agenttesla | hxxps://github[.]com/extatent/Phoenix-Nuker/releases/download/Download/Phoenix[.]zip

Analysis

max time kernel
426s
max time network
427s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/extatent/Phoenix-Nuker/releases/download/Download/Phoenix.zip

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1116-1315-0x0000027C34F10000-0x0000027C35122000-memory.dmp	family_agenttesla

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

41 discord.com
42 discord.com
43 discord.com
546 discord.com
547 discord.com
561 discord.com

flow	ioc
41	discord.com
42	discord.com
43	discord.com
546	discord.com
547	discord.com
561	discord.com

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exePhoenix.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Phoenix.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Phoenix.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Phoenix.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587103806905310"	chrome.exe

Modifies registry class 3 IoCs

Processes:

chrome.exefirefox.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{1BED6DBA-9A8F-4858-8EDD-689BDFC28269}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{AEAB2079-6519-4EBE-ADB0-8F87B75C515F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

chrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3444	chrome.exe
3444	chrome.exe
4708	msedge.exe
4708	msedge.exe
2676	msedge.exe
2676	msedge.exe
6772	identity_helper.exe
6772	identity_helper.exe
6136	msedge.exe
6136	msedge.exe
6208	msedge.exe
6208	msedge.exe
6428	msedge.exe
6428	msedge.exe
6780	identity_helper.exe
6780	identity_helper.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
3444	chrome.exe
6208	msedge.exe
6208	msedge.exe
6208	msedge.exe
6208	msedge.exe
6208	msedge.exe
6208	msedge.exe
6208	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4852 firefox.exe

pid	process
4852	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3444 wrote to memory of 8	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 8	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2472	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 1028	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 1028	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4352	3444	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/extatent/Phoenix-Nuker/releases/download/Download/Phoenix.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3aab58,0x7ffbbb3aab68,0x7ffbbb3aab78
2⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:2
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5020 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5052 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5396 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5404 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4132 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3908 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5288 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5748 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2212 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5024 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3648 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6108 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6332 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5080 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6820 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6712 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4456 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6808 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4436 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6572 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3644 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5736 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5708 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6116 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7384 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7536 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7556 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7724 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7848 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7520 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7412 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7380 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7572 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7952 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:6120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8076 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
- Modifies registry class
PID:6140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7940 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7188 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8272 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7180 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7856 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:5228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:2
2⤵
PID:5784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:2
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=2448 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:8
2⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=1948 --field-trial-handle=1888,i,11073128064642079841,14867476940243295620,131072 /prefetch:1
2⤵
PID:6992

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x150
1⤵
PID:5820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbbb3aab58,0x7ffbbb3aab68,0x7ffbbb3aab78
2⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba9a746f8,0x7ffba9a74708,0x7ffba9a74718
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
2⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
2⤵
PID:6368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
2⤵
PID:6376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
2⤵
PID:6616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,92309141592735994,1198123226686445489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.0.1380069859\1831355349" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ff9c9eb-14f3-454c-98ec-2c7b27ec413d} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 1836 141b5723858 gpu
3⤵
PID:6036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.1.1681825933\2139687821" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc939520-9b48-4a23-938a-5addcb83a5f4} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 2404 141a8a8a558 socket
3⤵
- Checks processor information in registry
PID:6604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.2.1357400652\1795773461" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2988 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc0c7184-8e1c-4966-8b36-f85ce98dd040} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3004 141b8608858 tab
3⤵
PID:6520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.3.451663192\1409047183" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6b69dfe-9002-4550-a786-85bc24b5dc95} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3672 141ba734e58 tab
3⤵
PID:5748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.4.1904008615\173777075" -childID 3 -isForBrowser -prefsHandle 2744 -prefMapHandle 2808 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbc26945-28b8-4896-b97d-8ec55bea172e} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 2716 141b472b558 tab
3⤵
PID:6788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.5.640232735\1017353655" -childID 4 -isForBrowser -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c51cfedc-f706-48f4-b8f4-9bfdbe55676d} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5448 141b72b0258 tab
3⤵
PID:6808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.6.1413894007\1750133654" -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4003994-7071-4b3c-b7e1-64c46fa71e54} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5348 141bd12ae58 tab
3⤵
PID:6820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6232

