c06dde7483f0336ffee520a06c713c82c9d48e5bce69961df66b04a8ec80d983

Analysis

max time kernel
215s
max time network
216s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28/06/2024, 20:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Discord Bot Client.lnk
Size

2KB
MD5

c1f2bafd8cac831d930a0737c61a7f71
SHA1

447d0b9e955cc3ee516f82997a3fdb4822239cca
SHA256

c06dde7483f0336ffee520a06c713c82c9d48e5bce69961df66b04a8ec80d983
SHA512

c16a96af4fd4fb663614da92f3b81a1d856048572ac33ae599123f355f8adf576d227d9de72f9726eaf10ed03620def1263e402f008abf70307005d879a503ac

Score

9^/10

Malware Config

Signatures

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
behavioral1/files/0x000700000001ac97-361.dat	WebBrowserPassView

Nirsoft 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000001ac97-361.dat	Nirsoft

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640790163748102"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
6092	chrome.exe
6092	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8144	Pandora RAT V1.1 [Public Silent Edition].exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
8144	Pandora RAT V1.1 [Public Silent Edition].exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe
8144	Pandora RAT V1.1 [Public Silent Edition].exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2300	1308	chrome.exe	75
PID 1308 wrote to memory of 2300	1308	chrome.exe	75
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4232	1308	chrome.exe	77
PID 1308 wrote to memory of 4384	1308	chrome.exe	78
PID 1308 wrote to memory of 4384	1308	chrome.exe	78
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79
PID 1308 wrote to memory of 776	1308	chrome.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Discord Bot Client.lnk"
1⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d2a59758,0x7ff8d2a59768,0x7ff8d2a59778
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5016 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3292 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3664 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5040 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5692 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5852 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6064 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6252 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6416 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6216 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6392 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6908 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6984 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6972 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7212 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7264 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7364 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7636 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7644 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7784 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8056 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8184 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8356 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8508 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8708 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8328 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9180 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9344 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9488 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9860 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10088 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10232 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10248 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7224 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10764 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9736 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8532 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8512 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8784 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8540 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8608 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8580 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8548 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8368 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10312 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8724 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8384 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9804 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10876 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6776 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10948 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=7952 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7916 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7676 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8372 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7724 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8376 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7684 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7740 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7368 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7452 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7220 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=7424 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=7400 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7392 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=7216 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=7488 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10888 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=10800 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=7256 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=7556 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6256 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10236 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=9984 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=9032 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=7212 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7728 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7720 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=11200 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=11196 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=6312 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:1
  2⤵
  PID:7612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1860,i,17242593718197274373,10085818724182719955,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4
1⤵
PID:1712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5936

C:\Users\Admin\Desktop\Pandora RAT V1.1\Pandora RAT V1.1\Pandora RAT V1.1 [Public Silent Edition].exe
"C:\Users\Admin\Desktop\Pandora RAT V1.1\Pandora RAT V1.1\Pandora RAT V1.1 [Public Silent Edition].exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:8144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
250KB

MD5
9a23e02c51224896115a872ee5f62800

SHA1
447ac79a43947ca2519a6a9e4d63333c81156c06

SHA256
f6acbc67934394aa13122f6cb281e96a0765dca464725108b63b046da126831b

SHA512
9d1e4546a4ced1959212bd1c0f0f8f8a09e6d69b85db5d9cd0172c614745c46143b269ac9a47253fadccfd5834f2db03d35398db16419607b4e749fbd8938321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
1024KB

MD5
099d8e1f3f8203715803f284eebd02a6

SHA1
0275efc65797bcdbe502594f2938e215a7bfe80b

SHA256
1bfdab24a0f2ad3a40a43db5afc6ce4f97e4a4092d35768300399ab99fa07730

SHA512
bc57372f13e4f1aa456b0a77621790bfaebe35665e44bfbe5ee1fc22707ebc98c34fa0fd7679cbc793b520160dbd4c387523f645bda5e6a90edbdbc20e61c7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96cacebe5ab737ca2af21c22425e115e

SHA1
7c15e90257218f15880f10f6ded4cee366f50567

SHA256
07bac4e21ce92ac13c932c8d56d0a4d4747493a6f9b33dfdf334f469c42bbb70

SHA512
411ead42ad45f2557b421a19d1ceed08bcbb28eb6a3536560d11f69fbbf62d4b6fe11ad1eefd2d858512d2a366ff8ac723d98379b013b58441e6c96710ed5bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5b777a2558b49f2d572cb67f57964955

