hxxp://Google[.]com

Resubmissions

24/03/2025, 19:52

250324-ylh9bsykw2 4

24/03/2025, 19:48

250324-yh6kfsvvgv 10

Analysis

max time kernel
122s
max time network
113s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
24/03/2025, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

10^/10

agilenet defense_evasion discovery trojan

Malware Config

Signatures

UAC bypass 3 TTPs 2 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
122	4820	chrome.exe

Executes dropped EXE 4 IoCs

pid	Process
3936	MrsMajor3.0.exe
1356	eulascr.exe
556	MrsMajor3.0.exe
4244	eulascr.exe

Loads dropped DLL 2 IoCs

pid	Process
1356	eulascr.exe
4244	eulascr.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x001900000002b343-1534.dat	agile_net
behavioral1/memory/1356-1536-0x0000000000590000-0x00000000005BA000-memory.dmp	agile_net

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
125	drive.google.com
29	drive.google.com
30	raw.githubusercontent.com
122	raw.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873193115376653"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1136229799-3442283115-138161576-1000\{32514DD4-899B-44C7-9F5B-65A9CBE7D116}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3936	MrsMajor3.0.exe
556	MrsMajor3.0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 4044	2360	msedge.exe	81
PID 2360 wrote to memory of 4044	2360	msedge.exe	81
PID 2360 wrote to memory of 4404	2360	msedge.exe	82
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 4404	2360	msedge.exe	82
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 2440	2360	msedge.exe	83
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84
PID 2360 wrote to memory of 1900	2360	msedge.exe	84

System policy modification 1 TTPs 4 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x218,0x7ffd4d7ff208,0x7ffd4d7ff214,0x7ffd4d7ff220
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:11
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2220,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=3024 /prefetch:13
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4044,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4112,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:9
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4140,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4224,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:9
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4228,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:14
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:14
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=4144,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:14
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5364,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:14
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
  2⤵
  PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1136
    3⤵
    PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:14
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:14
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6292,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:14
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:14
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:14
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:14
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:14
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6912,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:14
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7080,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:14
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6904,i,12637989540178205764,5020424039646132015,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:14
  2⤵
  PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4d27dcf8,0x7ffd4d27dd04,0x7ffd4d27dd10
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2208,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2252 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2364 /prefetch:13
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4180,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4204 /prefetch:9
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4564,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4184,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4500 /prefetch:14
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4804,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4168 /prefetch:14
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5288,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5300 /prefetch:14
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5496,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5512 /prefetch:14
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5696,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5500 /prefetch:14
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5300,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5572 /prefetch:14
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5328,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5644 /prefetch:14
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5524 /prefetch:14
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5860,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3628,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3568 /prefetch:14
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3620,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3328 /prefetch:14
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3492,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3508 /prefetch:14
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4172,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6052,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6080 /prefetch:9
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5640,i,877633608948587662,11421820525505843936,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4108 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4996
- C:\Users\Admin\Downloads\MrsMajor3.0.exe
  "C:\Users\Admin\Downloads\MrsMajor3.0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3936
- - C:\Windows\system32\wscript.exe
    "C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\EAD8.tmp\EAD9.tmp\EADA.vbs //Nologo
    3⤵
    - UAC bypass
    - System policy modification
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\EAD8.tmp\eulascr.exe
      "C:\Users\Admin\AppData\Local\Temp\EAD8.tmp\eulascr.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1356
- C:\Users\Admin\Downloads\MrsMajor3.0.exe
  "C:\Users\Admin\Downloads\MrsMajor3.0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:556
- - C:\Windows\system32\wscript.exe
    "C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\5625.tmp\5626.tmp\5627.vbs //Nologo
    3⤵
    - UAC bypass
    - System policy modification
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\5625.tmp\eulascr.exe
      "C:\Users\Admin\AppData\Local\Temp\5625.tmp\eulascr.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4244

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\73999b3d-d069-45e0-91fe-b723aec10cc3.tmp

Filesize
10KB

MD5
0d21c6b586e3a1f90b2f8f89adaa9195

SHA1
cc47cae03b3c16a0fb738bae253c173b57cc7d49

SHA256
4d3fac9d0ad4dcca9fa34d64ae217c48b629cfe68782b0506818f4e392b2ed78

SHA512
bbd3612f5e7efdeddc53e22467c86500baad02fe16b7a96ec5990a09922c5610743d2b4b8b453ed1954f8d351bba87134f5ef2d6d78a7c62bfbffdc529939230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b6506e559e6ccc4a024326ce0fcb37e9