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:6452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:6984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3aab58,0x7ffbbb3aab68,0x7ffbbb3aab78
2⤵
PID:7016

C:\Users\Admin\Downloads\Phoenix\Phoenix\Phoenix.exe
"C:\Users\Admin\Downloads\Phoenix\Phoenix\Phoenix.exe"
1⤵
- Enumerates system info in registry
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dsc.gg/phoenix-nuker
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba9a746f8,0x7ffba9a74708,0x7ffba9a74718
3⤵
PID:7060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
3⤵
PID:6612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
3⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
3⤵
PID:6496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
3⤵
PID:6500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
3⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:8
3⤵
PID:6400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2960 /prefetch:8
3⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6428

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
3⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:6780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
3⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
3⤵
PID:6900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
3⤵
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
3⤵
PID:6268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14378462992549924802,13219147672730606627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1288 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6948

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
ecca8993047150870094c763386eb4e0

SHA1
e77376a1868359b6270fe9924477d645bd5d7d1d

SHA256
bc2822a5efb199dcc655254b162e8e690280697a639ba9b6901133798470dafc

SHA512
28eee493fd526ef4227665583b28d600954d71babf027c2aa6bc8d72684d4ebe8b84436dd75a7fe29b6d17c8fd91f27a08e4d9deb53e8460a518bd7c09ca297c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81efed75-11de-4331-a56e-6bd62c7bdccf.tmp
Filesize
11KB

MD5
9af792cd64e553ab0719218d10c7fc9b

SHA1
108959c1290f9cc7b0289c5103eedd1b7c62f723

SHA256
c8dc19bf8ebe279b9da6461f91d305d71227f5fed75b9489c2fc2069544a8058

SHA512
e4154ce94c25509d0048199189db1b5d929a2cef836375b46a5b05254553bb45e50052ce5af5b633c206b5a826516db46bfbff2735dcae8b656da103bef5e5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
324KB

MD5
526c68651d733aa4b1199f0a4e25ff54

SHA1
ae0220466a6d311218799cfa0d75865b7dc32f4d

SHA256
ff4ce52f7f46dcf1bf3bfecdd8c636269e9b83c4692df78da08913e3e25cfdac

SHA512
cafd479af6c9886d309002e427420f255ec3e73c2614a80d8f7834dc771ada9602b9d99020486d0f5f3e5d8e90e732a61fcd719264a6cc78304d430c08c0434a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
138KB

MD5
fb0106776500301508440a5d593fe0da

SHA1
b7dff2c241de32ce03aa258b5e58ddde0ce1dff2

SHA256
3c7f0dff2d7bc607c6729b0c38ca69875bcf40efb1f276dc581f4cb2273f87f9

SHA512
1fc3b1f2d2a170764ba018adfdd9363c0a1f363b11d27f22af9fecde3ec470299d3cc042897ad98bd92f5f991a1d0fe555df4b3c3048835ed76a3f674aceea35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
f0cb96f7b988bb642e478d9dc7dd7049

SHA1
70e6a693ba11619b4a106f42c74d6d4e850f93c4

SHA256
3f3bb3022628e782af0195d2c2dadddb12ccfb327012a6d189b2d2fd26368649

SHA512
e5818e6571fef6395354e9c9815dc010abb69179e2f205d32010c222b8f7b000de74cb2c5ba8a934e71dcbde2d2edf5581c23fcbc5a60943a9cf215b1ebcc9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
e168b49321ab7b3e91400682d7290331

SHA1
2cff88284df7635052f60d0f2701cb58cf2ffd74

SHA256
c7be04d6d1ba888dae336d885d4c8441560c5b87bf2555db745639348a2b36fb

SHA512
62363a3ad7207e359ddeb5dab49140a7fb680e81fba974476fff32b42e962986d935fc303803d24409a1b9fddbf07114d370bc5e37b336f22479435abef85e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
14KB

