bazarloader | hxxps://www[.]1377x[.]to/torrent/5362489/WorldBox-God-Simulator-v0-14-3/

Resubmissions

09-08-2023 15:40

230809-s39vqaeb2w 10

09-08-2023 15:21

230809-srkrfscc95 10

Analysis

max time kernel
380s
max time network
425s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2023 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.1377x.to/torrent/5362489/WorldBox-God-Simulator-v0-14-3/

Score

10^/10

bazarloader discovery dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 5 IoCs

Processes:

resource	yara_rule
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Executes dropped EXE 6 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exeqbittorrent.exeqbittorrent.exeqbittorrent.exeworldbox.exeUnityCrashHandler64.exe

pid process

5036 qbittorrent_4.5.4_x64_setup.exe
3504 qbittorrent.exe
1612 qbittorrent.exe
4812 qbittorrent.exe
556 worldbox.exe
4336 UnityCrashHandler64.exe

Loads dropped DLL 9 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exeworldbox.exe

pid	process
5036	qbittorrent_4.5.4_x64_setup.exe
5036	qbittorrent_4.5.4_x64_setup.exe
5036	qbittorrent_4.5.4_x64_setup.exe
5036	qbittorrent_4.5.4_x64_setup.exe
5036	qbittorrent_4.5.4_x64_setup.exe
5036	qbittorrent_4.5.4_x64_setup.exe
5036	qbittorrent_4.5.4_x64_setup.exe
556	worldbox.exe
556	worldbox.exe

Drops file in Program Files directory 37 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exe

description	ioc	process
File created	C:\Program Files\qBittorrent\translations\qtbase_pl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pt_BR.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ar.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_da.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_it.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ko.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.pdb	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sv.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_es.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hr.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_TW.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\uninst.exe	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\qt.conf	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_lt.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_gd.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hu.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_CN.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_pt_PT.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_de.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_lv.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_sk.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_bg.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ca.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ru.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_tr.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_uk.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_cs.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fi.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.exe	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_gl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fa.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ja.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fr.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_he.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nn.qm	qbittorrent_4.5.4_x64_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133360692387763383"	chrome.exe

Modifies registry class 47 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exeqbittorrent.exechrome.exeOpenWith.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\Content Type = "application/x-magnet"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\FriendlyTypeName = "qBittorrent Torrent File"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\ = "open"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\DefaultIcon	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\URL Protocol	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	qbittorrent.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\shell	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL:Magnet link"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\ = "qBittorrent Torrent File"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\.torrent	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\DefaultIcon	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\ = "open"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.torrent	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\DefaultIcon	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\shell	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "qBittorrent"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\ = "URL:Magnet link"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\shell	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\shell\ = "open"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\magnet\shell\open	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\.torrent\ = "qBittorrent"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\Content Type = "application/x-magnet"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet	qbittorrent_4.5.4_x64_setup.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

qbittorrent.exeqbittorrent.exeqbittorrent.exe

pid process

3504 qbittorrent.exe
1612 qbittorrent.exe
4812 qbittorrent.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exeqbittorrent_4.5.4_x64_setup.exe

pid process

3964 chrome.exe
3964 chrome.exe
1448 chrome.exe
1448 chrome.exe
5036 qbittorrent_4.5.4_x64_setup.exe
5036 qbittorrent_4.5.4_x64_setup.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

qbittorrent.exe

pid process

4812 qbittorrent.exe

pid	process
3504	qbittorrent.exe
1612	qbittorrent.exe
4812	qbittorrent.exe

pid	process
4812	qbittorrent.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

chrome.exeqbittorrent.exe7zG.exe

pid	process
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
3392	7zG.exe

Suspicious use of SendNotifyMessage 45 IoCs

Processes:

chrome.exeqbittorrent.exe

pid	process
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe
4812	qbittorrent.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exe

pid process

3112 OpenWith.exe
3112 OpenWith.exe
3112 OpenWith.exe

pid	process
3112	OpenWith.exe
3112	OpenWith.exe
3112	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3964 wrote to memory of 1368	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 1368	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 3720	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 1508	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 1508	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 180	3964	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.1377x.to/torrent/5362489/WorldBox-God-Simulator-v0-14-3/
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd61e09758,0x7ffd61e09768,0x7ffd61e09778
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:2
2⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1604 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5648 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3208 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5180 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1616 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4716 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5856 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2464 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5864 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6404 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6356 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6556 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:2572

