of 4444 1104 wscript.exe 83 PID 1104 wrote to memory of 4444 1104 wscript.exe 83 PID 376 wrote to memory of 1280 376 chrome.exe 95 PID 376 wrote to memory of 1280 376 chrome.exe 95 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4512 376 chrome.exe 96 PID 376 wrote to memory of 4876 376 chrome.exe 97 PID 376 wrote to memory of 4876 376 chrome.exe 97 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 PID 376 wrote to memory of 1000 376 chrome.exe 98 -
System policy modification 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System wscript.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" wscript.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.exe"C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Windows\system32\wscript.exe"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C9D8.tmp\C9D9.tmp\C9DA.vbs //Nologo2⤵
- UAC bypass
- Checks computer location settings
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1104 -
C:\Users\Admin\AppData\Local\Temp\C9D8.tmp\eulascr.exe"C:\Users\Admin\AppData\Local\Temp\C9D8.tmp\eulascr.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4444
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc3235cc40,0x7ffc3235cc4c,0x7ffc3235cc582⤵PID:1280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:32⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2324 /prefetch:82⤵PID:1000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:82⤵PID:3908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:82⤵PID:3508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:82⤵PID:468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5224,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:82⤵PID:1832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:82⤵PID:1092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5356,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:22⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5556,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:3180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=860,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3544,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3572,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:4944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5552,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:2584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3352,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3276,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5132,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5172,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5420,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6068,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6200,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6544,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6568 /prefetch:12⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6708,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:3332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6720,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6700 /prefetch:12⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7008,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7000 /prefetch:12⤵PID:1160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7132,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7140 /prefetch:12⤵PID:4712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7384,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7380 /prefetch:12⤵PID:2764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7504,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7532 /prefetch:12⤵PID:440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7564,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7508 /prefetch:12⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7684,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7800 /prefetch:12⤵PID:208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7932,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7944 /prefetch:12⤵PID:3652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7968,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8080 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8220,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8240 /prefetch:12⤵PID:3324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8248,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8372 /prefetch:12⤵PID:4760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8380,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8508 /prefetch:12⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7952,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8640 /prefetch:12⤵PID:232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8764,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8664 /prefetch:12⤵PID:5076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8800,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8900 /prefetch:12⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8908,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9036 /prefetch:12⤵PID:2872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9060,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9164 /prefetch:12⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9292,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9312 /prefetch:12⤵PID:1632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9476,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9488 /prefetch:12⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9632,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9640 /prefetch:12⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9768,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9668 /prefetch:12⤵PID:3000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7368,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9624 /prefetch:82⤵PID:5968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=3616,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:1468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=10408,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:5268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9896,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9888 /prefetch:12⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6256,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9976 /prefetch:12⤵PID:5440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6164,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6280 /prefetch:12⤵PID:5468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5516,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=6560,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:6000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5636,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9936 /prefetch:82⤵PID:5408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9952,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:82⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9920,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6652 /prefetch:82⤵PID:2076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6588,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9140 /prefetch:82⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6556,i,15195035220283428685,14808882089068340408,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1472