SHA1
9264c791b422e2c9c74067c7e0a6632aeee0a2d5

SHA256
882fae61a835c9e07e1dc5e1ab945bc1a4818e83c17526a101da5966ccd51ac5

SHA512
f3de15e47e68b6ac01a9c8ab40d91305c024bb3cd215366497e8bf7bb9027a69c40f6f57770aeab836762112e4b7954fd629af25fbb13b21a43a3f7746f46b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
f66d19eea52a2d73fe4eed0f50be5c88

SHA1
c2e2b2b9141c06f589a92da0e198cc13788cf604

SHA256
ec7f81eb9cdff0ee07b3037ad0d22972c7fb94d0e8addd4e9c6b596493aef168

SHA512
7dc29b677a9b1d8807ed6852c7b99eccd358eec3d7321ba58b91a9eacac1f7013aef849b1affee59863ab5a59cfe8189982f189f7bd4018e2cd427f3f05e753d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
2e097a3bd6234c61275205ebf46f5a15

SHA1
1ca8b5d81dd8bd70d2ec13b62e4ba24c9f0cea31

SHA256
3ab02ca0daf797316972d6b3fd95dd6c37395107275f75d0416344a711067e7f

SHA512
9600d337ca5631df783f82e3f5a00105a92646ae31ed420b849c5770aa1a4fda7cdd492d694e44444abf487d22c7d487714360a173738d41bfc3b06227622874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3beee261d570bfc6cc55ba3046bd3a21

SHA1
8f3d1551d871848cb98ce8b4653c6582be449fbc

SHA256
05530bc5a0b53fecf47276405ee03cc95dc95f8503d6f73e1bf5311cb21fb436

SHA512
da3a1c33ce550f5d7653b826a32271281171577637fecc80c3472b6f9ed7173487fffaa42ce4c3092edc033d882f93ea24fb1ad2b84be8d836d171fe85e1d09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
aeb7120d75bd7e373edd9447db1951b8

SHA1
117f8d606976fa163f9402445ac42264a76e939b

SHA256
da38ba931aafd2ef6e08127a8ec17e422813b5380917c6746409f3168d877179

SHA512
0d2e39713791393be73f3e3ae0609d5440de158a37e4d821f95bc45798f2805da715303783af708f9f73603b4d866ce77b48d778e64a9f51159e757853000eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d8ade7fb167ac93318041f496ee258d5

SHA1
7863001af0ded6b83382e13c093451686c9b6fea

SHA256
6f6212de9962c0548f2a5e6a9aafa4656de12ec190504cc60cdb32353c6fb232

SHA512
546101eccfce7c710c79d0334c15fbd7a738d5e84be34bf758bd957ec554b06f8efb8dc0c7982b85a1408b8b66258d4daec758c1eda268380ffcb6ae40b9828f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8bd6956564c48c957913f0591e72dcdf

SHA1
6aa99ce6d488bc9d48ab0816e18daf0b00d7ce15

SHA256
edc0907f498eb0c7bb5ced0781496c16c4dd2cc38f8b73ac12f5577025d6f2d1

SHA512
6ca717becaabb166480cb92fe8a02ed03ee76337a330a36e9ec712830ed9fdd065cf7ae2aad3887ffa78fb70e42c53c2c23722623d1c44b6c6735967084d3b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aba9546d8f9452d791b435b0761abda8

SHA1
f758a91732a2d2ba6f19241e98c3d7081eae78ab

SHA256
bca35a97bd2e74481c1698cc6d2d470e2cd2efca1679aef303df061f968b8ae3

SHA512
27ac00ae57c2e264418527aa0ce32ed6cc777f61e0f5fc8f8cded56a63a6c6ba325261cd0ec37410ea0b528a3f6ee426d6bd7f8399717ebaccecfc944a284d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f229c1ac8f45ec33d37f9106098d866

