hxxps://easyupload[.]io/58fl28

Analysis

max time kernel
126s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://easyupload.io/58fl28

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

PandorahVNC.exe

pid process

2616 PandorahVNC.exe
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

behavioral1/memory/2616-462-0x00000000064D0000-0x00000000066F4000-memory.dmp agile_net

pid	process
2616	PandorahVNC.exe

resource	yara_rule
behavioral1/memory/2616-462-0x00000000064D0000-0x00000000066F4000-memory.dmp	agile_net

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640958710017423"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3664 chrome.exe
3664 chrome.exe
9180 chrome.exe
9180 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

PandorahVNC.exe

pid process

2616 PandorahVNC.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe

pid	process
2616	PandorahVNC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe7zG.exe

pid	process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
9044	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

PandorahVNC.exe

pid process

2616 PandorahVNC.exe
2616 PandorahVNC.exe

pid	process
2616	PandorahVNC.exe
2616	PandorahVNC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3664 wrote to memory of 1440	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 1440	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2348	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2156	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 2156	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3384	3664	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/58fl28
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d189ab58,0x7ff8d189ab68,0x7ff8d189ab78
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:2
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:8
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:8
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4468 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:8
2⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:8
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5164 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4900 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5224 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5236 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5392 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5408 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5424 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5564 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5580 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5596 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5612 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5628 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6316 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6332 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6484 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7100 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7228 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7712 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7752 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7884 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8312 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8236 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8560 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8064 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8536 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8120 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9072 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9108 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9380 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9584 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9500 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8104 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:6256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10036 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10220 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10656 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6844 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:8
2⤵
PID:7800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7708 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7744 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6820 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6916 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10852 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4880 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11020 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5200 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11376 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:7552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11380 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11704 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11840 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11348 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12156 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12276 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12452 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12588 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12692 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12132 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:9008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=12984 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:9036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=2328 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=2440 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11568 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=5072 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12400 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:1
2⤵
PID:8252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:8
2⤵
PID:9092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1888,i,11647645008856567711,10057942828118963483,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:9180

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:9172

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PANDORA HVNC Cracked.zip\" -spe -an -ai#7zMap10103:110:7zEvent2410
1⤵
- Suspicious use of FindShellTrayWindow
PID:9044

C:\Users\Admin\Downloads\PANDORA HVNC Cracked.zip\PANDORA HVNC Cracked\PandorahVNC.exe
"C:\Users\Admin\Downloads\PANDORA HVNC Cracked.zip\PANDORA HVNC Cracked\PandorahVNC.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2616

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5e0d39fc-44b3-426f-87b6-d42eab48c117.tmp
Filesize
100KB

MD5
e575410cc3376ddff9d87c3999a178f8

SHA1
67c8045f994d9229397a97271b62b71c85b4c523

SHA256
1a0ceafaa37812f974f248a687e06e24ee3eda85481a52c81bed7c627802d365

SHA512
004eaa058e68f5101747c894a6b9a65a03f08f26bf796718a508e79dc47a4b9309027b9c13c33a1c7a854c3f939563deba4c5813e8f262735baa40bd337f418d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
0dbe6bd649b4dd91b4ccee1265405b65

SHA1
3e53f56a1ee88b095fe58be8e7b16a73e19e4a78

SHA256
161ec63bd24ead2988f16f6abe26d03901f59acaa4b9de4fb1836140ec96e8c0

SHA512
25f657a4bcc7bf92c68d936b5c5b141e86cf7a823be454b723afc4f6d569e1ca2eaa79d3ee46f525199a33b2a1146be84936f752f03f61a1f1ea847394ce90bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
08b0adc40f929ccecdd4f337de91fc49

SHA1
622622bda980f6fcb27bea2f47fdf677c647adff

SHA256
33fb02f83ae98e7f680c5609e3d312b17f47eb55fad88378c6e01cfcc3d924d3

SHA512
52a5c6e571f4d33887922ccada227e39de33421a411ba4ab5b050a9aa63d83e8c75705fb1b3cc4ab014497e335b7a19b758eddc25797f4b27a7c35ed5a6cc4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
caaad125f638f1ef2773a7469f2a65e4

SHA1
a941abbd7a80d16567cf5dc954ff4a1140e68095

SHA256
7b896dfecda974d4f39ac6c04caedab4903ad8647d8c8265d4502c15c5d6ab5e

SHA512
d2b3f83a4de859b67b6b2ea26ecf968dda7f0b267f4eeef949df892ea039a0d9796741933ce3f660e43f0398ec9f9ea0c3b17e62aba2dc4a0b9defedb4ed299e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
19KB

MD5
d46fbcc00b4f4e1222013f8ae019f01c

SHA1
4ebc0780aebe6de9296060d7871c14147c6a93ea

SHA256
d0fe099d907c08727e8f8c61757e77cc57014cd88b4446e82ec1adf6b1737878

SHA512
a89214f88d9a493399bd447cbb0e230f32f4b4147fb40c29e65f49bbba087a040b123344581dcb1aa54aadececa1c6d90b59e90abf230369e0ea57f020f9f85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
9162e65ab527d5667d94ca20d6f24a12

SHA1
14080c3cf5c4bdb95b30d99bb214d66793d9bf35

SHA256
c9a76277698e97a320582bfa4ea091777c42b14e8cf407ba1bf58f1a84000836

SHA512
a9c00b2c209b15e7e2f5843ab7deceac2a42367a4b6ef830f7e70ccccd301a64b04ec71676a626e2660fc97802a704f51760020f6b96b7877a095f19bad65bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
c65f09a541511fd258779477a85e45a2

