asyncrat | hxxps://file[.]io/g5N5Kc9aZ9jy

Resubmissions

20/12/2024, 20:16

241220-y19ptstmeq 10

Analysis

max time kernel
116s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2024, 20:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://file.io/g5N5Kc9aZ9jy

Score

10^/10

asyncrat default discovery motw phishing rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

wB73NVv02fQ9

Attributes

delay
3
install
true
install_file
nezur fixer.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x0007000000023cef-348.dat	family_asyncrat

A potential corporate email address has been identified in the URL: =@L
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	nezur fixer.exe

Executes dropped EXE 3 IoCs

pid	Process
8648	nezur fixer.exe
3444	nezur fixer.exe
1068	nezur fixer.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
489	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nezur fixer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nezur fixer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nezur fixer.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5732	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133791993942240724"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5736	schtasks.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe
8648	nezur fixer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeDebugPrivilege	8648	nezur fixer.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 4480	4188	chrome.exe	82
PID 4188 wrote to memory of 4480	4188	chrome.exe	82
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 1452	4188	chrome.exe	83
PID 4188 wrote to memory of 3600	4188	chrome.exe	84
PID 4188 wrote to memory of 3600	4188	chrome.exe	84
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85
PID 4188 wrote to memory of 5084	4188	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://file.io/g5N5Kc9aZ9jy
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa99aecc40,0x7ffa99aecc4c,0x7ffa99aecc58
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4688,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4860,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5180,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5136,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5412,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5620,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5756,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5732,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5920,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5964,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6320,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6176,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6304,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6868,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4724,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7148,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7132,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7412,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5004,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7688,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7432,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6576,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8088,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8248,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4488,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8496,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8520 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8716,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8724,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=9000,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8836 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9136,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9120 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=9284,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9268,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9420 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=9408,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9756,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9712 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=10124,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10348 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7088,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10352,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9992 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10012,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10488 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=10332,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10316 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=10136,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10612 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10780,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10312 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10944,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10772 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10516,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10504 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10836,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10656 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=11432,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10968 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=11420,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11504 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=11648,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11652 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=11796,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11816 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=11376,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11492 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=11848,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12084 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10916,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12092 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=12112,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12312 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=12068,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12460 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=12364,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12220 /prefetch:1
  2⤵
  PID:7188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11072,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11084 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=12724,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12348 /prefetch:1
  2⤵
  PID:7308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=12968,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12976 /prefetch:1
  2⤵
  PID:7364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=12700,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12716 /prefetch:1
  2⤵
  PID:7380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=13188,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13216 /prefetch:1
  2⤵
  PID:7392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=13200,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13356 /prefetch:1
  2⤵
  PID:7400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=13380,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13500 /prefetch:1
  2⤵
  PID:7416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=13652,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13668 /prefetch:1
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=14064,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14092 /prefetch:8
  2⤵
  PID:7712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=14056,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14220 /prefetch:8
  2⤵
  PID:7720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=13004,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14404 /prefetch:8
  2⤵
  PID:7776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=14412,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14396 /prefetch:8
  2⤵
  PID:7788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=14692,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14700 /prefetch:8
  2⤵
  PID:7796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=14844,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14852 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=5128,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:8104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=13648,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:8148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:7764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=15124,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15140 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=15160,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=15292,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=15316,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:8016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=5176,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15328 /prefetch:1
  2⤵
  PID:8024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=15372,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=15480,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15472 /prefetch:1
  2⤵
  PID:7948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=15676,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15672 /prefetch:1
  2⤵
  PID:7872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=15792,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15788 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=15960,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15972 /prefetch:1
  2⤵
  PID:8216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=15192,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16120 /prefetch:1
  2⤵
  PID:8272
- C:\Users\Admin\Downloads\nezur fixer.exe
  "C:\Users\Admin\Downloads\nezur fixer.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:8648
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "nezur fixer" /tr '"C:\Users\Admin\AppData\Roaming\nezur fixer.exe"' & exit
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9132
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /f /sc onlogon /rl highest /tn "nezur fixer" /tr '"C:\Users\Admin\AppData\Roaming\nezur fixer.exe"'
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:5736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpFC52.tmp.bat""
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9156
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 3
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:5732
  - - C:\Users\Admin\AppData\Roaming\nezur fixer.exe
      "C:\Users\Admin\AppData\Roaming\nezur fixer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=14840,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14856 /prefetch:1
  2⤵
  PID:8996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=9780,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9844 /prefetch:1
  2⤵
  PID:7208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=9956,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10380 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=3848,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13904 /prefetch:1
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=9916,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14868 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=1044,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13892 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=10368,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12116 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=12636,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12680 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=12604,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12656 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=14836,i,4552433524208888,480510854650921724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9816 /prefetch:1
  2⤵
  PID:3452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6472