SHA1
20c0c6be918f0bfda842c37a54c34a28ba03b042

SHA256
91a59382863a6f6e3ba541b126c516cc610528a57dabd22dd35a25c03870ff9c

SHA512
e6ad16da289ec1f55b6731db01b9810265b69ab7bf9898c876cd81c8e599ed5616724704da3507743a35c7465d351532c30040e80c2fec7987abe0241ec32c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
652c4904428f771c48f946d90b43ea21

SHA1
858d27e92c9975ecd93d6a5817141f2773369933

SHA256
ccfca76bfd5468e781e38223c5eb12163352ace49b81fa42cc77bdd91fd42739

SHA512
6df4f05d6ebe8cca5301091790e0ad6205b3d0293348ef10109891a1fa37960f0265590df3fb1b917d04760ed228c504c09ae5e13c0749ec788baf3e9538f6ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d67573ed0057a238770bedbdf5202b97

SHA1
dbab5692ee2749844468a9d484bd8f1fb93f1c6b

SHA256
8adc5accf3e16e967eac6a2201bff15d51f9f104df5791f955a7e3a896a33c20

SHA512
e2764847e4a2c90419839724d3c603e8466f4586bfcb4885b82bf2a257f2625ad1c9d67c23462c246f0d6788dd70f57f48fc3acd1128fdc631649b4e09a8b49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
db37d003a69d591209a67741518e05c8

SHA1
4fe52697b821246d4f32139da16f2cadf1fe0cb9

SHA256
c86ea708d5cd88c7e4e8762ed1253af0b659e377d9bd946f90ef083bb6d9682e

SHA512
452d1501a4761f9189720e0263b5d4f0207137c55e7135a20caf2e928bb297b05f13351b28afaf74541c86adfe878084f8596ce25bc70dfc399f86f1000fd10f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8195f9311aa929c504e9f3600711df13

SHA1
a4cb40b9f213fe00c03010a583cc2cd8ad46e90b

SHA256
4d4221942b9ec91e96e5e0727c8f7494d885f2d84ee33696b23ccb457b74c0f4

SHA512
2e0f0e5b332a47b9611a20cdb019f193c035549fba945139ed9d5972a2784615730c4a1e944ce2a62f927ca359e152ea6e60199599b1a9bf6f19ae5375fd1138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1d2faa17239103a3c756ee63e200ff28

SHA1
ba5a7f770916bc25be71bef0958aeb7e27ebee8e

SHA256
e6d3380ef004d0579961c10ef5e61209bdc151205a60f97743ad20faf7cfe2c9

SHA512
c5b6cad1768260c4c81264b96c8e856a369d421edb2f4e913ee84b0c1acd212fed8419ec93ee5cebdf83e0c12c528fff1362e04f7d02c14a9bab7b6c1c8c0974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1e0a2df7dabceb724264a2dd431d48bd

SHA1
89924746fc82437105a29b97ac408082a8876bb8

SHA256
82031637ecdb68244cd3489a83a2bc1a0acc240deb99db52136e4107610da67b

SHA512
285788ef45485308f573b40533a1331c0d1172df7fb7857df7a331dcf0ffde0c7faf39c198537e56fbcdf2240b9e24748508788035bb2daf89e724aaf039d4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
29912fab15048b176152f20d1e8fadad

SHA1
0f8f584482545c4675cec8195f8bb3098c8ec3f1

SHA256
4e0403385f8ad5bafddd75cbf1b231b5d5ca8d2a267bc9fa899385d977bfa2e6

SHA512
b49bb0e2a2c81377afec0b2a32228101db3e512c184bf104a329ea87c1b55998a3c206711552478fcbedaf8c2f227ec7cbfaf9281862fe9c0bfcc2170ea1bf59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9a7570f22b9f4a197ac9c53ae2fca21f

SHA1
9d8e946640bac789625b65a96deeacdf3319ef58

SHA256
547724489067015026c5ddf0661ea89e037d74e6d5dbae4a858e31c7b044fca1

SHA512
cb2c2bdf7ad1c1a83b9cba0d7564a239b81db438bb133b45e11d4ebb96dbfc68545074484bdfd6e9d5fb08aefd61cf2b70466f3441b6fc4ed9d26737ddb70574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4d2ebfbd9a6b78f014d801d76daa97b2

SHA1
86f6fc351d051d35beea3ce09edcc639a2823b05

SHA256
7c742088bf90168864146d5439adad597bcb335f438b825ac4db36026520b80e

SHA512
eb2144cee0fea2324d73e0daccaa42a3a720d3757eff3b1aaa0c969e1db207d7e1cb6a1452ec8b61989f17725d01ed2972ea1e53ac39104097c1e915f4fea749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6a3315c188cbf2c5beaafc5443f86f24