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3516
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x470 0x3fc1⤵PID:6052
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD51db7ad1d2ca49f543a94bada9e5808d2
SHA1dc7571acdec8ddc0c94209601a502a91339d8709
SHA25644186278cdc383eeaddf60bdf1bd95064dd5d10b2ea2c679a264a6e6fd6df733
SHA5120072bdf636d1e180aefc1de1cb6918d918464e7da8a2071776fe34c01ef5211c282c124e8c5275c9b377436ca5f8cde4c5a513bfd12ab8a163a880528ecb7a9d
-
Filesize
215KB
MD5d474ec7f8d58a66420b6daa0893a4874
SHA14314642571493ba983748556d0e76ec6704da211
SHA256553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348
-
Filesize
216B
MD53d472d363bd259c5f6045f250a0c9d93
SHA1279cfa2028028cddd051c3fecdd07d3263af785f
SHA256e8a41a6d82856beb0366ff74dc44e694a5466f395d64de2e739ba505f3345c43
SHA5120ce59fac20633d9b0648c25ee173d896f8a2ae1a3856e6476fd6b10f39b410864a4098d0c21576153c0105d1e00d6f3c4e94b8bd141b5bd18fe4ff19a843385d
-
Filesize
3KB
MD5454267953ac0f57caa1cc9083ad5a727
SHA1c94f413cfe095b2a6627d6a95b1e15e1831b8585
SHA25649e290d620740d56d652dca8c95606d393809e3b126853372ecb7039c3f3c1fd
SHA512b9b6b648f10cf59f4b73309f30fa9d7eedfdeedca0bafde91af24e8756cf0fc84f60c693f4d55f8adb06a292c0673bcccb3c3c587b37834198f95a929470ae6a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_uk.yahoo.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7500ef2c-23b4-42ce-ba37-58faf38f1901.tmp
Filesize10KB
MD5c2e957f3873f20ca830a93f8c68d422c
SHA1908fac6a935d29718ec45bf6ed622ff081269bf5
SHA256921165e819f793a8f49bcc2ff92ec55f17fc78d88efebd433c98c6d342562bff
SHA512254164ae0352cfb7f4bdd8151027a223f6ac8a859c4817c207c6091853834eac2a3cb2ef6ac8ff05a580fe524e5b4b8544bbdc9c25ebb9fdb767d3f20999eb73
-
Filesize
2KB
MD5697f8b9322a674e922780cafe1f37abe
SHA1da1e2f20bf92815fb59b15e62fde8f25ac792c61
SHA25656612e4b572043410b2cf957a32757d836f999afbc74a95be74298e40f6b81bb
SHA512e3b1b0cb98a1840a16e1d7f6d0fffe18fc2ffffbf0e91ce3e37511298df31066fd5e525da038177442d617db4ceabe490df330b60116a043bac4df0115bef83c
-
Filesize
24KB
MD53d5b16c6666b4aa44bd95e94c5ad708d
SHA154a48dda70cfb862387f4b7b552175aa228bd685
SHA2562950b47a1dd02078f6c91cc444b10c18d802b2f4c028909fd2b437816e573a98
SHA5127033de0e965b092886a11791b466243c3239fc6e0d1618f75923e90d77c42aa567a5bc7700f293ff49787ff1a2dcaf527780fa65e86629a0082d2a1a179a0101
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5ba7e21ec6b12af4cb4c81fdd6fde1b7f
SHA147ceeec6fb405a0f5ec6c67c07268aebe850d7ea
SHA256f40a538be376deae079bc7adfc1f098e57919da1db87b9a7b956806ce0b78c99
SHA5124960d89e39f469a3553747560d893c3fbfd0ded8cd16dd380f28efb2417e8b7d659d47eb0072a179b7800126e9596fdee25dfe35edbcedc104c55ed37d4f79dd
-
Filesize
1KB
MD50eea9098d3b162ea67b99a2d205b1982
SHA1b9972986d4991979429105f13d98bb1bdd312b50
SHA256980dc1baaedeb90538f3db9484ad68e6eaa21f508de1ebf65c30c0517daaf6d7
SHA512b66787a1e8febf393e522eac8ceca9e1360f7011d26ce623bcf188e546b85f6807fadbeef7145fd0b6020d884bd2f7181b77455c0a663a76f5543e8b03c63174
-
Filesize
356B
MD546c22642e82e60148d69edf2b5207c24
SHA1f9b34c3878dc6379b13a3679aab59f7170fc4c70
SHA2567a896a68e454e1c5c9a97576c5a8a48cf2c9a6ec87cb7e38ec36c4f0ac6ade6c
SHA512a69a95081f5497c26dd7e4df2be60da31c897057f3b5207795ea0f0b6c93a369e691f81a5966625c8ac225029bf4a3bf14f8018357d7faa445da6dc6492134fd
-
Filesize
356B
MD5128ed19c7f2217aa55856e88a402dec0
SHA1d21a556b2cbb5b02eb8e4fd7c20c0d5be4a06a27
SHA256d66631d9e1bf2fe2f8e2b04a5e9102c7075cf22580ce07153f110b203c5cf907
SHA512d3a63cd60fd0ea4ab0b26b53fb599b12c6a420f004a7c837fa700f13c94104f9093f123c96ab93ab22becf31c2d6439e6083cf18a58f53cd365a168770901835
-
Filesize
9KB
MD5d11226e950dfadf73a679022c2f799fc
SHA1cd630260000f299c5abb91b61b4b98905be46ad9
SHA256d37a79656f1c2bcdd2bb2831979fbaffb7a69ee239a02920cbbab185b13291fd