C:\Users\Admin\Downloads\nezur fixer.exe
"C:\Users\Admin\Downloads\nezur fixer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\000a84fb-f833-4d3a-9ae5-4f1187130f05.tmp

Filesize
10KB

MD5
b82b4de50d94958c6bd6ee7188828935

SHA1
63a3619c34a5c580447522d5d03b21a2be85fde4

SHA256
c8b78a7111beb70800bda4509c2c9a78f11a78aca6630698d150b45adf55989c

SHA512
fce27113fa62b5a1b31d5ff49f59c8f043a302a51c81d0d6b938d6936dcef6033b72a510c412811b6854a10e0f31b917da213c9049b585f3055c894029dd667c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dc1ae3b92a43d3e7137b024705c8d64b

SHA1
545a2a128239efe10ba9cc1140e1bdcda1a2ec56

SHA256
0a8545fa3283ce2e2da598373b87da7d1a695f4b664e2db812218cca3d86d859

SHA512
9bec1c765f5ee2a962e5ec9ebbaa0df6883ed218e6b91844750f96daeaf23910a4e7e8f81082adf8733a72f692738720eb9f129772bfbfd9259b59a30de1e2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
33KB

MD5
256101b5ec9414e0323596062982bb89

SHA1
23cdb32e1a8a2e2583fb172be9792818cafd86a3

SHA256
bec55c6fd1b96109474d0112d017ceef30d22135fa121b1695ed4e92301579f0

SHA512
5d711044952f8837472d15def784d72536d3d6698435967590682a899ff026ea502f180658806496e506c2ae7bdc28d8ba1c8479405038eac6cf040bebb10980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
20KB

MD5
49c61a9c31b4b8a59171e13070683cad

SHA1
4d91c18941913b2ca260b877f924a44543826923

SHA256
998967f4697b28aabf6997d03df5a913f6f255a3b3a407c37f60278c4c523795

SHA512
c7fe90181791222331be6075c0d66188fd5f15f3ad2db31065b9bc1acc3c013fc97b9bcef1e9195176ee3aff97d36395da923aa40368fb3498b036e55aa5e878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
1024KB

MD5
722a5c8e9a28cf3220825f4e555176a3

SHA1
c662f0371ee534a0e20b1b9e6a5f49e4609fb86d

SHA256
21b7757220221262068a3943e4c7ac09e690e65c40403f3a20af4f58d1e5cf81

SHA512
0a9cc0a324b3bbc7046be76103ea9c909d6bce6017cfb7c409344d7610b8d720be6e115775ff56b4ade6e304e69cdd944482d5f2511865dd30bd60afd0282291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b4e5802bed96785c_0

Filesize
291B

MD5
584ee8f629dc015cc6abdf0fe4ecf42d

SHA1
895a11bdb6a9fd0c9cabb23ef4afd13f8bc56b16

SHA256
ffad54209b75bd391af5b3a080fcd4ae4a960dad3a11c829c9ac4f2f71f54825

SHA512
53931e113fcc027ad33e365d284b7d69c12fc98c7a11d998d06708c7359521c8a0596928603e7386925c8e81f4d87217118cdd7ddf34ead014ed7aae424b8fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d8d10605ae3e9929abece3a50c129255

SHA1
c1786dea5aa8a5494e670d917905614875e81d32

SHA256
ee3e1cba05666ca5653fffe2dd3ffbbbcd1dac846c856dc7936e1bd0f91782ae

SHA512
31d1808bc08c5ffb9c3bf64d2d6399e2d19e7aa8bd0839244231edb0708a56f56ad4b8bbbbf02246627f305c95e88e1af89efd372a36c09d85773a9060fd7521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
34KB

MD5
8f92cbbc6496f95a4f8bb19e1f5e6f18

SHA1
b29545cc223004e9e46373b41d355379257e0654

SHA256
34044e01ee3ca96edca049f1c6db439d3ece70a375645207aed8b4f145f3a354

SHA512
2cab9f6e2cfa5195580b4e94c1af291363887efc530bb7862a76afa9e8105bab75bd9a6fc426d78a453c08e49432846f43a0f0eb935bc30fb8eee1a971fa6586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6cd19bc556208322ad5d119eece36f59