MD5
5f74696ca0db27069902f6c1bdac01d2

SHA1
feaf421124d2ac1d2b628b5efd416378c0cb725f

SHA256
fe4d2f10ca481f6874b6312c2caf0b217006a444cdc93206b91d8f54b4e02e15

SHA512
4b0820aa751cfe4eb3b536bfa2e5bc260dc25b46dea9108b6cd4fd50fecc7fe11312e0de241b3da47041358b5e288d058409032635f483041eed7755bc11c149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
12KB

MD5
636c88b5cc752bce7546fd653cd24d2a

SHA1
a32e60cc3472d5815fb8606d5edfe8e14395237e

SHA256
9b905cb7e8a100800f6aeeef6f375fc6559ccd8890962b533067fc7f7a66da02

SHA512
10b732ba8ad717eed1d1b8b7672c09bc0509d7acae2aedae5b6385e58ad34e22e40f3b2a8874a1e9ae7bbc74322cf906e3e114773ed8fb49e109d097098f524a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
94dd3084cc9dfdb941d888f3f10e23f4

SHA1
eb1557ce7cbfba7a2f79d8e46129016daa12906e

SHA256
5f9126fa6fe2fdc05fc1779a6ea30cbe550221d768949bd0c57d68f5dfd84003

SHA512
10a8f6eb65ab9059cfee35fd16856412c7c4c804794216891dc6acf7cd84192efc5550660c640ee43a42cf34177d8f858d432f16e46f4ad5e078fa4c2511f2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
cc1195819df4016628f1a04683dd87e3

SHA1
3795fbe8ea8eb2bfab513519ad207ca3439b5ef0

SHA256
eca5573903a7dac80309aa155b73697dd798b1bf8ab3d3a15ce6d1cbfa05862d

SHA512
c96d4402f34fd968493b91b1fc82f238dd59ab65d64a69e425644be58a2bd2c1c8f77c84519c007305fa3a51809867e7e5663c635d2a2c612e6d67ac8da004de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
66f77931060293a03b11a388d55205f2

SHA1
a0979ac8dbc5626281554502b0675eee4a0a3b50

SHA256
93ffb1346a73bbf3092aa26f7f44ad7141faff69b4d043c2646ff63010bfee7d

SHA512
bf365099307f17927748991cff78e644e6ff48f09553da60bb8e196d29053ee4dbe06fba76beac3153dde1eb191b0a491ebadbdd500946553de6defb8de8d692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
80ba48466c2767b966c904e7f5c15ed3

SHA1
d999c5807a22474a87372815f70f865f15598ffb

SHA256
9d0a822c99c014578fb9ecb07da6f9eb947525c82752f0b0f352aed9efea73e8

SHA512
1ee8fb12e4200f8b495e1e382619fc56699cb0858e182867f345c456e295789a03e571169492c381af892a0903a291632691dbce98599780bcf9d4ff018b2c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
9cee23868c6307662f8ccdfdf6d53302

SHA1
7afe5ae010609155be6d2b76a90678ac156f757b

SHA256
f0197bf8d829a6fef8afe82759700750c47fca83d9159bfee8ca956e7e0b015f

SHA512
9d0b3045d689aefee45ed4f18e36f51ca2d784f52955382d2dd1abf48b916e7b3f65e497d513f96f69d2772fb8426ea23cf7531a373fb6b7599c410552458c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2cfb908ef93298d709c8c5bd444bc36b

SHA1
fdaa96a36f4b824e3a83446b4357f72245f80fb0

SHA256
679ea180408d9f214bf41523d6af2600d4e5261a2ff8652b0110f792cf370f31

SHA512
795fd348b6272382de5d798b40becf37d7946a32303acc9fddc563316438a767d5d6234bbdf35d1998b067fa195b6bbe98c3221fd4dac01af7a7654f844c0529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
b87efea04777a9c3981efd326e2bd8ad

SHA1
aed48f835c7d40b13604c5660bb1f8fccb9ee340

SHA256
935171f2ad243a611f05859b24781fc202777928e1b2b4998af87161f7d0d6f9

SHA512
26f512d90c8a85af604326c2e80f275aaa8bf3b9dc4982b11e8ab667b03749a3a677a40d4ba2e2a3cfda2b9964ecd86c81d3947df353eee62fe6172795d952ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2e49c4cb54f593d83bf6d5d9031d2a8a