C:\Users\Admin\Downloads\qbittorrent_4.5.4_x64_setup.exe
"C:\Users\Admin\Downloads\qbittorrent_4.5.4_x64_setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5036

C:\Program Files\qBittorrent\qbittorrent.exe
"C:\Program Files\qBittorrent\qbittorrent.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1680 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:8
2⤵
PID:1884

C:\Program Files\qBittorrent\qbittorrent.exe
"C:\Program Files\qBittorrent\qbittorrent.exe" "magnet:?xt=urn:btih:DE61A1084DC3144853D69C71DEC77A745AC1AA08&dn=WorldBox+-+God+Simulator+v0.13.9&tr=udp%3A%2F%2Fopentor.org%3A2710%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.moeking.me%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.theoks.net%3A6969%2Fannounce&tr=udp%3A%2F%2Fretracker.lanta-net.ru%3A2710%2Fannounce&tr=udp%3A%2F%2Fmovies.zsw.ca%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.zer0day.to%3A1337%2Fannounce&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969%2Fannounce&tr=udp%3A%2F%2Fcoppersurfer.tk%3A6969%2Fannounce"
2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6196 --field-trial-handle=1888,i,4423436752655850521,4683411666662541313,131072 /prefetch:1
2⤵
PID:3132

C:\Program Files\qBittorrent\qbittorrent.exe
"C:\Program Files\qBittorrent\qbittorrent.exe" "magnet:?xt=urn:btih:DE61A1084DC3144853D69C71DEC77A745AC1AA08&dn=WorldBox+-+God+Simulator+v0.13.9&tr=udp%3A%2F%2Fopentor.org%3A2710%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.moeking.me%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.theoks.net%3A6969%2Fannounce&tr=udp%3A%2F%2Fretracker.lanta-net.ru%3A2710%2Fannounce&tr=udp%3A%2F%2Fmovies.zsw.ca%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.zer0day.to%3A1337%2Fannounce&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969%2Fannounce&tr=udp%3A%2F%2Fcoppersurfer.tk%3A6969%2Fannounce"
2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4380

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2ee3e7672f6f40218627520ce5cb4ed9 /t 2812 /p 3504
1⤵
PID:4608

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3112

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WorldBox.v0.13.9\" -ad -an -ai#7zMap28902:94:7zEvent9877
1⤵
- Suspicious use of FindShellTrayWindow
PID:3392

C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox.exe
"C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:556

C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\UnityCrashHandler64.exe
"C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\UnityCrashHandler64.exe" --attach 556 2844699267072
2⤵
- Executes dropped EXE
PID:4336

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x300
1⤵
PID:4484

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qt.conf
Filesize
84B

MD5
af7f56a63958401da8bea1f5e419b2af

SHA1
f66ee8779ca6d570dea22fe34ef8600e5d3c5f38

SHA256
fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3

SHA512
02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
26KB

MD5
249d5bb8f8d5fd948efc1354d88c6817

SHA1
7c912d3b06643207404fedefff09fafa13366c0d

SHA256
f3bfe89639b988ecb00f0cfee2f14749541d67e96bd6b6308d6e934031db1352

SHA512
17e97aa8dabe8bf0bc4219c23037cc3a421bab469b75ee05e004d47bfd6ea55034110641c8ecc44d01bf18dbe4755c43d394a3f6597d0eedfcea2a625523cbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
36KB

MD5
54553081ae57aeca0ae23223060c5fc5

SHA1
a29015368cfc2e7b4d71dfe8425265d4a1c6c47a

SHA256
5b858eb55c1a09093a3b8e79f231b5f7770ebbec210bd7b6c98a7c530e533183

SHA512
616eb4471461f5da685544a18373d30e865ec62463ef1aa5a2c7eb5d14ddce446f86f36a9ed962ba9b610c4270a19ec7ca2bff3477e362f5dbe2b7f9bcb955ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
23KB

MD5
283d99e6a4c13f4b51f225af6213546d

SHA1
6f86220aedbe0e55e880839000635fb0f353380f

SHA256
3fd08634be471731afbafefac8d37025bd0cf3c73b37d702207a934ab8e5342b

SHA512
9e0cc0d01c6e6c84792451d28a98afc7889acf856a5a2e43e0adea8cdc230ae0dce56a043932062ef7f0cbc461415b1df668f38e40ac4716cd8d8d603d46218e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
Filesize
29KB

MD5
495f2637f06227cfe1ca251b271469a4

SHA1
9938a06dbbbe9202b2e63f3a78def4cdae776de4

SHA256
8ebdfa0cf6b633da88c4b315ae426f7fc03c0bf7e502a6f33e2f6347f3994aac

SHA512
b411a9151dd2ba27093298b739ea1b746d3709adaf1483bd0f236b81e09bd61c0cf33f9fee44f93e05e0bcba5957d8072c152c72aa39bae3560e4866048cef41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
89027948f168ade20ebffdfe2da093ba

SHA1
97c1f0ce09654d1df4a47c9050e65f46db3ad03a

SHA256
45794d62589fabc186be1fd3630bc28508b76be8b88c79dd5f27b1e3646fddf1

SHA512
2501ada04e409064b6ab5ff77801b6d18bb4352372a725fe90bea87e15c27680133f4ed4468e022066d56c5e86a64b0722c67b06dc63d3e1149ce7ad7af42ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
78897b83fce5a53ea6e557bfd9d6ed52

SHA1
e659cd9a69280add7943a05eb890248e8b01699f

SHA256
0dcecbf637fbb0a6257f61ab34ccac766cba9b1edd1443b9153f76c44ed5753c

SHA512
c7ef4de3d0068dd8174abe30a701b189423be2ca459e6e1d8a3c2ebd5580e22c6c3173f7258ce13276bef2927310025ea474b44b64df124d00166d8394804ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
b856daed2b56e86911d948e9dc923d8e

SHA1
2e1fdecf944b22502ae084b2429e1753f12a2e5f

SHA256
54b5f879fbf0372c7a34553de01abe48cdfe12a12cdab9b52c2685c42cb8b672

SHA512
d57949537bd585c486ee63c957516d58f96269d5d85c48e77242f95e28675714a768a69ed72b3c6ba9167c56f090684155f5a6d70ed93b8733dcb1810b249e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
545b6d82fe238c37778a72d8e777d47a

SHA1
8eb9f331547b7618460d5c11e1fe55175c06828c

SHA256
6595d1926fcb5a116a9f6c924cbde5665811723da70dab4c981517be2eab1e31

SHA512
eaaefd8164a09dacdbb303ba3ac78cc300f43c1362fedb1dca29e82754f3224d4d33a9781dca4978342754b02425501f4ca47117cc819658c16533dd054e83b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
b6447cbb056fbcecd3eae065f22b88eb

SHA1
353c841e1c37ec2f94242d949145c0ae5c9debfd

SHA256
405ac3f9425bafabe183c8647182cc6254b4a4c74561f642394aa99e88bf00fc

SHA512
9b221e1a05bdca0f996240e41a16ce6646519ecf1c1ae09754288f325c23f3e0cfdbf66efedca7d33ab20aa44302b8f0ece0e61b5bda6ba9cdf239f03ba4793c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
4b93e3e5a2e1f27dd5ef688a80b77654

SHA1
e046709a89372c637e6d30bff26dbc9ef7ab0e81

SHA256
b8cf4a7a7987c48025c2968a060ff07ab76fb8026e0cf849894768b65c674b51

SHA512
f8dd3f53c5964ba8f515fe9655ec66ea476ca792d881f6f2ffb1d3ee5c3744a32465e732bde5640aca2beed037828c925b3ee5baff73d9a72fcd9e8036253c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3341fd6ccb163e7cce49a3e9f2000124

SHA1
5c832289dc326426d2d67896d4613b49583e46fd

SHA256
ec403cc8a6a64f506f3b670d8cab349120480b239d450c310e10f9cff1606273

SHA512
6eef2cd69d04b8f227aa5062d1f1cbc5924039e39a487203fb4b27c1659fefe6a392c3eb51a7dc576217c1a7e41569b05ab2ae816cd049a8b6021eda29d57e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
cf551d9b5c2606037786406cdb61ed82

SHA1
e25f81409abd85aa33b5d7e86b6bc1f5fd2d35f7

SHA256
8cd1fb9f1b5329f9e305e8ca633cb82968bc08761c311abb88e80be7a1d527b0

SHA512
24c5209271d6695b2bd18958959f383eb677099b5237e83c72b5505b8bfa5c0a673ff9ab3d72c64b5d69d6b3452e8fa61e9cce4980a1ef966c62c22698595782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
52f551d8c6e8a02d15185f041b4ab3e2