SHA1
a620304f07dd41941f9c991f3299d66025eaf00d

SHA256
8056c313c9be1157ef7b352260fdb6774498f19ce0b891bfb0a0dc9804046f89

SHA512
4390196eeebfb9452650c5da9346162574f1dc3651c1bf57d4b6e9470134beb4f78f274adf42df1ca376900f86b7328c94d9a3e6fbf841dd9a827e366bca64dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58393b.TMP

Filesize
48B

MD5
6133ea884b552f0f24aa3d60d71d8ac6

SHA1
f82213d1df12d20cafc4f10012bbd6c26c691e92

SHA256
e886cf55989b57e1c5460d644b9f107eedb42a8d60150367b711561285f7fccc

SHA512
5db08a8c2499d4c70f83f38caa92f0376b1bcc66e64c53268c00f7f911f6deb118801271d052c4619fc667f2fcbebef47fedc4a8ae2e0c97d9d55c13b0087265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
044ed1f395ef5238d0b9e83ed47a5914

SHA1
9d03db41de97ba0881b6e7234bcf2f1316ad0532

SHA256
1a286801e029e2cb899285a9fd9346b95bb93cb8b585788938a44f6133ce3e72

SHA512
5429d641659b85a755e5a6f16abf4ef319f6fd060f2d44861087377a9739334fe57a1a5dfabd2edd8e1669c8a3b30534e2d668f3bd69160392002e7076eced8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
6a4c4465228cf81609fe4da32f52f01e

SHA1
f44fc1b5aa17f158defc6727ca82695d430fe16a

SHA256
cab6f1e031ea1cd89982a60fdd24c50f5f69c2da2fb937e1707869a909c159dd

SHA512
80963b016adf5145bbd43547ce16b7bedb4aae786f1e647db212540f4c93dbcc2982d33c13cabdfc8f7d00e870d72d5dcac519797e5c986e67bbadfb42ffba3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
ee84907438d41c3829a1e55abfb43d1b

SHA1
f836b4deb29091885eb8c947b75aa5b43c0e7f92

SHA256
3c930c65019d7b5a348ed5a16a348e69a90d2b977f2b9b4ad4101a5068372f5d

SHA512
fcb8856ce91a52c002eaa7cf0f60672dec0eb85b2c5c09db3ed70573e424c148f8dd1b72ea7071b509b00d561dedc55f5cc6912d4e1bd18ed2681521624513d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log

Filesize
1KB

MD5
651e2e36bc2f4d422238e72c2e771a24

SHA1
413759eff13f3bea3eaaee120f38b935bddcd5c3

SHA256
d156cd5fb71f62dfe09b77de2ab2cbfc6a4fb4b87251a37d23ad85de0d7750f0

SHA512
b591cbf3094d9e223904162834c446ee92ca1bf0846ee23bfd92495eb442a05b1ff63194ca9b3a556ac18e23669ec9e2955174eb637fc481a7306583670f2d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cbc9fc2d9ad2df85283109b48c8e6db0

SHA1
721ea0dfafd882d6354f8b0a35560425a60a8819

SHA256
7c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe

SHA512
09594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
046b1cdbd636e82e7711ea1fde31d7e3

SHA1
f5fa4183cb259a99b4148ee957a5f76e80a77ada

SHA256
40328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a

SHA512
460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
328283740edabf1223e8d8a9a5102f2c

SHA1
a4c01469a3e625914a8456f1ec57e11789f2ca7b

SHA256
3cf91d9513721297342e2aa4cd5dad66ecbea6694117bc6dfda1435d0ec1de76

SHA512
0ac4228d97b43e986fa4c6abd8129adccced7f24cf400d88610100331abdbd457f13ab5f6241c3b53a9ec03f6afdb7e603df1841caddd07af111b23e6858ac4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e5d006094f87d1c9681247b19aeaaa4d

SHA1
4352571b73c2ae317d93742855e4f9c3c6050a2d

SHA256
2a3e75020d244e87b095aec24cc2b28111da03c400509d3f00894167133c4328

SHA512
43e240fc671a871f9b04e81f8a9c50852688bd8eed809716e0860e561242eb39cc39efd35d9b59dfca71991e8cddaf49a91d01c6a724f850045b08775e4c4799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57bb12.TMP

Filesize
3KB

MD5
83993b319dbb4c4848a485ff1a49b980

SHA1
7f4ddd9c046ecc1bbd5af2da62441844d20d4f2b

SHA256
02132cd35abf7b1080689cc36b17871ab314bf211164fbee2377e569b7d61c13

SHA512
e53b0e14490bba3b39685cd1650f5044239c9be1b959fe1b8b8a1560a0b2d8e427c693d36b6e0062bc9f7070b4d44b1c8f8b7fb15e45992def68fd6be7eead19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\c5183056-3e16-4baa-a720-b44592a53268.tmp

