quasar | hxxps://file[.]io/yPHIhakvXkIP

Analysis

max time kernel
900s
max time network
894s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://file.io/yPHIhakvXkIP

Score

10^/10

quasar office04 discovery motw phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

10.0.2.15:4782

Mutex

4b84a619-20b8-40e2-8cc5-ca041664030a

Attributes

encryption_key
B586FF2A75C4AA083FD785DCFA4782395F6B94AC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/8240-381-0x0000000000D70000-0x0000000001094000-memory.dmp	family_quasar
behavioral1/files/0x0008000000023ce8-383.dat	family_quasar

A potential corporate email address has been identified in the URL: =@L
phishing

Executes dropped EXE 2 IoCs

pid	Process
8240	Client-built.exe
5180	Client.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
717	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796073082135157"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
7812	chrome.exe
7812	chrome.exe
7812	chrome.exe
7812	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeDebugPrivilege	8240	Client-built.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeDebugPrivilege	5180	Client.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
5180	Client.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
5180	Client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5180	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 4912	1612	chrome.exe	84
PID 1612 wrote to memory of 4912	1612	chrome.exe	84
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 2968	1612	chrome.exe	85
PID 1612 wrote to memory of 4460	1612	chrome.exe	86
PID 1612 wrote to memory of 4460	1612	chrome.exe	86
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87
PID 1612 wrote to memory of 2888	1612	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://file.io/yPHIhakvXkIP
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb566dcc40,0x7ffb566dcc4c,0x7ffb566dcc58
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4552,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5012,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5184,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5332,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5344,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5484,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5732,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5916,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6064,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5936,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6252,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5928,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6656,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5024,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6948,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6932,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7108,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7256,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7400,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7544,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7684,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7952,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7984,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8124,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8308,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8312,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6200,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8708,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8816 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8720,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8996,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=9128,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9120 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9376,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9392 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=9416,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9384 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9428,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9560 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9692,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9672 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9724,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9740 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10112,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10064 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10272,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10284 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=10428,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10444 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=10932,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10972 /prefetch:8
  2⤵
  PID:6460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=10948,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11100 /prefetch:8
  2⤵
  PID:6468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9688,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10588,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11524 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=11712,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10468 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=11836,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11832 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=11656,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12044 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=12020,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11960 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12268 /prefetch:8
  2⤵
  PID:6720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=4668,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=4728,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=12436,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12568 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11276,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4428,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12332 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=4640,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12700 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=12468,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12916 /prefetch:8
  2⤵
  PID:7320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=12456,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:7396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11132,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:7404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7824,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:7508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=12328,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:7516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=12948,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12944 /prefetch:1
  2⤵
  PID:7620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7912,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:7628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=4404,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10496 /prefetch:1
  2⤵
  PID:7728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=13060,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:7820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=10456,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13236 /prefetch:1
  2⤵
  PID:7892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=13212,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:7900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=13068,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13508 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=13528,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13640 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=13812,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13800 /prefetch:1
  2⤵
  PID:8120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13936,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13944 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=13524,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13780 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=13664,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14248 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=13660,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14212 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=13096,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14492 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=14620,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14244 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=14104,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14776 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=7812,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10444 /prefetch:1
  2⤵
  PID:7268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=15164,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15184 /prefetch:1
  2⤵
  PID:7816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=14944,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15328 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=14220,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11360 /prefetch:1
  2⤵
  PID:8292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=15104,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15108 /prefetch:1
  2⤵
  PID:8300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=7612,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15364 /prefetch:1
  2⤵
  PID:8404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=9548,i,6127137139666861658,865387878836189347,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7812

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8692

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:8240
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
1024KB

MD5
722a5c8e9a28cf3220825f4e555176a3

SHA1
c662f0371ee534a0e20b1b9e6a5f49e4609fb86d

SHA256
21b7757220221262068a3943e4c7ac09e690e65c40403f3a20af4f58d1e5cf81

SHA512
0a9cc0a324b3bbc7046be76103ea9c909d6bce6017cfb7c409344d7610b8d720be6e115775ff56b4ade6e304e69cdd944482d5f2511865dd30bd60afd0282291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
efd179478fbf91ca3b9a23dc00f04103