SHA1
fa6add60a7ef40258b4fced321bfcd7a35a8a2b9

SHA256
bb9fdd987b30d5f01b09627ade0561204c7352cb956e560034ef77802be5196b

SHA512
8f6697ccf9ed26430959538693c5dbe08f423046d56e03cbf64ab8a4c7d743a804d78dbdb84a880a637c38fb3c2adbeb7313d51de5db9d593fc2248e02e05c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2e66216e073d760cfc98835715fb0fa6

SHA1
ccbdda7694fe713ee0fdb518f113b79021fccc3a

SHA256
745cf9ef8b54a3edb91e63d1c70a4a0a2bc64b3f27f404ac3c528fccd1a4515d

SHA512
22c775f7af390220333525ba8af83272fe45d9cb94c34b3f0f075e3d49b06138c6e22e83547c2d2acbec2d772eb4fdf18ed10ea0963b7846028d7d3cccff6264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
c1490b2f0d7f99b98d9cba95cec53e05

SHA1
686dc05ef271f88adafca6c4f5bc4179ffe1d099

SHA256
9f5e88485b48397ea1180f94a70e6b3f07f857fd99bbc3897342d2eb11365504

SHA512
40f517090dea33f3406d7ff37ea111ec0abcc568410560908e6fbab72cd42656ecd623829cc8635e2f10fc7c7d09f45f3f509d3009e4fa910790ac395317bbd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
176f1a505711799b5daa0e4a16772b51

SHA1
af8db2b9d1031f3f35bf3ebb289570183546097f

SHA256
352c97848be39cf3393cd45b5c1fcfe4d059ad69a9cde6e3297a8d94f89f1b03

SHA512
7735489c9b37eb28c6b623c39126802ce7e02491378ef530e5cc63cc900f079ce3f68e2aae29107e5fa3baa026f4c843256626b4074b73cdfd12fe58ad835450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
39bd56ff0b73eeff40e671a192a0485a

SHA1
42852c670bb8e36f25204299f8fc5d9607c65457

SHA256
1319c01704b7e36e12e01f00affe19520b843cfa9c900f4f9777f34d8a213e61

SHA512
4096c205e80c9c357e12f9e390d3dfe38d57de28f2f03c7cbd1c7d3d1a00536ae06f7355351377a3cbf9dff4341fb2c89fc3c5c89a5df4315086926f3fa475e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b97ad16ad907a5cb33f24e49dc45797d

SHA1
977a8bffb9b730943830c0f2622a37e1c19cbae8

SHA256
15670bbc3b309608a8b60a6f6ec941ea56cdbacef808d89995fbc97cff7405ff

SHA512
99853495e684946a1cd29394d750c104a10e0297a79caa1cf38d5626bfd89650fb6f045f242bbe6d38e820e7a5a28575743cddd107b0d8cf3a2af1e7042abacf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1898a585a372610b1e70c94716d7ad9b

SHA1
f9066fe31b0615c3dc4a8dfb3df1c688c62ea791

SHA256
5f66682b2255966f21a59b48668699b805782e8d3223fc84ca81d669b72cd7d6

SHA512
19f2e4d4ab50299e077137c97fa77db5e973b0b851030ff063b2e3b425169d54ca3c61c7ea9d051f4c2a656d1a655506ca95c22cc76555b6c3a9d9ce5982be34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6f90c6fc4da7dedb58a4dde097954ada

SHA1
c585ebcff5faa4737fa087ed0955847ead1b2e22

SHA256
8bc4f298560c6a787925fdcd468d3eb8852920873b81c86b614027948781f29c

SHA512
1b083309bdc040b70f81179d9f95c1b9d8bbdc130a90c499af875b3ff2569f0e310f31b780d051469db6bee4beb4f601fb495799cda3d8e9e1b12569a267b170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b455701c6d126c8fdc7f49af4cb1149d

SHA1
10e94f4c365fdf4a91576de06d4af2e31a8d0ef8

SHA256
f3e2f38cf747f961cd933e5a2247796122ce294a583eb533e5fc1356a45280b4

SHA512
1286cb36931553326cf207e510662654a86837db01bb712541864807931879f8b833a3c0901183c306ab23e79fe8902271d0d382f7d27bfefb2b801e5028833c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
1aad5017df0bb7ade133b406967f40c4