SHA512bbae784af1bf1f24989a4022181b2eb662f5444996ba023335bc070788582f82ca23bdc9ea6fb4ccdff462b18530baa489d2828a0218fff4218b8b5081acb78f
-
Filesize
9KB
MD562003c0291ab36747dfe02380b6db0fb
SHA119c5672448f373e94c5e8054b4d7e1c1afe271b5
SHA256d44983d7bb4f42557857de030884da126fdb2ca80df019d18ac58d1b325d3764
SHA512da83817ea36315adc856ab7737ef8a27d8e9800679d2ae5cc82940fcb460022b8d2ceb7853a722d708d7ef57d2a978603c10b18bea2d279eed2cd34d3762d30b
-
Filesize
9KB
MD50be712176fbe28ab8b5c620e5fd715ef
SHA199be3b724fcacca7869aa845cb97981235756d92
SHA256d49ac701dc58f9cc6517ea00598c5bde35ae1d13fdca3cb85a9fdbe8f1240457
SHA512e5627702a0816dee749cf3641f2ef23feabcbdf7b3966d3f7798a9714cbb4dc13e90afbd82d05eacffc33d84541f63e2a8439f0cc8d19d3463e7947dc657b520
-
Filesize
10KB
MD5b1b403ec090e182b6cf60ddf2e68a3a1
SHA11536e3162105264f4f1286ce32f9aed733dcb12f
SHA2565439d07ff72f2e2f1f670bc6c2e93247b8bc75fa5ebde8a402975ae1b8abba44
SHA5122ced50b284cdd33b5afb1c0020125062aff203d226e404e2b90d07fbaf254a5487d801b7c4ade2946a5d13bafd32b5656c435448567136d997353b8e7c1396d0
-
Filesize
9KB
MD51e4d98a612a32bb2a2328ab0c0c3fa26
SHA17c0d84e07b2f6f5edf0cf3a005bbffad084a949c
SHA256da08ce1b98d518735ec026694a2e82f4ced09d27398101332b2a5e4bd558288e
SHA5129d60a9627c83ac1c9ec0734384d973ac3b854b0753e2df6e4f089e513fcf31238f961d3348ac4a1bf6f1e6cbf9f9ba73d6e7f6390eb73cc85cf9190d488c12d0
-
Filesize
9KB
MD52801513708e146d8a4a5ae7180129364
SHA13b068e5630a63519241f3d61023d4744fc5ceecb
SHA25637dbdb416ab46ded0822c981c41a7b76c8035e9d6e3a620d42a295300a96c41a
SHA512dda8000213062b2f9cc25554e7e708268b3727416c2fa4e6ccdf51aff7195a7c395c2d3abf81372c629d6fbe5a2907edc91a0330f9b8dd543883c5766a77095f
-
Filesize
9KB
MD5ce0051d52d15c7f8feaba1126334523c
SHA148ff6a3d0dd9350690de573828622d920b291d6b
SHA256c7fe4bd1f6526ddeae9b4f8e1f8287ad2697ed1c993327e05d16f5273548b054
SHA51251c5a837a3bcbb4c142a55f7541f443a62698bb4ba75f1b4f3a9b9d2341834a0d2974e5823a9f070976290653cb556393052ce82a8945630652900e1140b3ea9
-
Filesize
11KB
MD537671106b234cf3a90e527fb5173c7d4
SHA1380d615205b2a38f0da8c969d538b5f8e804fc69
SHA2560c4ad090d06b4dacf7e642be00d60b7d273fe878b0833d655de654a1779b0be7
SHA512800102777934f23f8055dd3c342920ca4f7684ada2976881eec27a3f74213369c5eacaca7200ef2bbbeaa903104459ff10baab333d36ff9b1ef147448210e725
-
Filesize
10KB
MD52f13e5d41c64a1f2b37df39b12208db6
SHA18e9191a2baa61652ebd04c565073f8a320d519c0
SHA2565cf7dd54f025ebf05c9cd6efcd7530cface8feada546e72b75e2fb51ce953924
SHA512d64c8c5e51a0b59444d905636ffa0ea305ab16a15caad0ef224d01158070d2097c4a60f193a0e789703af09f0cf542b9a1b4297b546066a3d5c0cd40cd6c0ac0
-
Filesize
9KB
MD5c33da90eace14ffc0ef0e1041ef188ee
SHA1f6e92737043556c8c887c3de69f96b180e2403c3
SHA25672b3c586afc0c5b7c2c173361a5792675a15c375c66229a891a1621d63242ce5
SHA5126188a96cbdf8100c871726e86c29770d76804bcd512ac688328ef652bd056cf17fb2cbc1fe00685f86ad478a5f4f604d7eea9a6636e83cb58791bcf7d8530ce6
-
Filesize
11KB
MD51f00332e7f975919e373422567416456
SHA125908263443a6073abb3b0db1354fdb05f4a5f93
SHA2566de31eccc4d99720141c6fd06707e1abfa5c300e88434c874b362c742c46049d
SHA512d2a266117e6bb777e0e98c9d07eff9766b6ab6ad3a63b3b4095e081bdcfba882c78c82481809db6d310fe92a7c755b9c62deaf588efb5cb396bf22b731116eda
-
Filesize
11KB
MD572a653a6caacf45baacbe0f8f125b310
SHA1ad85cf65ffb656bd29359b7da687bcc196ba6554
SHA25623f0dcefa35e2adc8c09f3d457966d39414ab91fa5d9a8dbce35c93ee069659a
SHA5120749b20b09bac5311c6c81b731590845a750869593582e3478364360ef004d66efcc00a34c779624907d376e9e4e3f00506f39f3ef000ec16774bcea01da6a92
-
Filesize
15KB
MD50f1d84a711d8d2fcad96c590a7ef6847
SHA1b03ee562457800a6269c41bfca68624f7413e446
SHA256971ab68c012212353b1f264f48814392a3b67fd9e0ee8d8eef4ed5402748e85b
SHA5122c639169bce9e78196860fdd19a584591b701b1c2fb1561aaa925d88f8ef121da033e7de7f4884d0a6ca77cec288acd7e2f12883a578d5823f982896ed84a508