SHA1
f049d221484fd4787596618b3bba3ca55c978cbf

SHA256
3c6d33dc40e29edcd6783b0c474d46d5e6ae3564fe6c742ff8e5f933e3250ebf

SHA512
a3dff060c49f2a4ef8e6349d0ee7732c9a575750916eca9e8c8cb01ad80f79b998eda05467becd1b0437a6c7a7b7ab4db5acf253975fccede6417d956816dd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
36KB

MD5
bb6da7406dc64019c1e40e7f68bac19f

SHA1
f4abe1e8c012d21780324fd31303c0742cba6ff0

SHA256
a1948fa9c028b680e788b15fbe142f89a22a5c0bb81d99d415ab37cc8fc3bcb9

SHA512
dea74d20f06ab3b73b860257e1a68ab7dbd8c4f83bf55041d5033eedfcf00eb255aef6430421447dec3e49968a59fa6a7abf890f36fe8fda33f72a22d747b598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
b7ae5c9617bf84a1f8539a44e4b7c770

SHA1
4d8d5504850e6bc730bf3631ddbc8dff08cd8b8a

SHA256
3233df1f833110b702e1d7f224f33baa12dd06891a30196d76ef5d8a84c549d0

SHA512
6d1b9ffcae81b270308b5907b2f43da02c011e84af7ef9f738f1b8e98436466f84edc6b8e9c9e1dd475295a8a8d3aefd3c2fe2b123834755aea9ecd6b6add341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
43887ed4bf2e243c503536a3057b36d4

SHA1
e7c7d3a2e3d8b9ae2bd611c830f00a83b8e69e20

SHA256
e4b7431b06fb09e3ee3753979bb88b68daf51bbfd0c0ecb8bc90b8f1db7401df

SHA512
13bd0856a51ddfc41900bc6bd839bee502e5eeb5c509172a34b2c9b11bba5b57cba346839aa2337caa84c75318a63a6de91eb13b25ed065cde1a6f7e01ff1f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b26a09d9648517b08d3925b0f78febc6

SHA1
c5cb99d36d9e2fce1062fc4aeb42f1be3b88830b

SHA256
48e9122407af7d5d8896ea5c5aac967c6de7d167578a915989e121ff6ecfbfaf

SHA512
002cd094ced78b524554f478a18e9e9900af9d08b78ab20f3b0faa8732f3ae6a13b23526df1004cde28cb95b2beb23a954564d89750c2ef635d5f4ac773c7f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
afc0ef68d414b91d08172e18db38fc35

SHA1
f02373f0726a0b4245af5023c2d03f000914523a

SHA256
7473342e5837f173dc84ad088edcbbd33e376ae642b767aa0c38ccf6fb5b7e1a

SHA512
6223040d31ff662057849ff174ba959ea1b4aa7250cd60e1527c8913ca5cff3d669a35c08f49bb3e8fc857c90be2a4083539b526c8afe6e1a59ed272d221bbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5cdd60abbc48408dbf5916c6e4ff0f2

SHA1
22fba643862a3452c6d0bcea66e567131fee455e

SHA256
b3dc5940eab07f446757706894b1b13eef481480fea16afbac019f23d2c3aa7c

SHA512
2679c46584628504e7ef48fd5381eef12c8834b5c53d5e6cce5f5ce5dfbfe3daf3c2c79a87955182e91fb2db0fedd3f8ec8134494b141081c39333539062e057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4807735098bd5eecbec8c6f4d73aa531

SHA1
17d4be597330558fbefa75bd5f6507d8037fe981

SHA256
3c6696b8c3c736b247ffe3a7c07dfdb62a1a94566220eab8c2e6aec1056d913e

SHA512
43ac87ed985a684a7848cf6c01abb95de34eb1cd6e31e77df2a44f0c429c537a09a7f516375bcfcc8888c3118bc45176f012e8495e248be20509b54ef7d0c570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e6a70a401fbc0e17777d44319db2dc3

SHA1
b980c501b66ced12a27071c8b3affa69133b624d

SHA256
6afc8dd34542ee179936363eb2919f2e009a11306acc324e0dd6b2a284306776

SHA512
927b4468e84bbe6ffcb82049b2ab11266817014ddb8d4aad94c655551795fa0815b5cee0e35f9dee513c3e7937869555a3aeaa2ceaed827975b1fd92cf10d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff915077ccc0eb0c612b66dcbd5df828

