hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3[.]0[.]exe

max time kernel
142s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
18/03/2025, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1079936892\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_289382176\nav_config.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1271992710\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1271992710\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_289382176\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_289382176\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1079936892\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1079936892\protocols.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867999879792194"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1136229799-3442283115-138161576-1000\{514ECB4B-4968-4B75-BF00-B3107E2CF25A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 4104	3640	msedge.exe	81
PID 3640 wrote to memory of 4104	3640	msedge.exe	81
PID 3640 wrote to memory of 3788	3640	msedge.exe	82
PID 3640 wrote to memory of 3788	3640	msedge.exe	82
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 3680	3640	msedge.exe	83
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84
PID 3640 wrote to memory of 2216	3640	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b8,0x7ff9ca25f208,0x7ff9ca25f214,0x7ff9ca25f220
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:11
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2088,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2492,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:13
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4072,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4132,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:9
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4260,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4372,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:9
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5364,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:14
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:14
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:14
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:14
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:14
  2⤵
  PID:5360
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1132
    3⤵
    PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:14
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6172,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:14
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:14
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:14
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:14
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6576,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:14
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6728,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:14
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6892,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:14
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7084,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:14
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7220,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:14
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:14
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3416,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:14
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:14
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4440,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:14
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3952,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:14
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1236,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:14
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6624,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:14
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3984,i,10504485274681220685,11666232039129937939,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
046b1cdbd636e82e7711ea1fde31d7e3

SHA1
f5fa4183cb259a99b4148ee957a5f76e80a77ada

SHA256
40328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a

SHA512
460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cbc9fc2d9ad2df85283109b48c8e6db0

SHA1
721ea0dfafd882d6354f8b0a35560425a60a8819

SHA256
7c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe

SHA512
09594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
11b32aec74d0a26b7137804f24d2f536

SHA1
1280c2b889ba651ebe74f919ca26f3c3645b6989

SHA256
699bfa8a7508cf0c8bfe64413dc6d39bd2790a6194825e2218f6224b8488c89d

SHA512
d11daeea54ee0781e992b3e2422198d27a4b0e3d127e10526ddf8f471691ca45ecc309bbda0da7c76e3cef60a44a86936374bf2539b085d305c466f83cd3904e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580848.TMP

Filesize
4KB

MD5
2e6c59720addaf80422d0532b4cc59ff

SHA1
67333553b6d2846ebcc8580717f9e71bb77dd014

SHA256
00018f64cfaaaac4faf6bcc837a1c6a383d57b80f474b4faa4921d25f4788d20

SHA512
6b723e8daf2cd294c2fafa67563b3f915f3bf1edcfc87fc00f8cfe022de613d79d3102a58672e28b1815290d628cb44d48d4298521cd0f6037df2bcfcd286592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fc9d20f8e9f33e87bee01f065d192b90

SHA1
f88a9de945d1909babf9ea04bec304e75f4086d1

SHA256
2d87dd1d2e498d3e63bc8b397a3d6a1ab5ea9e88e73a291c464b32724561c9b8

SHA512
638c9abedc1dd0dc3cb717f59e0ec26d5fa82f368c560800c0eff543d273035036feb12aafe17f1eb3413968ddeaefbb572442c2079071d320a73e53801b07b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5bf696182680a2477c8df726d4822960

SHA1
5aa044187ef6b3c438b7ed01d5e0faf1c7677ac8

SHA256
bfb8304c5e0b662cb69a68a0ab1e7814e1c12e499ab39f6bfc9f9e296d39dc55

SHA512
5cac0da63dedf5bd17582e3e6546478db69452d8ec1e20aed8a7399cc7fe25aa3f5b5f3cd8571266179e446efb740a1ac7ce72b2feca9c6f8ca6b0281e17b7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8730b54bf3292f67a620b0d480ec770e

SHA1
a6e4c7f57978d4f44a347b03877382010d76b0bd

SHA256
19c3bf1b1c68b8b8a0a74ea25549257119d5b380f69b2000dbc1126c57ccf40d

SHA512
59f7ea69f3ea3891409987abe74b0d2663acf03006db370c77f3a290d621902aac29bba5693728e00f78a893b085c20661e471b41a661f352d3af94a4084015c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
c0b46590a6d87cc72c2d2386d9c84dfc

SHA1
0e602f47e61f95ea97ff7052e487a0d556cbc485

SHA256
663d6f9574b764411566e2f69d5e5be2699121dee8836f1198e9e052362f2879

SHA512
070c582e9171b9c116c40d0664be5d250533623fd86a85350d8d8d13a9eb6a8bb345f90682b5ff703830f5ccbe08a087fd485df7c42d7c8622b5af8acc3a82e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
1ae25f587f03c28ec4de099983d60843