SHA1
70fd5377cf52111215f71d1a39393bcc381d8db9

SHA256
2030bbe7dd1f523665eefb68a1dbae73303d2af4fc3e57ba4b6034a235cccfb7

SHA512
0f1459d0c5620613b472fbca1769eb55136cdab43160fa69fdffe598a61757e5a74acf5c9f551b6db7544bd17a2454138c4b97264d2ee239de216a8eac305156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ca90629f5ce481db8c82490f06f132e9

SHA1
be7ed05567000939b809fc1364a86490ccb09e47

SHA256
5a292965b5fd09c49f9ce3af082a44f15cf20a988b3e997d12be1020f0b92013

SHA512
6a3a89634b780dd220dbc738bb7623080f406237575f545d3611b82e6f740c42209c5181849737ab94ca9a0280bf1aa838de25e9fba612be8ca5267c0eb42677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
427af0fd7d2227f95ad11f2537ecc1cc

SHA1
fe31f53fed787221a5bf836697cce255bacfe557

SHA256
75cc2d38a9f7c0ccb180eafbc2604e43d7111a0afa803b3584d3c0e198fb0501

SHA512
dcc5b107373bc811f6539d5b0e0a89b030346051b7c6472709cec3a3ca616c79ac8de13d03260c138c3e282a21660b43d2016dd3e20d0ee297ad4ab434c78144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
aa4dd95b7b61102982a55d1950bd6ae8

SHA1
d7e8c4af9807fc0ed92e69d208479180c163ea1a

SHA256
a51dd869381bb3bd87ab0d25536b6b36d76954d009ee6f52c4f017e22dedfb27

SHA512
7d1c651d45c2964c7b88b115521cd7854c8acd51f8a6e4f7e46a726f8508c32161a381c17dbf37cd04496ac9992a703df2a2418bc8bf5fa0fef8bd165ddae9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
96e2ed46b182f0cdbd8af50651cebc7c

SHA1
acbf909721c1a2a3aaf4c80d4d21918cbb96e7d7

SHA256
73ce8f5718e17b55d131eaded4c30fc164221247842ce21a774f50aa31f6dabd

SHA512
f0404ef72ea31d5a0f515d792996a84a3f7ff0194a1e52beece2192d2b67701f79f5c173c3e48782c8f79925f7c45c591a35c13e2f88f67d691b2deefa28b4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9c826d097b6b12a51d2f83a69067137

SHA1
20126fac0251883039aa57f6548be52611759d94

SHA256
f90a4fb946f5dd25b4c70b2074853392d785a09821c7deeb79a102c8d4e97c48

SHA512
f67f7739dfd464ccbac45fcb73badfada30542f066600dee805a161106fecefb025097a336eecfe068eb680f4a4eb806288d1e59353bc68b45c439c3a61b93a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
628291d2af9671dc0f1ed18a07daa4d4

SHA1
6f3c52d16de6d9bb4b00436714648184461c0a44

SHA256
873bb85b7a09fe279d0e92da4e1653d4aaa679d7537acf42a8e453fdb87717d2

SHA512
c5a7244b5b243f5ca4dc5ebbf123d2225e7b261c6a46ffe03aa91e3d7b6b75e371139c40c21c5475df8dec1b584e54ef31e9221d4bbd7af3720bd661c0fb3e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
660d3050704ba0e1cded5d282ff36407

SHA1
edbd879cc8cda2d505130b209a754adf91318dae

SHA256
53923b56a877751a6f9aecc9d5d9b89ab23abd4877d811c0535e6bfd65bd024e

SHA512
9a44a62c4fa38aa20f61a67c979a9b82680dbfdde5a35d537e6f199e154e28bdab9e86b3f1b829c7875c263d06f8083d2b7f600b90389ad50ea5a1b8f0347f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25b6f65fb2be2b8bd352f31bf3c0b4b1

SHA1
a2f6fcb5d532e7b6d8b4d7781d729ebe84504d16

SHA256
b840fc9bfa658513d126a8d9d3362ffcbf6e1381f7a0ef76bbdb7c1f96f525ff

SHA512
2943869b51ddd640c69388699ff2702faeeee62c3a2895300017508773eb0874a8e5a4706ccf8708bfa9b542210241853517f55987b0066a9e11033d793178d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d86aab99a036598ddd0708e5567485b1

SHA1
acf1ee261dc139609678d39f2e80e4029681a43e

SHA256
826905048975308ded1d1e20412e1a7a41b450f1c0877522628e1e23532f850d

SHA512
8ba4608d232437c14bc205a1b1deebddffb4b683f03739b9d48e12bc2c576b8ee84a13cf6f93e0d7fce540fe0d95441534fd2300680d1eebe378dcb1fe7ae373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15d4e1e50184409980d2ceff243f3a58

SHA1
87fdfe8b7c5a1fc675851ae600e3b7c0a9ceab0c

SHA256
9d02bee58cb4067eb0611856632be53fb2491b5c22ab57c2e36d6c81a1a26587

SHA512
22bb0c50c904436c9c370756d0a6ac508d417e8c991d6c5b437eece100dd263152bb69ec9f530ebcd8af4e4b268a566453b58db87ba0ee475c18b75f3a872c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f63e5963-c021-4d6f-a4aa-c43144313d79.tmp

Filesize
10KB

MD5
3d9be20a76e4c6b3af0a769ed12621b6

SHA1
b2f1c1d52fa3e688e92ab32b9f366b59721c8a58

SHA256
b5f2fa9f8f95186d525a6b78d492b34c34a9464313da58f4d271c89545d76fb6

SHA512
2a8cb6b75302d34fa538d9fc3c9135fac8dde74c00d490bac38c4246f60ad403746aad636a7027f4ae7c85dfa88b335a7fa6917d186609c5979b311b85970c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
dc6cf630245b1e72ae28053d2282bfdc

SHA1
9fad26cca0ee835b3931a21d4ab73aa3b7b6e066

SHA256
eeb11d80b1f5697c06d4621ddf862b45390a88fc378082b5de1c07b543bc325e

SHA512
6d9b1dde788712747017a2556c9d53d5339c75074f611b012ac10ca7bf69cf7c26c6a9a070880e0949663cb9a220b191e9f5d16c5040d52ab20ad444737b8519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9c209d907d2dbd75513c469057c22844

SHA1
c501a1f3fa620514f623f99df3b16112f7ddba07

SHA256
01b3e6df7e9ee2b3db09b39bd77ebab78c1e7b265c7514d499c7ade3db3ab994

SHA512
254e54206bcaab45055c5bd521679358ee0e4b264bc5579692bfbd036dcfd67ee2359d2a8199ead8b0faabf7a20c12067e5a250df1b30e64c61fcf79694305d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
bca55be4912a3c4b17f81546bfb43b03

SHA1
7ff5eca3d393ec04d63d14fc5e464db09569bede

SHA256
89896d2cafb62fc41b3709fea655a715b751b1b72919d85c2855fd1798660e8a

SHA512
253aa1100d01541aaf0fbe8715c9ee084aec462b5c839ee4fb5eb89ee12c193bcb5938ecbd5025c89161f3a0ce57e8fcc91181c102cd5168cca768c73dc5fb49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3414e085a10ad820243d25406b8716e4

SHA1
cc8c3d767e6a87498dddd45dd391668749eb5627

SHA256
e2b235bd16b4a2a5162c35fbfd50aa5f3d8c46667240008fcfe7b1fa72d58850

SHA512
d7ae5305d660bf5385711352cab3ee821a446828006caceb1cbb78267b769f6e087bb7206eddc448636dafe8537b059583abaf97ba9b29ee335e237531fd7e53

Download Submit
C:\Users\Admin\Downloads\nezur fixer.exe

Filesize
47KB

MD5
0c58010dd82cecace5bf2a446bcd178f

SHA1
539477f9b25b39cf644ed9317322e26506bddb3a

SHA256
4a11bb479fe492a1394c2f664827df955a5c956a28e1890d5c4e0e204a1b2fd9

SHA512
1035c50333ba5400898454c0bae809e43a678848c494b2f93570ae0868634a7aab3709270cd9fc5b4a86ed38be1f150244623f26247afdd64474154d49a58eb9

Download Submit
memory/8648-414-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/8648-400-0x0000000000AD0000-0x0000000000AE2000-memory.dmp

Filesize
72KB

Download
memory/8648-381-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download
memory/8648-415-0x0000000005490000-0x000000000552C000-memory.dmp

Filesize
624KB

Download
memory/8648-420-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download