SHA1
d9ec8cd3ba9bdab010270479b7c7b85c21d4dceb

SHA256
88dbd49aa9032f824d59207ad6252adc9b10eb7f1916ba2699e619a3c077e305

SHA512
d8e5c9b86004abf168b8d29eb34f2cc872f6e26282741cb8e389a76be0f11ab222be6a6b1deeb2c6407ca7199c653fb0d06aa16b69a05360b9c1368c2bc34de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea63c9f592a30518d53253bde06083ee

SHA1
f3451dfadf604eb9baa7d6a35699bca1f60782ea

SHA256
d0370a335f7168ece5edc2d3ef7e5e90471f1cd830acabc2ad41c213c5f5cadb

SHA512
4b5a035911e26ad92e070568fb80651ce839b1a23c0fefcc8cd37670e60ee727579476d5c3acc0aef98fe782fabdecdeec8dbebf37de9c2af25a2ee5b80c2b2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3b8e41df6d63e2ad2cc5dd6c726fa85

SHA1
533adc4eb8108c10e428a638797ed66fcbd80028

SHA256
cec6cfb496973e154eedc18a003ba89ff65571eb624e6fee289c48b447999886

SHA512
abd6f4a057532c133757558c0814296fd96869bfb4e7d836cc31bab4283d8a7443b8ac08ee0de084ef6f9fa998a393860c77845749675fa51bf65f976ce55162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1e9e9319fc6e68a287d0b99a2efb5c5

SHA1
09c96f6e86d788809c65d8a678f65d737b2e9816

SHA256
6c5aa7a878c5458f25856a5790f0c6b6a957e071e6fa8c2fc45423ec6a63a23b

SHA512
73cac35f62f4582fc9269d820c87f1a6b44778dae60777e514d2fb673a943b2625ae0ea7ed896a8e08abb5691aa7175439801c095e3535f6645700bf1b379d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24d486513d70f1fbc4f364df66e4fa99

SHA1
b3a328397d3f3ff10e4a344fa850f42d8708a42f

SHA256
da80a119bfad9ec034ef9e1cb00f856217187d4f3ac0973477df9eca50f53838

SHA512
76fe62d53a05975bd4a1eabdd2554caace0ae572a5c84d0025e2fcec04f371e60db8fb346604d62f2054b30a00a02f8f4b84747bfdc62bd4113a92e502e3cb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa1b395b28ea7b601546a3c96ce3f3c7

SHA1
e7ac7859b546808410cd0aae74beb62f27d23705

SHA256
cf0747d67ea777c763842f5ad305e6a90d30f44cc15f2ea3f39aa8ce45ac93e3

SHA512
c87243ca7d61ccae9b1c75497c4d881d7656eb2fdffaeefc8726ae7b8b1a416a357cae50696abed128f1cb551c0df20ce2a4818ea99a7c6cb4c3d664f6a094fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d93bd2e3ed42da1075037253e4ed102e

SHA1
11fb94b1146273d4b6164376ffaf526ed911b679

SHA256
210ba4950281f8071f04f5a067867884fee650fc5ba35924836ca8914724cd60

SHA512
f0ee8f4b9f0719e676c5b9f6607813b3ffb32f85509b99edcb6c797fcced7a587bc37588cf0e15b6c2b15688e72c634a18199eb54379e1179c7dc26c04a1afa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8701da4e4e58bcc6bc5652d7c3b3f456

SHA1
63ee1dd31a8cf50081f25a3fa377a10a4c8db6e1

SHA256
38cdec7c8e2a721c3151c6a9741abefdf2547126c19b4bd6fcd7f19b976029a8

SHA512
55abb67ea2dbcf936df7dbb9549e37022ea63d65f5312208bda23910558174ca217a1c2cd48b24ce49f02f12f20b0cc33ceac6b6b9a65deb26fc9d89f1d26e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
514bf8e43f9a01f6a77e0aa851f24a7f

SHA1
03a72cdd83418123fd398da8d4c8473413d0e04d

SHA256
0b9d9f56ec494add256c0ef805f446da40396742a2cc467500c9aa7a34a64ea0

SHA512
427fa7a52e3cdfb394d0a44b5b82f9c812fa9082773ade20bed14353f97e8dac1ea17037d836d976f7519b2f3b6e61539b3d63433448a4fff58f5b721174778f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea66ed218d2676d1805dddad5ba586cc