SHA1
d458bc9495145bed4403d54e1255b0e82e5d0f4b

SHA256
ed0fe7a3dc9ad352ba019200da125ef6b349e794c83fb9ba1358eabced3fdc81

SHA512
e20b04338b4344f2c5e412529623f4f88757ab0af64ee64f1b55e8129b46626b7197f3347127d0162df5e706ec5e1cbab7c97681442fbf8329d75d5ca220540a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82719d2ee10693aab9b5b76d57e43e72

SHA1
d091efd20a9a9c492f63366582a474ed6d542ab6

SHA256
ae72432f6e7290991e6cd52a3229af07f0eeae44542f8c7030aacffd3d8fe869

SHA512
e10b7cef4c98cb72f3a3ea06f4e98b5b18ad67a1ed77652fae95672e4a3029f2ebaac37b8f2e005a6be3e239004ba05d35629b2c9baa448d6d7d2f5e45090357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
636c98c9d9033f428251e65aa8b6f3d5

SHA1
b4e2f054d45ca615a5dac6de16cd97fa1a388473

SHA256
34503606370399930103018fd897ff96d06cff501aa82deea4fc61468d7c3c8c

SHA512
ae77863e0666bb0c4e193c7c566b71b7b93b8a25db9c800ed11500307d6997f76e0ccae2b76fb7391067f10b18bd1e0d4bcd7ae7e1143885b8f7be449234afad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
770d4c89d855eaac8919e681c998d4d3

SHA1
5378faded0413889d7a209d553125c0ec42589ec

SHA256
a2e237c5078e8395c6feb82ce929f27a61a3442acf2ab3cad2e52a6c82e2b06a

SHA512
6d8f498fa0683682815d288d0d2682f5a67a82a38f8706803f70f2076a0007b1c64585f79578cd27228a01a56bfe1dae095f07a6f3902077b32aa58e5f84c8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
35072ec32c1a7a6bbe75f0d2e951460c

SHA1
5cd9697453947d8c8a909ef1119456fdb6ca46d1

SHA256
37c2e684abe5046c39eff7053f727280742525cb2c3faae8d6553dad8359d433

SHA512
bddd342c8dd8671ccad7b68cac6bd751cb51459928435a0afa7f01540b21129e119521a95bc926db7bf98dd9e28ab63102505fcc4f8cc19087a6436c955f5cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
e77a52220573d60aa938c233fde5fedf

SHA1
3b879b39be0db1da0c8e8f9f22a4414c1780ef67

SHA256
fa9ccd736b5555b86a47c389a4933a4c96c36656a6c535f055651eaf6bb7e6d2

SHA512
239fb99d78fc82f75921533a9fa470f8da842edefc90fd6159dad152520c54ada0c227c802b484bddb74ea09a0328818740a27a6c524f292047c820f2f4e248a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
6a9e904525f15121f84c5df95fbc0341

SHA1
88cc987a0a4e051c1daffa4535f2fc2a8407b950

SHA256
975469b49a7177b654aa1a4d1c87609a29798a677c88cc8f5dfccf89cd4b0213

SHA512
8f943629dd4743f6c1d96e012849b80ce1145bc7b5ff9d0d00f68ce158890382e81cde3878526c3983f4858e653726234043f76fb3890ce534e4d3bd37335fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fecd.TMP

Filesize
92KB

MD5
92cd70733fba3408163803138d6afdb0

SHA1
7186847d6244c41d712135e6025f3840926ff9c9

SHA256
c3717df6b2f7d4b9d4585aa0bbbd9c42f15d4a1c2c19469829e1cfe764cfb708

SHA512
0593749807f1824c8983051944b0a26be13ef43a13fe9aa331a46c089ec0f20b7300f9a4f9ee85de735b6d27dfa0603abdb237b2c84bcdf24b9a82d99d0a4ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Pandora RAT V1.1.zip

Filesize
4.0MB

MD5
2cbaeb55269f1a916c0160f3a87532df

SHA1
4ffd99e2c25b528373e56914e6a3edef92796bd2

SHA256
7d346a76763e9f86e6e54fc4637ce3d5a0ed8b6231fa017df037667118fcb87c

SHA512
c768125de9a0e574ba9831a9d7c1e86f61b83eca9e54af5d4672ce059c2c04e5b305cf49ca8e892e78758a1c9288001d288cc6bd3fab3426fab891ff042e0fad

Download Submit
memory/8144-521-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/8144-519-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/8144-522-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/8144-520-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/8144-518-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/8144-575-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/8144-579-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download