SHA1
6b56a63fcd2a7e5516ede84aa64f1af4f1f87e62

SHA256
c72e7ab3a1f961dd6d6cdd25c1ac56b02f661f0baf2a6365d371e9fe03e0d880

SHA512
abaf4b1dfc3c1e30c06dc0149499b642b75444738bded7d6086b8060177ec0761fc11c744792c0644630cfb70d5b5dcc1f64e11616ed990b10cde2a9ce6b3e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
db953298788ecf37c6cee782e70ad336

SHA1
8ff24452d1d4ad023abf37d6a6d46d4f3cf1dc19

SHA256
6c70ee5358b9c490c75c4883ca644414dd105f0e4c99432ca26df8eae3fe96ca

SHA512
30d5a4f1e090147cd4b95748b25766fa7dc72857f92d953562b7f27095c8185b3040ff32c42397598a6895328547d658521f7e44479bb5f983b7f360b48feb12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ab49a75792f6ec7751465df6014f7e0e

SHA1
e49e6670b6f971cb0731e4e66700559c6135441a

SHA256
5256d5680224283a4a5c417d328ad29d6f69a24dcc7f510c93bca2250daf974a

SHA512
a5b9f49750c05857beb3cff82bf6b4673e145a49706ea66a4548c01b7f1b196c25b834a0220bd1009324d9f27b513b759a406b9aa86b79b136e4677fe5b86b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
eb2d2bbcd2dc3f691ee654dfbc0d420c

SHA1
cd0f319b29b634b617a1804ebec3f3a642c1fccb

SHA256
3daf0309914aaa90b901531ddd0517187f8e2fa32fcac165775254942a82f8b3

SHA512
2f13410c1a383fa11884e6f0eab2e517b74bf2e692121bc4107e3849804ec27f65025746d24f8f32d79b3835a7a763a07715faa0e4dcc577332d8bfbd00c760e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
f8b6186d98acdd34bef5d439f8255b6f

SHA1
f2f3ced0a4c3bed7c9009aae35e3ee310203e4f5

SHA256
47401c35f07ff52f55646bda4ca16c6260a4cf569dcc785d7efa84e918f8bb12

SHA512
e5d8a04650cea88054c4865d10ae511ad7b9ea4df9397f7d917a5deb1aa12df77f137422a276584b8aeca4addc63b4081985cdd316b49f4e5105f5bfcef03c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
98571de167c2c07d2450f65d18a2869d

SHA1
0150e174af6a7c136c50edb1ba0180f951d2cb75

SHA256
f618511566b72b7c8405683ae140de33888a7ca73049915482092ea413952f03

SHA512
07ab1c8e0e386209007179252c1fa4b0ff3584b0007233e32ff942c89d4f45e4435bd70817538bcada32b30a1220393b08cf7e0e4bc2d1be3b37390250c7e33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
4e6111e62e06db3f5d90f675b83e579c

SHA1
e22de45c63b89d66caa849368dfaf4206f09a3fa

SHA256
1187f053a3d849ef233c90f34caf643067f86dd17468c0978f623f13047ac8e0

SHA512
cb591fac1c3fed3997aec6c35dd3e048717be9c67ad2364057104bc6558a43b40cd78b9b2753c773040f50e0d2e3e77c6a1680f78cdf85a2b1ad104d5d70c1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
760f601fcff3f06662140e41a144407a

SHA1
fadf4bfe27f7aa53651a717a19c8ec0a2fafe0c8

SHA256
082e4846a82f535b5c1bedd2ed7a5891280825526a65292e3a879fea412847d2

SHA512
d3f3c6a445c1feafcc4f95467df2f1aa1e6eb87711b1dc02d759298e48897a7fd4860ea011b4dfadf6482b09802d761bb5901707666b9283522a81ad2d999426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
182c2ac0211b95f343d4ffbcbcaeafab

SHA1
69d597ead5c8da8ae07be35befc5ef0194c43b0b

SHA256
3d65388c2d5ecffe6e3f7ac793adce45fb1145094f69e2411af8e11bf86d3331

SHA512
96e971ae1181babe07d3b18ea0ac8aa86824da6b0968621249b45dc943c9287bb1941e108f4919d45d58f5eeb75843f2d7cf6d1b871ac2f8176c5324d24dcc0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0aa88efa4c5b2ed0520f2afc01a2d64e

SHA1
2070e0d3da494ac8d7440ad5852cab553aa588b9

SHA256
7d6d3440c884ffb7f6a470fed70584cd74a2fa0e4dfa13c0df2cd0eb0e5d13bd

SHA512
04f5d9563a406c231b7a3eaf7c8ada4b62f081097f9ed377051e62b13efbeb6e8cb82bac1e345944718649b7230c683bc9716af50409ce3afc872cbb6ffcc5a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
59644de3419f0677d41dade3ad20a43e