SHA1
e7fb5e16e6f7e81816b519404de99eb877ae1f5a

SHA256
7184385048fe3feb968fe98c935c3a041e6e3d27e371ae29b5b68a1734881a2f

SHA512
4d3b4130cbc8fda2b0b320fb0b94b3c3fb8e254db45849b50275579cfef30da81431ddd539a25a7dee88ba824c5a3143aff029531c0d2112b36a99e1d6cad9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
477b5b5db110641b8edf0f9150f93ffe

SHA1
8316c5c67e9647796cecb65213e72cbeb5cbdd2f

SHA256
339e2f6ecbcaa221c02321163faac90550e5b06a42af43a14b2c1957ee3f293b

SHA512
777bf1fa18184d7f44f68d4d56d487eff29dbf392c42df845027523836f529afdaa3220bc49766ea8cbc7aa801df3a65f50369563d261691aaa7842e7e4a091b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
004f149cf724d9173e966e1bcc42b28f

SHA1
12fa4a42f7178695525c92d3e93f451d96d7026f

SHA256
420115dc8c9b0453fbc6b0f4b9c3ad0fcc287ee5c0e79f42372405787e77871a

SHA512
facf0edfad3de479c89aa65efc48831845289b15322465112e59575e216b68ed93db1a5d24f42159e193263393c2568a514c0e6292590c0744e43b588460d5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a092804fef4dcbbb916fbeaebc17a66d

SHA1
57d75159f010cc2aee79695cd5a54407787fb4b6

SHA256
c83b2eee09bd3516c8e26811d70136c3465fda39f8a06f85c5d2d5552442de4e

SHA512
1f396c228358ec8cccf2f89f593afecf79ab03ad56cd57d44e1bf57913c34ad554235c9a085de6e54b2c8872a657bc31a1b3a97ef477440660f17f04689c267e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c2d9adf3ac4845b8433b9c2681644f0

SHA1
83830ac14d4f8a6f25ca0389ddb043f536c4eb10

SHA256
bd924394f4f52aca5ac762fcd42669118e7b64cbc860873d04b41b9f36baf721

SHA512
25c8ca97dc6643e8ca62532ba26d0ac8b394b3761a21da17e685b052e897ff2c71aaed6ad0834f97ce275941b607a46104e6a478e85859beef7f4996bdb5fcce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e97ab33c4607407f3532675ba0016c16

SHA1
498c6d43127e5b04397a5f1212092d89daa4d901

SHA256
b3d5e414c8bc39b10da826a1c8dbfe223a30560f34f6490ad0143e43f1d6f840

SHA512
e1080ea65f2e15d084be34566e56c2b54fc837acb82f0a0b24f2f11a774ce04cc374c0cf081b14e7aadc2fdc2131820c818ffff076447d32827fa6053f6d0a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2eb50d72e119aa8675f0be338e493d4f

SHA1
bc9d00b7d7b4868f456ccd605e9625c9de53b0f6

SHA256
12f122c995c3c607634ae3e9183c5e1fed8973261fb3055200e9b371517155ab

SHA512
827dd74fd2295706176ab85c8d1d707cdcaea3accfc0e4737dbc161a4fbe9df83c6e1ce46a27b3de7a1ddfdeaa719af501847b8c32b82293bcf8307d7b9eca8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ab6145a5462b806f96cc5aef4b416e6

SHA1
0c204e7a269b19459cd99217b34bd47670b5ef21

SHA256
2ab0e498660f34bdc3b05002b0c8fbcb8172e571635c1bb2f348710c9bab091b

SHA512
da84b9747d8e6bff35ebe12f76f831f06695110dcdc0bbfdd420941432efe64cd22a9b4d6d463814b467e76c9501f8ae170e3036987dec918019839413c5a8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
979255867143af752a0d21c0f4f9cae4

SHA1
15a31f115f91e61e304a5b02c732c0e6dd486823

SHA256
b3e51a48b9e64fe27a04a1e03ac3af5719a781813d83c2c4c67538a236f8bf50

SHA512
266aa9785d2f391465326cd499aaeacf9b674035d0b24e5abadcc22668a7305510998e8b203c152fce8d25fd527f0799ed1ce503e9f9e8a1481398788a690687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8196fd60b4a17de97cf1ddc5c31982f8

SHA1
47b513ed2c1257adc3c031a5cbfa82e899015800

SHA256
f0a3aa61ccceccc44cd717ac5fb45863c1710d10377a6a67dc58bf3b3f499259

SHA512
219e3274232264a805f86710558bcf8df13b329cd716f06c0e7e0b5b29d5b076a035f69cbe63643f22d673508127e83ac4fb436b9e0b1671cfce314c9ef25789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f1aab742b5c68c3a99fe1ac1b121ec0

SHA1
3ec054db960755fddf513de452669f71321ba25f

SHA256
28d95d3000f2be618055eeca2006be75fe4e47b88e2af8efac87ea8b87fe79e7

SHA512
4383e456e2063b4e3bbd3325d588ebfbe17636faa17f22e3cfb093aa90a93bb4642f83f9cb1fefe871baa0470bde20c8584605db8200287b174e77e5c8fd589c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa1bf3e504b66514dafba5a8fe97e8ad

SHA1
05cf922d843b6b0be260914881d634eed399c73c

SHA256
4a9e115748db392c1b351ad2f036312a2856d3da915f601ea47c4d5193aa8734

SHA512
09b92f08719eb3211dbbf0d4635b7f3a2b5d8b2954c7c691027a6b4e5afa05751109f65d1b9425002636ed3ffddd17ef3dca76aee472138160c939d3e99add70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
736c57a5740b1dd29defb249f405e68c

SHA1
b78bd2c5ce056853748c0a99a69fe4034a4a8e68

SHA256
80d04c9a687d7154dc412f5466fcbed96c74e36496ad4080fcf52d7dd1fa7407

SHA512
a19bcf1b06a59263cc0f4c10df30086a9b19d70fcdadc4be3a8528aeb7368fd2d9a08b31a146f1e6aadf5215925a1713822a2455c5dd513d32cac86e55a95770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4d4ecf709e4607a73a14206f4d05536

SHA1
9dff65e48867f6bcb99e999fa1f8df2e27bc2f6e

SHA256
17859636be58f29e2825e536b7345b224398df095e3fd89b8e7dee4e1923c0c0

SHA512
e8ee55cec52c03df37c5b07ecd78d759aaf4a3ad9db07cc2d0f34e7475690d45f43d0fa47758f41a92af505242ccc5baa4fab72463fffddbad2a758b8047fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e41068b5df9a323a361cfb5a60d58b8a

SHA1
b3f0ea0a1d79ed8309014e0a36d695672f516c03

SHA256
7f0d27c47b39a98b9c643fb8fe9ee82a651505fc98970ed5676aa29fdb527438

SHA512
fa77e3621100fe9238d18e41f1634c9c5d7bb75d1331d914aa3d361eca126bf1c40fbc79308806851a8a22f95ab5a07e103564907fd97326859d8743aa1a3e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0c8fe934f6bd3eb44684272c4e62aad

SHA1
08a42ca509314674c24a482883d891adeb3e10d2

SHA256
e1ff27996d54b2186d2f4f75e769a3a5c2b6fc61285f08697fc4ba566bf6db82

SHA512
8c13c8cefd6601d48000c690ca73a70aacd7cb306884361a7ef26512b719213cd27614734286f0fbd433ee041b42dd6d04f9787763eb87bf56b895c96bec1b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d34864196223f2881447d5fbe93afca6

SHA1
07a02d44b5007b9141463d1c24e9aa2f8db7c3d3

SHA256
6f54e1d706fed0266e5d64ded046bf626018051227364f3d451c59990b2d8808

SHA512
f9f4407b6828967ccf6ab14252ec1e0e9957e72db44fe634feddf15650a26e414693647a72d66b769c93a85bb87b69f4bced2c813a3313a54f3907ea2f644762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c7f65088e509ec5d47c9793051bca83

SHA1
907d69d0d0970555c292106d1ab526bd572c39dc

SHA256
a8514e7090188d3bb04c43b2f161024119e1f72f46ded89e2292f891df56fd08

SHA512
fae8a9e78d1f76628edc86cafab3bff3123d8cab9cc092e06dbe8b0832214fe92a93ca6fda2ac84e7021514c0901c2d02e785575f00aca04f2a0ada5b30d0175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adf3880cf67a0c220de13932f0002879

SHA1
8f79c9fa59d0bea2fd4cd3ae768bf1a4e862a387

SHA256
3c4655cf45e48f3d3f2dfb1db446c5d4a9cf2ac1aad53975e3c1bd5ce9c94be6

SHA512
70a0783ec766b65035d30b049a35d16757ef99ee27da610454d57b65b5e35eb679acd9a7fe7cd5f31c3c85ae884b34859cac5d3b0143b8b92f0b7b1734e438be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6dcd366783f8c111d921ab9a592326f5

SHA1
2a06f3fe506043b2c19b5d1c7f7ab6e1aea26287

SHA256
765610d8ef5245a2811ae8dcc31a320df4fc33569125abc5e27b563eb2cfed71

SHA512
c329638bfc9b3bf10db11f468181681b51b5ef08a0ffc5a2f7347dd1d1f741cacaebc1bc5f410a22f3571f59fbfe05ab6770d5d8adcb42a2c9957fccd12b2335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dbecf2b5-142c-4bf4-abea-836f5c6c15a2.tmp

Filesize
9KB

MD5
3896e541d248b538f4ffc8b082c56301

SHA1
9dbc63a2f57760edd11d30a76b0a1900a0384530

SHA256
493cd7ab2cf11ca510b1a8b6cc40bb078119afa8cdfd61f65439868bbc8e82a1

SHA512
42198c88566b9b6c53dd8e5442722fee1aa6b0649174ce4adca89b8fdb9c37836d625f4068f92faf45cd6db068902108ad8ae670a14406e6c9ca5d38e8f4ee8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ebe40c94-ceef-4807-a544-3b8f42094547.tmp

Filesize
649B

MD5
a1d0b98d29c3a38b45e33d602f29376e

SHA1
fd9ea4abde5352c3386e3a80325ef45616254a1b

SHA256
40d163fcccf2d2d2a6c94c48eb11be501fbef67de0b404666bd2de28af28459d

SHA512
dc53bb45d45d836ad46921ace0667bcb12dc4311b762c339d34591a1606df381448135280163373b44b351dd0272130e7cbd9376938422e7f798b8af683ae3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1554e756864fad0c879d05554b57c17d

SHA1
2c955df5b05338309e56a2b8318fb7b9509fbe76

SHA256
9e3e23731a2d87372eac73c7c9d2b6664208972691b15b792e7b778376673310

SHA512
f61aa2961167a0e85541b55b186292ad000e3fe25a615bc3f6c99b36e39d35ad8ba9b0db3e281525daec95c72e4772ead3e333980a7bba57ca9856b3f78d54f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1e7b95289c65b0d146d8e4bcfc380f2c

SHA1
9f235f015d5f20b408f438c07f8ea5a4b874c77a

SHA256
285fa3b8ea1e821f8f399b72cb31b907aa377aeb6fca6a148a1cd2e26c346598

SHA512
fb5bbdce179b3e4797229acc6240c17b2097fc83eef00db7456e96f46c86c543e6bd4dba3fe7e713277ff998e93fa6c1a29d2e59b823c13d605d5ccd1335a343

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
2c3ef280be3794f92957bcf988b04eec

SHA1
9f2c42e49f4f843e18ed3babd2e4008cfd65f768

SHA256
052d4aea4f43a8a4fed2f16eb27291725f9404f1069a3c6e00dd9818517fb7cf

SHA512
eb8a016b43e6c06428212e31f42b70069b01c7f5735070092e0dcc17a6f8c64a86d84a279728988c10a4fbf82f2ebcf69eb461985dd6b832d7a3b0eb4bbfdd03

Download Submit
memory/5180-387-0x000000001C050000-0x000000001C0A0000-memory.dmp

Filesize
320KB

Download
memory/5180-388-0x000000001C160000-0x000000001C212000-memory.dmp

Filesize
712KB

Download
memory/8240-380-0x00007FFB42F13000-0x00007FFB42F15000-memory.dmp

Filesize
8KB

Download
memory/8240-381-0x0000000000D70000-0x0000000001094000-memory.dmp

Filesize
3.1MB

Download
memory/8240-382-0x00007FFB42F10000-0x00007FFB439D1000-memory.dmp

Filesize
10.8MB

Download
memory/8240-386-0x00007FFB42F10000-0x00007FFB439D1000-memory.dmp

Filesize
10.8MB

Download