Filesize
3KB

MD5
1db212cad41d0a43daa4e6b4b3aae090

SHA1
43e52e445b22522108d3e69995319c8529d47495

SHA256
62411e25fa82cb27efc1a766cdbadec5900e47df77744826a0bf948f3cb7b068

SHA512
7cd67e645a99f96d8447acfe1db35f6fefdd67c8d22733faf79f171ca45c19a6481b7a6951c750d7404ac6f05a649e7366585bd6640ff9f36b3302edecf1e94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
517d909283a6e5a71fd893f42fc4b0b8

SHA1
0bd839668e2423496d71c4b60a9e853e4730faf4

SHA256
294c48918923b4068fa8eaa5737a7f66921a4e5cbe3d0bc7cc1bd61dd219c53e

SHA512
15c0645ecbd9a9e930799bdcea34a9c7c26477752d16a4fba3f57d342925b06d5ddbc954bc2e9cb56c8cba7e91b1acf4668bb406d31108d92c9cc64fb4575595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
34KB

MD5
7cfdbe23f2e7a8aad88cb967ecea40af

SHA1
3361cc928e010a029ce1259933cc6f09d39048b5

SHA256
571e967b2c558d6be23a27dd786905ed7b430de66b937dc9b2aea64270cfa934

SHA512
2a453be4913eff99890efb3a882b1e4c993c9d2ed43ac147941afe130a6e613637e17c30318a68ecefdfe782f4f3b81fce992e6e0dbd81ff029d67b3bea12c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
b95d5b59f429abde6115404d7193216f

SHA1
9041dca13da9c2469c739e3202741e90c6b980f4

SHA256
a007d4dddaf2601145bcdc71ea4c78504dc8b2a8144e7d6ca75a49b0a62ef87e

SHA512
aa3e4a3f74cf0602bf96f19f47c7c54996e1b1af24dbfc63c7388c175d3d07301a2ea073bb9ceba83ac801599315634d91f0862706330c534a2edd296aa50ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
fd2727a316693f0e914627556f52b420

SHA1
667f340607203721bbfcb678e559ed4187ac6a96

SHA256
8cf9bcd5b816e12386118cadb6731335b5cb182d4af368648462c08ca5e09464

SHA512
a7b36679a22a46d1b202a31eda293d6e4d67e9087818c547c17b55b71ccd57431928d5d156e37e5170a0a5c04fb0399c24d5d63c4329179ad90817e12a5c2a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
b0e32584b397d3ba37517f97771e61dc

SHA1
fd1d7783b7d5d7a29b0687546b82df173f448890

SHA256
a6aaf2f4e645766e18ca64715b1c0929662d0ea7f1ea24f13264bb7ba7509a3d

SHA512
09ba162955ad97ca4151dca9f5963c7ac4a43ec29297299f1ef2f3ba117f54b7953ba31927ec436ecbdc124ea72ef2763d34aecd36ff687d1f78690dd24a0300

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAD8.tmp\EAD9.tmp\EADA.vbs

Filesize
352B

MD5
3b8696ecbb737aad2a763c4eaf62c247

SHA1
4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5

SHA256
ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569

SHA512
713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAD8.tmp\eulascr.exe

Filesize
143KB

MD5
8b1c352450e480d9320fce5e6f2c8713

SHA1
d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a

SHA256
2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e

SHA512
2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\b2a066cc-4dff-49f5-aa18-0f2e046a7e4d.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\c73de15e-9261-4b7b-91a6-ed6a84d6bec9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2360_431286986\81c7485f-4013-4a40-89cd-ce800172d1c9.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4548_1857897442\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4548_1857897442\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4548_1857897442\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\Downloads\MrsMajor3.0.exe

Filesize
381KB

MD5
35a27d088cd5be278629fae37d464182

SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

Download Submit
C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/1356-1545-0x000000001D5A0000-0x000000001DAC8000-memory.dmp

Filesize
5.2MB

Download
memory/1356-1544-0x000000001CEA0000-0x000000001D062000-memory.dmp

Filesize
1.8MB

Download
memory/1356-1543-0x00007FFD4B490000-0x00007FFD4B5DF000-memory.dmp

Filesize
1.3MB

Download
memory/1356-1536-0x0000000000590000-0x00000000005BA000-memory.dmp

Filesize
168KB

Download
memory/4244-1596-0x00007FFD4B490000-0x00007FFD4B5DF000-memory.dmp

Filesize
1.3MB

Download