SHA1
418f0920f63f0a6da25edaa13e0b361c7ec3fa54

SHA256
5406b66652cc946772589d712a858ee1420186e93eba4958be1531331b903259

SHA512
37ab3237153518bc698babf680efc69ea2e6bf51000a3384d9942fd1b0de781b25a9981fb64ef0832dc16a71397aa35fb65835c959db617b73a25647fc956e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9d1c3609867bfbf670c02a5e61d65f9a

SHA1
347b538538b0eade57ea851f8da0f843621a39a6

SHA256
f2d9a4990c72be420a88b27115ed4ad786d99d6d3e07a2167eda7ac7e00f0ce5

SHA512
dd41a2817e395b4659814f5e43c2954245d0ba429f752e1694f9c5184a42ab24a56ec743222b18d853741329f7d4185462d728456e0dd9b4c9790dbcf6368d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
51155ba63fd2b0c6ee70b0f81bc51abc

SHA1
664ceebfdf1f3cc8c8a804a7d8b43e95dce1a1d8

SHA256
4660079c56d1c17da939bf1cb0eeced3e9cfd558c6e9bd4f6bfcb0e68e3baca8

SHA512
abb547e8e9465634c502bf16e55b6e65b40022488ca8aec7c312e0914c0c5d9708a64fb117666b834a70781d4820b42f6bd04e49155b5162af546dfdf6f81e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
83cac905933f1f313e4ffad35c8f8ee4

SHA1
551a77da8bc3efb950e8d89430a21456838cbcdf

SHA256
30fdafe1adbd5e92c39237143b32481c67a75da2591cca85911273dbfd704a45

SHA512
9efa75629f5c81ec9b74d8fbcea7226ab0f6080b6c8796be23ed2f0858089647de51bfc53bed38d260f5af76d3f3e042ac669d6c21111359f7b5a51e91e6de7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
87KB

MD5
301f6833441ec6e9be54843ab7cd9a5e

SHA1
cc63d88a60d1b833ba0c9b16e23056cf547aa2f3

SHA256
66d0ff082533d466c6d071a9a47b8aa7e46a661f0d87b22bf6772542a3c0a639

SHA512
a23a39711834548be06ef16b0cf7d14845626a9d1f8748292cacc6862dd1ed686dcc7427074a41b2c22ff11178a29da36fce6a7443ab9699823593c7bc5dedbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
87KB

MD5
fd03b016d9f30b7249d6d432d2eff54d

SHA1
bae8ae12df68b7c50f47de57c986461d37f98bae

SHA256
b09cc51f56ba6f7934b7851a53a5289d3452509793ffb9383873560fac191b50

SHA512
ab59b1aeafb87c2aba524b7292b37d52a7668f235e16f9b871c23a6d4c89a61f5dd100add2f4840ff544a727ee3f580349984e20a90cb0143a657229ed423ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
87KB

MD5
580869b783dcc644b573f93766eaa631

SHA1
efb34ccf089e7b716e6f318ef5b8cc2a8f4192a7

SHA256
ab33dbe6626ad7a3cd51ce858470c84c0fb7c9311b14de8e8321db4bf5072d19

SHA512
057c628dc843c252d650656b8af9a893dea23cbe3d689e7302e3298371b9e4f2066b82aed5cc929c07e7f0655f834655f8241c3fead172760f90572b8651b409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
118KB

MD5
034d169fc9aef551c7004600dda448d6

SHA1
d74affef9c671539c9cdc325b607c7dc46ddeabf

SHA256
91214f19b4f5bc8769fda81cf5e5960be28ae312faadbb4e9789e627627ba54b

SHA512
721656acc5faed59112fda46fda3c4d542bb34ba6430636911d57f2aa34b1db2ce17c3f640100ad2164f88a452f17c79b1a98926b90aeb5c43d3f0356af31583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
120KB

MD5
6e260dce6db60218b9b6f5048406f38a

SHA1
51b050999c3b803c081300645cc435144bf6eb64

SHA256
d37a58b133cf35b689e45f78258a9a7dcb9e3efdf2055ed08b0c41eed449848d

SHA512
984369c1f08ad0d7067629ddc94fc175c72149d346e38814ec3954a6a569a17904ef6862cd069be5c59764fba6306481cd700c6748f68d298a5195b593f78509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
9de40010c4cce8d16353ea5337faa614