SHA1
163e926552345b7b42743349368a9617d49e68b7

SHA256
6563f4faa2a6790387f346891508afe8062b11444a287fae5be521edff5f683b

SHA512
37b2dcbb4fb716bb587c35b800c0374c9f93b972a8f57369063bd3a4bc7548e537c529fb1c08ef781dfc6a64f3988c0dd01aeb4618037d75eb4fabb6a7c7f9d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
884f3b344f55815bd6bd23d1898d3d2f

SHA1
e4c38f88a48e9120ec3db4168b83e2aa5631fb6b

SHA256
3610df943f50872b8b22aefb9ad496ca2ae1f30c7ee2008c468f9b92b62b6c36

SHA512
8c9fcddc279cd14d0da8327f2b17ba8b0aa7e8bc41b9f49d59793aa16105ce271fc08220bbef5a89f2cacefe99752c09aac0305ad037f73de78b9a5a917deed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
c0a3ec6cac2973595f30a31ad9b706d8

SHA1
5b198394cc5417e07effd4b85052089f6b6894aa

SHA256
ac9707110bf7afb1caae378e71ef8a7ad09295d3eacab8414e81ce89407515f1

SHA512
cc5646c64437a087a76aa3f6775d84b93b48cda09e8e9139f0d552edb79f2e140eebda0ed67f7d97056912e5e1e50d05d848346bbfa3dec4457a73663bf8612c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
abf2b1c753abaf2d3d5671898dab4b14

SHA1
9dea5ba7459f1864b3213da060b01a749277cbf1

SHA256
5d714197c61303c2ca42ac38d3357390103834883bb9d5f9c691d4aea7ead9aa

SHA512
1765cf33173dbf90b7255f9b71e3660df9293852d03adc96897dc91cdd2e6d749de644adcd1e8d649fb5c8386cd0ccb2b736174912e10656d077be830a4a0c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
213dc714f5226e163a705f118870fea8

SHA1
03f020ffc3c3dc6c8c8e351c0063e46148e169d6

SHA256
0c806fc28da5e2e802d6c66868dea1aa9126879782e46c813c596a62ab72397f

SHA512
d80df3229b2b5d49e8e1cec35a206268418c1b74762d991bf767ac3a2e43a7a18b350131df2a9d1f75c68bbe77b8817296901c456ccada604d581e1b18d592e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
264cd7d73b20a280a31f094d99a20eb7

SHA1
d292f88812615bc72102a9e554be059da83a5b06

SHA256
193552cdb985a7de1a4b531635ae3338e9af0a687ed77706501aa6a92bc72347

SHA512
c42eebb8635cd064347731177929b601514b4b5bf1ef431e6b4af608f591708a2d275ac6904ff5a0b297416067d83be62c50f7234a77257ee235a10ae27a3b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
f92cb16b53612eac4916a4f3da8761e2

SHA1
dbff4d36af90ec0434d2bc3586cdabf6e576c8f9

SHA256
7addae88d18ee3f606fbd129bcf1003170feea6956415df6e50ad0b7fee87841

SHA512
7f701b489b07ee038bfe0b82a508312c28b609d58130a91e43980c6936de2b33bfdd12bbee32c670906d8e163d31bd68280c0d04fe2e5d57dd6eae501ed87949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5811fc.TMP
Filesize
96KB

MD5
f4cad708b64ede6a5d4783a5abffa7df

SHA1
1448e29b211c9727bddbdb55d556b0440eec1a95

SHA256
98909641012e3e764372dc85dd48055f4e6263cb3f7ca5fc86532c23cf30ce68

SHA512
ada312607c7703cbea9cf574e86173b8e45a97cd4436a4eb7f21b3fd6676d1f08a43b3200efe9107a7549006b158a7bb99e3edea19ea0c1a26f6764ed3bf58e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll
Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\Downloads\PANDORA HVNC Cracked.zip.zip.crdownload
Filesize
4.1MB

MD5
0f8b506d7925457584afdd8a8d295d7c

SHA1
3d99cf175cd6de9962086ebbd890eded2e92df0c

SHA256
393c7e77b02c57fab99cc076e29bd439ca049cacdbd9f7511177aa3ffd8d9b01

SHA512
ad6c80562f6dc2f27a8508c1df5429c9a639b17834e35705863dc15b349d912f0cca83d1cd49f82b3377c2a4e43eedad199db0faf2f32dd659a91708818557d4

Download Submit
\??\pipe\crashpad_3664_RYJSKANKXFOUHVIW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2616-457-0x0000000000B80000-0x0000000000F72000-memory.dmp

Filesize
3.9MB

Download
memory/2616-460-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/2616-461-0x0000000005B40000-0x0000000005B4A000-memory.dmp

Filesize
40KB

Download
memory/2616-462-0x00000000064D0000-0x00000000066F4000-memory.dmp

Filesize
2.1MB

Download
memory/2616-459-0x0000000005970000-0x0000000005A02000-memory.dmp

Filesize
584KB

Download
memory/2616-469-0x0000000073210000-0x0000000073299000-memory.dmp

Filesize
548KB

Download
memory/2616-458-0x0000000005F20000-0x00000000064C4000-memory.dmp

Filesize
5.6MB

Download
memory/2616-456-0x000000007480E000-0x000000007480F000-memory.dmp

Filesize
4KB

Download
memory/2616-488-0x000000007480E000-0x000000007480F000-memory.dmp

Filesize
4KB

Download
memory/2616-489-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/2616-496-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download