SHA1
16bda735320d15ba5c243496e83d4093f112787c

SHA256
9d9399dafc02d4e1fe4b80a11d8918576be686c009ef34bf9932c4e432b5b676

SHA512
760129fa385a422bdf157e83bdfbe667cc07e7d927b29088c23d56b9b288b107f37b71a993250c8e999bd00b0455f3d29a9e6bd02704b14f1b680919d90ad97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
53d5e2c340df16a0a28b1951fdd02cc2

SHA1
648469ebac3f86fcf06262d7334bc1e2016c7204

SHA256
66ea94e76c3734f462910fa651e3c105a1fb6b46346d31e222acdb6df37265b9

SHA512
3588c85a83543bbe23a85ebb987fcac1926bd55076467b3e6b0140b5da194ac6062e36597b7a03032d5a1f10d1c351a95baeba9d43811f06a8c5a04843d8bef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
258600efee19f314c383018660229f9f

SHA1
27ba80f64cb26403793202ddac272cd4b612814c

SHA256
0a7b24aa7231fb0258d454107271e010c14a46dd9ced8d802d90c41c844d4ae1

SHA512
045f824a96d65ad9ce39e762e89116668e73e68185dbacf581469406926cb2ce034ef166c89a4ebeea3d0b30d884a40f9239b7dd3d0a63244e5f49f9968ecb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
e310b1affe2904349d603f94770e5521

SHA1
f7aa81adefdaef5c6312d76fcf03d322658cdf98

SHA256
19dbf726f61f1154d2a90b2e986d526aabcbd58a71dc310f8fc2675390b37450

SHA512
524092573eef490ecdb8aaf12c88e93adb1522f804eec64b6eb11eddda0129a6f56e3c68ceedc611bb9c01b9bacade6a1dbc4555b2f8783d08e43ad37b50428b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
b28a158c1219e4c0e483cc61a01a0071

SHA1
22671b5b3675639eafdc8ff2a1267e2471b124af

SHA256
c293d76d6352689872593bd266473c848b2f5a93eea2b4cb570e802d791da69b

SHA512
b3e3b5aa69e98e9ae8b5acdf8a2b94e8471a0c4f0aa4535c1812ee0d0cb476788e0bdc7c70ffa718d0135cb6c2d3680804b101cb8c479772a46efedefeb9b5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
04e65b3ae8daabc86e40b71c20827076

SHA1
a95c9d6c1b3f73a7c53845ff6b5a4f73e0a5b0be

SHA256
5937ec2cacee19ceabf140c170b87f037514c270b3ddad3fc85ae9c3e3b86798

SHA512
1ceb43ec1ad7f6d5d6e3c7cd5e486fb91339c6967e28e69350529c744596cacce6aee1a3cf125cd8bc23d16dc578db885a0db2c3aa3f5148ef6c9c061861ca01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579e43.TMP
Filesize
94KB

MD5
34a83cf94e4d995d3da6dd99316dfd90

SHA1
59a366a2f6195f80cc716fea6d3d00e8c7b08514

SHA256
b6a7c332d60f4cd53eba0147501bdf0e90dffadb0cf0a0d2c183060c7f250196

SHA512
36a9ec55d9df378210fe5cf87736be9aae4682436a221edc7defc3baebdb6e1434f140280cc9681f22b466692872fa7d509289456b30ec8f4c4f63891b1b19fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d12403d9-ae1c-4937-a73e-237a5264a8d8.tmp
Filesize
130KB

MD5
7f16b02c48764ab6167bc3c06261a91b

SHA1
71cc6f6c7d87a2086bc76226daec0d3b280735b9

SHA256
19575330f7a9be897662587e0215ac2f136746d66921fdd3529acca146420d4f

SHA512
fa7278194e30486f36fae691b2bf39ab68045f8407ce108d5ca0fc0297090ed57b1cb668f6d241cb640a02aabe67bb0d10346a6504e3737c293a4648cf4d8804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d5c43e03-1c56-45da-ac9e-8921471ca1ae.tmp
Filesize
98KB