SHA1
46481c41a5ebff8afe84dc0ae7abcbd400d902b3

SHA256
003464800d824f86ee643358c8b924ef77785aea270a91014496af8cb9a01804

SHA512
70a749cc539c98d6d1fe785978e005a368a1f6900e8c325962c8146b77c584779a8809655dc6369ae816448a8b32d73bc7ce42a3a35c75dea5d729bf4aaecb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
4360cf3e789f22710379927f57f057b5

SHA1
04bfe23e0bff43861d542990d308ef0f172dc4f9

SHA256
c01b4e6b2dcce11c8dc83e834b44ec710b0593ade09b9baf1b1250728ce212dd

SHA512
b713ea2d14ef994b962b1775d51512aafae182b99308e1d7bdde41b18d7eee0f2464257ed73f221c397fddd76be9533afc3761be4b68fa314d6451036dcb5da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\52f8af8b-3048-491a-9af0-bcaa8ff4c2ab.tmp

Filesize
20KB

MD5
622cf13abe8c4ba81acbbe4070f8d70a

SHA1
29c39577de789602617632a1ee745e5897805fa7

SHA256
b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4

SHA512
25d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
832c5e130394daef9baefb4f920d379c

SHA1
0ad75c968e21033e70276271a0320bb8003ca4ea

SHA256
d2930a1447f219708e233f60c55f2de1df3fc5aec10e44a89f5e7c1543dbcb99

SHA512
9c6dbe0cb469ab0e64ef015fa96d3c18ca985d704e593682f7a60186787eb59e015edb1a4fd56b82a8e7d53dc445ae992b0edccc2b0c981951217c434f747c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
21KB

MD5
0f5afa1f86001c80f7105b531b21225a

SHA1
42b2b8eeabb20373d051b1b2a467c31dd0542c11

SHA256
7494b439660c07ccaeddf7c3161ace67d19c14bfe114456bdcc65ff29c94f159

SHA512
5fa1c99fc4261af01bce604aa4f21e2c849ba68e8078c623057c5291d9f5106dc1f5212f0c68d3b1f93a247439dd59bd5e562a0a2a4aecb7cc891747b1fa1784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe588bd0.TMP

Filesize
467B

MD5
755f86a22862369ffe750540605d22ee

SHA1
0ffac1008d5b8af57a787fe5cb5144499c18ad17

SHA256
bf7b31c708abbb611bd687053ebe3b1c18336989e83f692eef6e5555166c1d95

SHA512
d0b9f8da3295008d773a7dfec09c6038bec04e9433dbe50dd6abfdc106a6436bd589978d76c568c7cf867c8504279c47a50cc300b1af079807bd75c484225d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
46857dae6defa5e1e96513c4b24f86b5

SHA1
4fa28c0821b632e4fddbddd1e93b3a4e18f336c4

SHA256
c408929c4cbfd373b8802eb95c8020833f53cc730382e9fe6182be00e64b1657

SHA512
420e082f540ed07014991cf83f7e10b092b87e09edff68b72e3b32ca8a0e4fe703f42c9c3180d88e2ea0546e65c046724af631354c260fbe9a2fdb9ee5b3247a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
489268a409363021952523dd92521271

SHA1
4ea1a8d091ca3d8a152a48c00f9f8a9ffa1bfdee

SHA256
13d0844f2dcdd4c3d0d995295b165dadf24059ae0b4e7b19519a328dd870dc49

SHA512
7f31886668ab671ef3c9d00a71ff51961d0efd68a567edc23b9ed23976245add93e78abaf43db959d8b2d52219be6255611ea5fe8c3c1ecd94e681607b6aac91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
2755a417dc0e934b3572012d856faf3e

SHA1
66b2646b31d81d4ef0e99023e3687170e3a0878d

SHA256
1cd22c892ec189744b4c43d3a313208497fc2e003ec6338073a5a62bf0153e3e

SHA512
7ae1f881364c184e5fd5fabe1b246029ff9d5a2f078d3e081db9e13323cca3a33e40b7d1402b68988f55ed2271a995141b93c0b6351df13a4febe71567754fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
fcbfb980c6df0052ed05bd3a9e672508

SHA1
c6b6ffa41d712a109330a69682fa050d5c2368e9

SHA256
c4a9b26352daf39ab43202683c288fd738de77746f91901c9984b37d75f97503

SHA512
655647305bd640779d0b638db9b5e7755d0578f96540281997e788b885240df48376c77f558cadef496dab1850006b2764ccc768fdc298a6fe3550054f42094b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f10250c-22ad-4ef2-986e-11649796973a.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\f76ea033-5521-4432-8da5-7fa449bde2cd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3640_423703125\39188520-e447-4ace-a602-26a2c7c8d77c.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1079936892\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_1271992710\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3640_289382176\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit