c71219206045b09ed8eecc7ba1bd87513e13b06b31a77fe6e420efc464a53b6c

Resubmissions

03/04/2025, 19:32

250403-x9a27avqv4 8

03/04/2025, 19:30

250403-x7vc2ssxfy 10

03/04/2025, 19:28

250403-x6yzvasxey 6

03/04/2025, 19:27

250403-x5376svpx5 6

Analysis

max time kernel
899s
max time network
864s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
03/04/2025, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

thing.html
Size

530B
MD5

4cc05d8f62d2e1efa934938da135888e
SHA1

1b595e0ce36fe3f92924f1a800315bca7f4e105d
SHA256

c71219206045b09ed8eecc7ba1bd87513e13b06b31a77fe6e420efc464a53b6c
SHA512

257606ea82eff79ab94a09c93e1fe58488b83a44e2296c7873f0fc184b615ec7250a919cd4a877e2aa9d4296b385d09c4a469b772d140d83960c3c800c3c0b98

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
134	492	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
2272	winzip76.exe
2260	winzip76.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
37	drive.google.com
83	camo.githubusercontent.com
91	drive.google.com
92	drive.google.com
22	raw.githubusercontent.com
29	raw.githubusercontent.com
37	camo.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winzip76.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1792	2260	WerFault.exe	125

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881823797623446"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MrsMajor 2.0.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winzip76.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\e59eb50\winzip76.exe\:Zone.Identifier:$DATA	winzip76.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3704	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
400	chrome.exe
400	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3184	OpenWith.exe
3704	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
3704	vlc.exe
3704	vlc.exe
3704	vlc.exe
3704	vlc.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
3704	vlc.exe
3704	vlc.exe
3704	vlc.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3184	OpenWith.exe
3704	vlc.exe
2272	winzip76.exe
2260	winzip76.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 3924	1360	chrome.exe	81
PID 1360 wrote to memory of 3924	1360	chrome.exe	81
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 492	1360	chrome.exe	83
PID 1360 wrote to memory of 492	1360	chrome.exe	83
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 4256	1360	chrome.exe	82
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84
PID 1360 wrote to memory of 3104	1360	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\thing.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3bffdcf8,0x7ffa3bffdd04,0x7ffa3bffdd10
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1912,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1428,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2112 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2328,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2348 /prefetch:13
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4132,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4176 /prefetch:9
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4772,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5288,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5256 /prefetch:14
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5528,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5716,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4608,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5896,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5952,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4732,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5312 /prefetch:14
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5752,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5576 /prefetch:14
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3200,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5568 /prefetch:14
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4760,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4624,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5800,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5820,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5560,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4228,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4796 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5832,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6104,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6268,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4804,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=1052,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6544,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2472 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5892,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6660,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3368 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6420,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5568 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3264
- C:\Users\Admin\Downloads\winzip76.exe
  "C:\Users\Admin\Downloads\winzip76.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\e59eb50\winzip76.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip76.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2132
      4⤵
      Program crash
      PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,17127979445270951370,1836973410519334994,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6696 /prefetch:14
  2⤵
  PID:3132

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3184
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\MrsMajor 2.0.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2260 -ip 2260
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\72931f9b-699e-4e4a-8d48-0b75fe0b3da4.tmp

Filesize
81KB

MD5
3947f1beb69509ac0451e8d31952f81b

SHA1
6827fbef06edc366640ca73affec257322efa242

SHA256
ddee2f42f6fbdaca68fa5ef6667e8e7904afe05a8dcbc4674620e7de7362fd2e

SHA512
ae0b3506181d1329f56bfb85a4e9325358813ec1288d07009112afeb43e0640d518ffed8ce463483d25a5f553e35160e38fc4d4213c5bd01bc6776f9d10b95f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ef48948bd895081c2516815f31bfa6d2

SHA1
df1c6047098381fe549b8115430c04c3be5a5dab

SHA256
ff30a2bcb892cfaba750304277552e23de1f4c77dd9ef47b28b0405b45f23ba8

SHA512
e7c7b7f5595fd69d6c099033ece1c620b1d77037823b64d758ab6123626c4db71fcda6a3d0cb340e7594f9cbc4ae744e2cfbfd9ee6341ad0eb5b2b89edc6ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
00a34503c5efdf7f4815c3bb9cc9cd68

SHA1
a85d51a8bfe01bc2c26bf0cbeae56c057788e452

SHA256
95ac4bfd07bbab1602f31faf2b3a3ae4064bf191917b229440a6cc722af24764

SHA512
c52764de41844701a47d0eec201649f20813a51a7b68feae77b47fe32bc90771c809682de3b12a94f37c2d41c8adca5a3707ad50618b402cc49b2f78d23c4259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
2d359317bbe730dfb39ba6072e868288

SHA1
bf1f2c17e5c5f1989a26a8bf77d03e36d4581d55

SHA256
c586a84e448551b06b977cf71cf5d26afe61bd48aedb4814cfc2bb4356de2f76

SHA512
ac6e1fbe9af6c6950d76043a8918a2fb3424d6518ad45b2a7828b459bb55feb15bc3d55dbd3ad64ad83e3f8aab832ae053a448fd1e0f09bac2c5a6de786007b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e3783ae339cf430c917d601738f3d2d9

SHA1
f352ebfebfb903a2d300284ffe1ad73dbd40dd71

SHA256
2063f61368fe57a12753a51b5565f43c31d01bcd3984c4b37444f0f2b9d062c1

SHA512
15aba020d96568fb21129a93b2259cf5dbab2948e11f54b1b484386918f945ca595fe4e3ea28e974fdb45ce93693f2a61e5b4bf725a487ded1fc87ea04d998fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cba824a0214294b913089916d2196aa9

SHA1
e705940e42442294156b3e6cefa80cbe2b574d03

SHA256
643eb386a519cb54115a2369bb16b9a04f76321ca6c241f7975330bdd2da671c

SHA512
3e8f08c96a49e9ff77c6bfa543d2ac68045c4b20bec58a363668a055008ffa7b571e39a11f0e752a40f177773f86723d65e9aec960e0c609209958522b9179ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
2be12d0601caab23fa1696eb2496f4bf

SHA1
2c628d3c5de7e6c649341da8999b3fcf4c54d666

SHA256
6a4f406c1731db691e0a9c1fb61b8aab43095f22c198f19c7b58b85499390eb9

SHA512
793499c32ed143af445c3efa09f0bbe9a9a1aca9b335bb79ce7974d035ebb6d353845efda5dddf49c415277c3f52a527f7f4ef41cf87f9d7235156ba1a5fb32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
1aca3afb7717dabe3d043dace43c5e6f

SHA1
d8a8380c9ec652b23ac7c6e9b8a3ea04a049fdd8

SHA256
02dae1ae90359dc2218aa811cb0c0dd330d4893f54c65d6bbbe1f7f5c51d8a9f

SHA512
aea108119aa5cd0158b55d1d28738351f74c2e69bb1d346d5f7207661362b9a83333ba2c4debe8b2c54e8e5a1b30fc8140c3b95856b1a9b9633b31a400e878f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0df7efa866dfb4508a182a564dab621a

SHA1
c6794fad443bcbaf90c2690a9163a6ea656fa1eb

SHA256
f073f7063edc6f4cad47903bdf627df2a5459178ada58ee73d550cbcbb9c3b7c

SHA512
e675ce70cf45dbf16e3031ce0a49c8502a66afceacde8ef4e4106bfdd8a7962f829eb6073e03f714d05bc4076068319bedbb166efcb750e6bdb58de302a974c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3102a7c5ad72f2950d445939ba118edc

SHA1
0e5f73bbc988f90685de67994437a4a9cbd88934

SHA256
79ddceec7d2a5e4d387bad762a1b4ec40d15a23fd1d3f4536522fc22a94e87b2

SHA512
d5f46f9c453093922b3d53218cea2df0a358d65982606002f13963387bdeff4dce1356f4124bd6aabe7b6ae10960a7f97160ff914777cb22b51e2b9ef080df9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e151af9d61ed9ac6934c361414d89ef4

SHA1
fa74514a8432197813cf3a501e926505c957384c

SHA256
ad58783a3e8950607d8a0e4ab349044a0a1f44a495d62fe911feacab2d9da464

SHA512
e7f20f613a898ca2daa51b692b95cbc7fb2d56251431ec927d400282371d19997dad6b1795371dbf16511593ddb9dce59d2efc1568dddf160f4150b284028f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
57806b14f4919caa455ab9a91dc49fa8

SHA1
92cf13be045a6ac91261b1e872832fddfe2c0d83

SHA256
bc203ed4ef4484079666ec4a887ac8d0b4b6c51236733c360599ee71253577e8

SHA512
2b44d6c9b219ebed6e43ebbb6edd7601a5edf8e741973ecd53db4a97dd97fb325c7ed4ca9365ced0e2724fb7f308ba18634d3a3e7d106a3252b74654d256cabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
721916f0a05217472ea1774b19342e4b

SHA1
80a01aa1f71e08562c766edc3d7f3335eb57acae

SHA256
d6f91981405d912b8af8be986b038e98a26f42dac1c76165a133d938fa692f51

SHA512
fb8239fa996ddfb877d3566914f6f6badafac299461cb66144940004e1a09d4fb6676380db9791513039ee4d0e1fdc2dcf7cf5f29ead42648bd9433d94d4998b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
73ced83549319c96eadb8d4b6da8d162

SHA1
72a77f96b4f60197f09a14d5f92aa9119d160985

SHA256
9b55d79807172fd7fb05aead9ee811fdee2522bf57d276b853efbd837e402e1c

SHA512
81d1244066b3eae75b7b229c0cb67689c75a3fd9aaba99d066272b64e900a39c0b7da4c9746df99192ce6855135efd79481ed5146c5546eb58e240c1c422abab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
357b99672f195893ed211b583d92236d

SHA1
44d50a13fddc2966231024099737203524185230

SHA256
4503293c6146f9dbaaef3840b4753686dcf5a1b073913767d146f868112ea24c

SHA512
e95ec6db4f5763fb2a2c3d801cd98948cbffabfc25cac20dce74164ac5f89575a3ab3bb1f5a64fa37303c6282a0c19f343c91a27a14ef53ba285c118c2e0587a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
29e709a7b18beb7831d7a13773a39b79

SHA1
4c6b320229233bf1384b1f60451d348abec0204c

SHA256
ea80ff81e6f55ea78052b18eb4d2f442a89ece9791be4cba7a7cbf46d47bb987

SHA512
c94d2907445293ba656f166045714ad32e33248aea3dacede68ced8e02b49f92b4c7c8f4883d817bbff985c002620a36ad29bdfa9c8d3c6f40074c592313ba9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2653415803d89b5d05ef3a2e116e8321

SHA1
a06128bc458b8ece7f3219664d016680d5b99289

SHA256
e0331f208de29ba7e0d505d35edd6d2c5d8775e00351f130378b4d2ba17c89af

SHA512
b743e9990aa0d3b07db511351464720f65bca405f9d2d8572ade42329c197e02fc85feaafe77047fc75f7618f7d814e7ef1c14dbcf1a36a6ddc900e7c62c0a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d193372e0e57a793ff49731ef3dba324

SHA1
bf67c6f34274471270ee652af38880c7ff336af1

SHA256
27e321570136c1608ad2def1154ef5b5b9c23979cbb6eba8305a2b9e3e46a3ea

SHA512
be471812a4132c488d6561f76d3893ab3fe3987125d2872bab7e5c30336af572e346327df849279a1c5b146bf47f631083d0874ee38f7c7cf51238601cc660b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
42e4082f52a95e2491d95fe07ae2fad1

SHA1
88cdfa3b7aac52d2f247b870ef31157186d562a9

SHA256
67f089248c1b0f3bfe51e2e73cd39c6dc98cc852f19a0bed71f4d5e8599ddf71

SHA512
582be62a3ec721620d88dcea07298c4280e1e2bf6406de21aa21d0344dd556ee04978acfe9b8480d32222810e4be4d2a2be52aea407be2d3d416752c4661515d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4fa41a27caf6d85b4236dc8e0c08846b

SHA1
80f3b9b6c3b56551df4686387aa235672015abf2

SHA256
3a5189a3c2f67806b44ac870c9ef01b3fc7ac76c6195d6aba41ab60337c460da

SHA512
73523ab3c7371ba33724b8e9998df7bd0f3c51e6f3192d0c35a588618548202f9b53f1ed0c2fdda6979e35586eae96abe74be7e33fbb8dd9332bd5f572c2b703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8dc2de4da6563a91a16fa2516b9e48e7

SHA1
6532fc9e3327263b646fc4ab5e5c466d0950f7ab

SHA256
b74db504c16c7759bbcf0dc513f3ac2bf5ecbc63869c16045b42b1b6c0cb03db

SHA512
d02c54b7b6761cee70b32d24d6d954fa633878596c5964655738b1faeec61f2d005cb0a40fec99a201006538cc9092b651ee8c78d9cc2fc89dd6620456971e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58177b.TMP

Filesize
48B

MD5
86877c70f7ace99b573747874c7242e1

SHA1
293d876cfd84effc993b634cf1059a56018f994f

SHA256
c2730cf7bf9ce01013aa12773a46f9aaf23c28e0c3982ff7abb25bf7ef0041d6

SHA512
726438ec08172611a54b640c80805c61392659a0bf9efec8dc8eb7e14320f5ce497ad472f82dc3ba5026d205e848fdf65857a658a0c0a8c7712c9eb0af81974a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
c97ace8ff4f542d658b28c34f67fc9aa

SHA1
866eb7c54b62d279aab8a2e1d11090348d4f502d

SHA256
8d3a775684cb330a9774a52101656c8cbecd8530a1e5d10476f43947504532ea

SHA512
4c0a8d663c1ea845598a77a75afab262172cb2e69c24d393e2d015996dce2b3b7f78d9e614bd2da2ce76cb856fc6a04a78a97b00462da419e3e841a133c06642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
22f9faf804b8c011f60e9aa24dd9ed15

SHA1
f0c6959a368776ed44ec6b76160d2e6256aece77

SHA256
22935b10e3d35ff0cfbb1fe6004a2f115a36a4c5ca6a50dd339bfbcc0803d2d0

SHA512
0e60dc3d6b579ec0fabd95e7e6339fa4f695a014d02f805743ca76a8ff4b5b11e943bde3372f035bc2295969b2fd35b1f6e0ac47c3facc4090a92ff0749263ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
97d7f0c8dfeb6a79eb5a97d1bbc9fcf6

SHA1
d811abf7d8ffcd1113705257c0b5c0537f0f09e6

SHA256
1c0a9b6480dece48c4753119ad7b7303820df640103078f424245018d53121aa

SHA512
8c4ebd18e0bde6847b8161c8c12e3022092a298fb9003c6be4dc7111e246ed55e06ceb4be9d7159788fd2fdf6f4a64ffe021f5a6280ae0bad2fd727de94742c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
532dd918267432e938a5d26f3e33b1c6

SHA1
f560abf0b543bc3604a963d00319ff26df6bda24

SHA256
46a3c810deea4c0f5d2b097c4b546e03739c302a6e84f14c0a4cd8d0b49a27f6

SHA512
b1d23e754db1319bf323cef719d3a0e1467878b377afad37a5ddb428617a93355d9565789f01b7f041abbc25f956130e4450cb1ccf5e5cb341a679fb8843e2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e45e9af81d79b915d8877ccc384f5c27

SHA1
0c0f17279d4553f6406f8f45fc752219bb7fa539

SHA256
1c32c3554bda60f828f3dc7326f24369c9f5c75391f75a8856d0eec297af6e69

SHA512
d570d7ecb5988061d507dfd9862a9ec6113a65cd0d0dd8e6a3df5001bc0011c7ff89eb3998159b661c7e9eb39ca597661efa63f8a7025a4722416c93406e4844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9acd29dda1447e1be6273d27ee4ee22e

SHA1
da25f7194af893a8c409000ff0fa0a6c76e09915

SHA256
78872d478f886b9d913062a93a89aa8b84c9333bcfa5081fa4f2241c70859707

SHA512
65c3105ae172369ddac8ad503f004224842068a2442715f55b39c02c349abb9f22792ba8b7db7a7a7ccce904fc2ee26cf863d0ed94708a7c4570f90b8537c527

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\common\js\common.js

Filesize
45KB

MD5
87daf84c22986fa441a388490e2ed220

SHA1
4eede8fb28a52e124261d8f3b10e6a40e89e5543

SHA256
787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23

SHA512
af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
9aecea3830b65ecad103ee84bd5fe294

SHA1
47ecdf62eb3cf45ba4867846cb61afa70369d23a

SHA256
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec

SHA512
754c25b5fc6a3e5d2027326c6814f229f9131396ea026a407dd16d092da6116bb0ee8971417463ba68268098dedc182b6fa10060ddda6ce063a5eca94be3c152

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\config\installerlist.js

Filesize
2KB

MD5
f90f74ad5b513b0c863f2a5d1c381c0b

SHA1
7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7

SHA256
df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc

SHA512
4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\config\installparams.js

Filesize
556B

MD5
b2bbe6521456b9d9654b7fe6e9400460

SHA1
d5e9c0303cca5d795213dde8ffea4900ed9162dd

SHA256
0c9e17900f039de274597d9669adc6d0945ec12406eb613f92235946f4714257

SHA512
f29a90c8770d5b28dbd0fb2abcd88208618259da5052e1c4a8bebd41a9ddfcf2ba86d365778bb126b323bfae3c558c02fc7662dfb81c12c79292968248dbaaa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\config\stubparams.js

Filesize
37KB

MD5
91f6304d426d676ec9365c3e1ff249d5

SHA1
05a3456160862fbaf5b4a96aeb43c722e0a148da

SHA256
823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b

SHA512
530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\pages\Initialization\features.js

Filesize
506B

MD5
7e20d80564b5d02568a8c9f00868b863

SHA1
15391f96e1b003f3c790a460965ebce9fce40b8a

SHA256
cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc

SHA512
74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59ed15\pages\Initialization\page.js

Filesize
2KB

MD5
50c3c85a9b0a5a57c534c48763f9d17e

SHA1
0455f60e056146082fd36d4aafe24fdbb61e2611

SHA256
0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a

SHA512
01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4

Download Submit
C:\Users\Admin\Downloads\MrsMajor 2.0.rar

Filesize
19.3MB

MD5
a61889efca36007831250fffb358bd17

SHA1
c835f75a8de83cbff5787f8143476b424458e7c4

SHA256
50e0b0a6e806a837e3a7346ec2a7c0f4c36e7618553c799a88ae1658d97e505a

SHA512
8fe704c55094cba451cf12197557bd44c696b58eae2a0a9827a7feb96d67bda89e15bcf763212fdd072e8272ec6537efb738b3e18cb24c26ac7920f70837cb2f

Download Submit
C:\Users\Admin\Downloads\MrsMajor 2.0.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 61045.crdownload

Filesize
2.8MB

MD5
7c05d8faeb45c410e965f3ac98d31300

SHA1
9847d9c73951c78dabc74ae5e21c2e6ab90327f1

SHA256
b9c54457a260a168fa0eb60f2ae1a5c7a5b7072a8120e37e9561fad6f914e298

SHA512
771dc6ed55c5d7531830d09b5a5864b2917149954fcde2c45ca037486c20e6ddf597c0c1cd3644c8eab66d7d8c1eee31cb8364e8ccb0921633ef7a2b8392b3d4

Download Submit
memory/3704-644-0x00007FFA3BA00000-0x00007FFA3BA34000-memory.dmp

Filesize
208KB

Download
memory/3704-645-0x00007FFA27020000-0x00007FFA272D6000-memory.dmp

Filesize
2.7MB

Download
memory/3704-646-0x00007FFA25350000-0x00007FFA26400000-memory.dmp

Filesize
16.7MB

Download
memory/3704-643-0x00007FF691510000-0x00007FF691608000-memory.dmp

Filesize
992KB

Download