MD5
94f6020432655d0ac719a1b890eba1ca

SHA1
a616bc620edb4d8a8dd15f82ead952085f29ada1

SHA256
fb718d341125d459173b790ba6240fd391f34d282ef2d08c72347da726ab50a1

SHA512
b798d6f35be9c9750ddb9f8e7d11d4809530c43de86050eb0da0d16978d540883e390b5c232ae5460777720d9102c44f637eaaaf5b0b683d0095b597ddaff346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
20cbafda9c36b32ca19b5f4b477e6d54

SHA1
c0e88423431fae2c5e94361d074fdae261975fab

SHA256
c6df6d35bf002305596487650aa97bb766b23075608ff24460e24ccdc1977e93

SHA512
ec8ed76b6e7e99aac8502f86673f75d1ff4e0a922e422be7f895fba3f802751118837fdd2af670b64291556617996fffa6025053eea8ec54088e3d909ecdb1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
67fe59fd783445a343c4d5585f1654e3

SHA1
6d58bab01da120d2861315f1bb72f8e8cae8122b

SHA256
fe67abc644294922fc80e737eb14cfe41d2288ff6c19d18fc9fda19809b2a7ec

SHA512
d54cb5362a3938ede27e3b614d17df23c69fcbd106f373bf0f5340b19ec8d0ef68d5ba85b6236af13765bc60aae3f66772914a3b7c95a4c9026bcde4aa057d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
88KB

MD5
d6d4aad48fc3cc13e8481c81bec1851b

SHA1
7da7eb815d14604a8efc88312840a571c25b118a

SHA256
5a2d55bcd9020066a3c5d1092943f79320fbf804d15684804faf44f2034ed831

SHA512
c30910ec2487d21f312c83b5d88580ef54545e6b8c8ddd18ca9e7693dea3995443f355e068f1502058e3f0242763ee7fbd1d5c04737d7e14414508acf9eec9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
5b197b338d99a5abfdc2e5e32eca41fe

SHA1
c1e3c3a2f9a09dd79d266c9519a6f5cc995aa706

SHA256
dd61890fbada899550daee1bafaf034232b2dcefcaabb095d57119db20b3e0ff

SHA512
df2dd69ee372c7913b3d8845a2e91c62cd89f8866bcbe98f062c15aceb3450f58bec3a8b7ff2cc15616c9cfe00e459e71d38001f4b13dc23325c89c779d5759e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3b5d395ada71ab43c65f7f842f088dc3

SHA1
3534abe7838d826d61bc920388212be296c855a7

SHA256
03ff84fdbf38844458b8b40ba316713ed13c0be64037025e66a74f9fd6ba1fe2

SHA512
0224bbce617cebc8a2ac2a9f4b55ec10c76615f53ddb7a2b469e1be2cc3b6d2c6906dccb1e867ca6695c103e2709fd129e3ccadb6137857f40b8baeaa71512a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b499371849dac92459fa5e458b98d964

SHA1
1a41d9cb1ceea93ff48ff2a7ae8e700939e5c0a6

SHA256
f381f1d4802d26f58713cdc47e992187ab42d03cdd662583867375f1029168f0

SHA512
5a80021bb7b14b53e4eefe2ccacd0badfa8bf5134290ee98a8c38b3a923dc94c0ff0b304fe75f8d4356f8a1e3d8b29650bfe6625ae22685de26cbe7c99b44753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a9211142819e0917ccda2b5d31823502

SHA1
d2d043c29be0d3d965ecc6765ddaeac146f6652b

SHA256
9417177d6063587d71d7197bd87e7309a83c25b070afd6dbdb28819b87a3d2b7

SHA512
d83662912bc9d2cb4d0907155fc0be6d2f8f67f169806cef86cc5480368930e4027ef01a7f938a115249b54fa5f6708f30e3457f63557bf70ff286b199c2e462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
29844d72feb2d1981bd2804661ae92bf

SHA1
2a0f69f690d9560b84d4717dd7f83c8a4469bf24

SHA256
511a718f115211f008a3b12769020a951a2cc7ba01105eb1857b73226ae99f56

SHA512
736f073a1bc441e30cb53d83320dab73b3b5218678da348eda295befc0b873bba4d6df4063ee6c4dbd0be9eb55bebba1c9b6c9e85d65a7d69c8a8d381318906d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
aa6046036f6470979621cbe8b1f8cc68

SHA1
e453217da2998c012723522d7fed9950d4ea4b01

SHA256
ed8b5ded01b3d87732f761426e1c4783df60cb925bbeb4d75b77a190f0c23327

SHA512
2c9d8876380c3d5468905a0ee0a667d1806915c9fd2839e96a2f44aca5b4f94e7cd3406163e5737ac78e65ea67ce85c8bd1deb69e226db8c760b5065699b283c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2cc96b5182a4a1c6b8b9a3f4f1a79732

SHA1
b2296b8768eb9088c93aa13a885675e49118e224

SHA256
c0fb387d10a1abf61ef015b4e120f24baa805532b55716ef19c7e10a8c29484e

SHA512
55b73bf2679b79f54f256966db5cab802ee844c9b1408dbdfa7a72785fb24dc31f91ea96714a339a5f5c0466b1be4c1ef34c8b50ef52412f34b812568ddc1062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d5ea900a23b3593a654c4eb299e2afa6

SHA1
7acea57fb7172ce4f8126d2019285fbac8d798b5

SHA256
8cf1f62905025e58f5f1fa0d8d54400359bacfd8b1ac0908a47229a6b51bd465

SHA512
b61e6fdbf120c096ff9377616513d2e5b1845c32e229b23e19d4af6079027cdd4cd6fc41d6407e1d441f59ba92831d26216d215f5f61699b5888db9bcc781142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
2e727f21bd5fd7dd0e73a8c09e3c0d9a

SHA1
f4b23aa5dc863fb25be585468435ad9f1af89caf

SHA256
ce5f1b09b199a5a9644a4b0c41fd14400a1da192aaa60b7e7808605389d4cf3d

SHA512
c0bada84b89434ba8aea7c47c72da949362001fa654e3cef604c1f6142692835248499941402ace17f56c4724a82dba381bb2b10f3edf72a136658d51216277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b9de2.TMP
Filesize
370B

MD5
edc88c75710c46ba9a5e131ea4dd6603

SHA1
3d913e15a5eda688a38df768b58af2c48de4e2e8

SHA256
7be37601e43ad5676d026d5bb821431cd2ef7c1387da3757dcf4e79e51f048ad

SHA512
8472684471697da55c45c6ba27e1f994aa17bf81e5d5fd8fb51bbb40e4865114434c7febe94d5a5d9274c04884933aa46be5d77a4b53538be6f571ff7e4bbd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb6e3ba4-bba0-4749-92f4-4756676cd80e.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fe78d1bc31a424d1eb47beff9086363d

SHA1
8e009e74c3947dd9d9d88b18561af1d3ca72d7ad

SHA256
c84b5d317e90c3944282fa6fe566ec554d71d1b4e911f9bce213c90bf8181298

SHA512
f02b9741bed05fea7277c256b6adac34f8c6f9c4175bcb1ce4b274bbe9930b3e2b498385d17ead5c8dac99ff45b135f2fcf1cdf46678da332f56d9b0d55dd7b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
88b2e96d74d44e98475f69f9833d5817

SHA1
2c53c07b1bdb7a5ca2ed51413d0e139abe93f241

SHA256
585eda2eabaa52421b6ab7fc355287734dd984a529577e5dfbfb169ccb8d565a

SHA512
d2db43be5b623446edac894dd6595b7fd6049d8fe3062ccecd4f0649067b1e89b5e46150213cf6c8814eaa0b12df4baff1c47ecb03da805fd8efdcaa999748d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
0ebe4be00eceb24f3f42b946379d3e1a

SHA1
88ec7718c2aa6e9800413218bae57e73d58705b9

SHA256
b996a3e70b325cc7670faa99bf826c9c7c250b40bc83e2bdf827016a5d56bd36

SHA512
370f56accbfef8446d1f3b8d2ec884e060e3bed56144c2295e6f9b44f38d6fecc7ff7076cd6c36ebe04597a6b4a92382f487b036008034f0aee2dd380671c201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a1ddd830cacc439f1c24ae691b60a37f