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD52d89ebcc9a86a6c06703358088edd0e6
SHA18a890180db52517097e0d218d8de04283bb8d2fc
SHA256992875a06ff3829b8d449817cc82f2fb99eb113ea9acbc238380b5cea4d94c51
SHA512fe0606aa27bc2f843812f91abcd587defa953be2416a7712d1407e98d489820b1d9023c423af56efca8cf808c9d804f3aa405f6e564ea4ce4ad0eb860cf19ff4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD5d6b9e0fbb81fd81080ce8b5990e5a073
SHA14aa60d728eee22add0d354bd06298769ea2f32aa
SHA25601ddf307a15472d8091951cb48a888d01b32ea9283306a9b9788335f7449420c
SHA5127bf0ca40ef0a7552251552bfb475c73f042e2e0db34d5741c7c332792524295c1ca74b8926c810d28cae8d2e91d11db2ffd8e9a97c956b62bf6398a72c32a227
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5e8cf29489f8d41f6e79f4575ded53d33
SHA110fccc6f10b1d2f5d7f59305a3eb179430056155
SHA2564e17545fcd96f4a6cda213e53ff32f749e930af89933eb3574f7352e516c6b17
SHA512b6e1b5ce0055f28a94231079dfdce8103eddcc2152a4eedd0afb5fe9a97b524f8283413a4e6794408f636ddbfb69c919cd165b99d2d17ee92e75f2a69457ff66
-
Filesize
230KB
MD5b4809a230be05e8cf0ded200bd9d58e2
SHA10aec641fe8169aa9a517c2e67a506e629a81dfaf
SHA256481de0e84f3002ba41f18d85a03267a578c9d4ba1f3210cb08debfd14bf2136c
SHA5128718b1c2b428f709c94bde2cfb06dbc03fdd3d0622d3bd0caea1dc8929f4316291996fe311dae2ff56d477dd3966f12fcfdff273f418115741538ad15780a127
-
Filesize
230KB
MD5f68b3e8312e37f460044a9a1f324cd2f
SHA14f12c078e72ef2a7c35c8206202df67209dedd2d
SHA256e18698e50b176c930f4014def19dadcdb367d28f52f04f8bbe093d0c7343a587
SHA512eb5f836dbb5c5c5857828639f855d06db0c21f833bf20c5f055e6208b5ac2fe4dff25c06f3b4d6d515f2f160e1a9d9c6d556799e0e9f1a34060021df5627bfe9
-
Filesize
230KB
MD56fc1a81716b2b58dc3007c9137d1bc2b
SHA1b645007290c020dcaf6093d7510d0f8b921a840b
SHA25672391b4d1507a383b3d6524dc38e9f7f380b649f73e9d5feb86b9a37a5693149
SHA512050154e65e309d62354cfec8fd6f1d15e8c5259bdc0fe7ca2dc98a261f3d19b242636ceff8e41d1d2157a182bd42cec4fed7f267f575469ed0cebfc051571b72
-
Filesize
230KB
MD569db9b24927762b1970458ae9ed43892
SHA135691da60b14d0ae384da8e9172ed0a219aa4a3f
SHA2565fde6b4b0eee3bbc6ec272c8278a628b1fb04a528c6581db35bd5ab2fd666e5a
SHA512ec8895c70458d198c14c11804f3051d662627618239194edc16f69d7f6d360e83d756afe46900fe89203fee97297f2ed0fd02ef0e65b33ab012a13a251d0714b
-
Filesize
75KB
MD542b2c266e49a3acd346b91e3b0e638c0
SHA12bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81
-
Filesize
352B
MD53b8696ecbb737aad2a763c4eaf62c247
SHA14a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5
SHA256ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569
SHA512713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb
-
Filesize
143KB
MD58b1c352450e480d9320fce5e6f2c8713
SHA1d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA2562c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA5122d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc
-
Filesize
1KB
MD5d8fdfdde14071709a1876756c0400e48
SHA1f8b1f6cdf8e94a20adc6dfa5668cc99386687ba3
SHA2560e57dde466b0b18304142bc943714f38e786033799a86a9c2f4109458c029224
SHA5126e015c780834afd71170bc1da3dad024c3ec37caa159ee25b951c46fc041eafad0b4d3e834ee25870585f2a2031ebcdfa4034da681819ef465ccf76d6f025e53
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
150KB
MD514937b985303ecce4196154a24fc369a
SHA1ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA25671006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA5121d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
248KB
MD55c59ce996f4c793d68ebc2b18994564f
SHA11db527752e81cbaf0e3b6d0888563f0bd07ab569
SHA2562194017d8f0aec16809379e82fdbc54b7531c79ca349c2c1bf8e5b1bc4c19b36
SHA5129196a4bb067fd93077610472e486ec614f06663e448fe20bb51fbbd1201cbfe266418ec245f24450c343e348736d216561f2c81208d97ef448afb9ffa7cc1296