SHA1
34a96026469b833b0b8fdfe4aa72481a87b570a2

SHA256
36715aebcf1c94f2a8050f87bdf30bbf2aee4f16571c56bc0ed05c5db1cf688d

SHA512
03ed4fd296207cca0631647153ab11688c9e7c9d8f75be3621233f14a5306d5cad9346a30aad43e8f2d66a2fa22f604e82c5c6dc047ec914f01c0ded506253d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
ac5f2659f4eae6f6d00d1c7175db4d8c

SHA1
25e81a777a937d184982c1e828042ee6bac7c70d

SHA256
4f3ef147477a2b5758b207b148063a23dae09ebef2349fab222ebb9751827ff6

SHA512
e5555eb2ce908a022ef1884c2d616b697f51673fee39ac86a671fae44c13b8468040cbaaf2ca990818c220d9c6c789cf0000e5aeab2fb06a0ba52fa30d31c36b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
7bcc0fc97bca66fcb438dde0a013fc9c

SHA1
8e546bdbc9409303d5fc137fb925fabc19ce454b

SHA256
5b1f5a3a359b380ab9e42764c0f0b29eda7897cddb16609642764b3e2e2e493a

SHA512
426f1a0688fd1b9fa82e0ebab2091678894203f959f09fdc67b10c2817c6085bee4fee2a0ffe081609d1b6c7a7a4d3b4a220c29b66dfdf6cd4ff6372269b0c52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
Filesize
6KB

MD5
d239f2f52571abf0ee7be9902f3716e4

SHA1
d2d8d61fbc2425854cbda3180d11d4f3495e6833

SHA256
99fc857cf4c047fd92f58d68155054ba562435ea6a57bf246d105818a8fc46e5

SHA512
73f776429872f6014ac27a4f7826525bfa6c8e9de2c4345ded0bb4a3977ead5447527916cb29b25b0234e889ebc6a8b9d383402b0478233556ccbaee675650dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
Filesize
6KB

MD5
650e1564347bbd3a466077c681b6fd01

SHA1
d1c17dc83328ff452a4bc7b81ea4b14697c72894

SHA256
6f980f435d0399c93a98403d07cc847923c48606244f7bbb93fd197c5c5c8b3e

SHA512
9b601534beaf04d8dddcaa37392a2c85edd5782a6901f8ece1ab8f2b0f1546523a5de879abea2283b50e3718cbb0430287944d447fddace2bfe3a6c17666a4f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore.jsonlz4
Filesize
902B

MD5
563292b7ff558d503ba8c9263d6f7e4d

SHA1
460c93e32d9716b1562bfd3b5f619d599dca4016

SHA256
0669c07b5c2d1114011b5f3a8c5f806d0cc1859eef76c8485bb832ba96300456

SHA512
fff6374a689cc4f58c433cf0c728f838984f0a8d9c01bf746f7ed5e29c4088976f3f707f485b6edac52c1469407ec2777f24dae48aac1e9c00f512dd4cb787e0

Download Submit
\??\pipe\crashpad_3444_IPWQWUUXOQBQWGBL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1116-1315-0x0000027C34F10000-0x0000027C35122000-memory.dmp

Filesize
2.1MB

Download
memory/1116-1317-0x0000027C34DF0000-0x0000027C34EA2000-memory.dmp

Filesize
712KB

Download
memory/1116-1312-0x0000027C19D20000-0x0000027C1A6AC000-memory.dmp

Filesize
9.5MB

Download
memory/1116-1313-0x0000027C1AA40000-0x0000027C1AA41000-memory.dmp

Filesize
4KB

Download
memory/1116-1318-0x0000027C34B30000-0x0000027C34BA6000-memory.dmp

Filesize
472KB

Download
memory/1116-1314-0x0000027C34C10000-0x0000027C34CBE000-memory.dmp

Filesize
696KB

Download
memory/1116-1316-0x0000027C1AA80000-0x0000027C1AA9A000-memory.dmp

Filesize
104KB

Download