SHA1
3fc0e4849639fa5cabe3481e91258067d352f927

SHA256
624ed5d8d4cbc050f1827c45c2ee7050d302992dc43fbe4b2051104c6259165d

SHA512
583210e7022a0b85dc74c95a2dd06f9b143ff2513c920fe04eb49e47780b5453c3f1d066132755775a813f0553c137e261c3d882991f956b41aa1d2871ee8dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
a23a9de648e010fb04135d4cb86fce5b

SHA1
5f8f39acb02e0808f7df523bb4c1f19ff6370e1b

SHA256
a386e7e84a9a52927e5d57ae6f14358248cd071cf61abd3472be16c865593108

SHA512
dd420d1e883ad2ca6434bbf94f61119a6cb6762d78a188758b5f1704286582e06cfddb4ff094e2db0fc59d016f9e0ba17cc2920cb46da57756052394ba8d0691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58655c.TMP
Filesize
101KB

MD5
daf8775c2399c4699e50cb126f1c342e

SHA1
db5e4821abfdae84d1348af016650042cf52a78b

SHA256
46f013723e0a877fbaa7b60ec1e273fba2202d996ca8921a7be5fc5f51db7639

SHA512
1ca4eb2f9ba404e020f7ef10eab89660ebdc1530c2e0bc9bfe33e6dd27f8b6a78a5ab09fc60c5f1b008656115805b5900826fb20960c4607120806bb0ab41f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\FindProcDLL.dll
Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\FindProcDLL.dll
Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\LangDLL.dll
Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\LangDLL.dll
Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\UAC.dll
Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\UAC.dll
Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\modern-wizard.bmp
Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\nsisFirewallW.dll
Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\nsisFirewallW.dll
Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC58A.tmp\nsisFirewallW.dll
Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\qBittorrent\logs\qbittorrent.log
Filesize
296B

MD5
89be214d5fd10f4fb2bbc5142be8b050

SHA1
6001f77fdbaf80698276c0a72c168a1b32ca165d

SHA256
de50e2367f3e3fe49e14b3459eb4e3f831e1c62b7b3b97465c93b4f74cb9476b

SHA512
dd2272bf5fe3bbcaafddc4937d827c38eed0a6e51f3cbd58251b2918efa023a4dc975ddb7d1032399db9ee193fca80a4132d312937819d88064ede3fe4639893

Download Submit
C:\Users\Admin\AppData\Local\qBittorrent\logs\qbittorrent.log
Filesize
565B

MD5
a0d60583fc95fbf0cde3e0d46bbf7975

SHA1
5e4e559627671986a55b51f1bb07bd731ff0cf64

SHA256
99844f2fcc162f0239917e4bf3ac716e873c3b1b0622c63f01d9885a51d0b0ae

SHA512
0c7b9eb1ef3ad821d15376d6fdcef35f62b0b9c7d0f12459e37ff40e466e88bdd6581a36ec322968ec898a99043db5583e82180fdcf8681577c050b91c500f5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.ini
Filesize
51B

MD5
0a1b3ec75790e29a38258a3984e488ca

SHA1
67df08e5b246807354d88205de441f8cb992680d

SHA256
2cfaa3601614346c667b81871768d93cda4fafa95dced0263ab216c8150d32ed

SHA512
fe9a4d44344a1fa7c1b8b56d2f0e59bf21cbf5e365561ab9b7692c640d6436da4d5cc995e07b815982b9507a1df889e5369762a5f79da175356f76c026fc6f8d

Download Submit
C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.ini
Filesize
113B

MD5
6a8b90ea03a5cff36162b38f05c00ce5

SHA1
e3fd2b0060f756d3cee4cd42ffdafaea83c36fb4

SHA256
d3fce7e3bea5f0cefeb12c6caa7dc0c6a39eca2b6b3d758c5c12b3c404b38d97

SHA512
3f13a90cf6f985401fa4f74fcd30f8f86d163f5d7324f7af5d168e7f6e8a922d01d7b5242cc9eae248d3b20eddf40eef3598bd8d667100560fe53f73dec1e84e

Download Submit
C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.json
Filesize
4B

MD5
5b76b0eef9af8a2300673e0553f609f9

SHA1
0b56d40c0630a74abec5398e01c6cd83263feddc

SHA256
d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817

SHA512
cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9.rar
Filesize
46.8MB

MD5
561c99ed2a13ead61e82de4e41bcaf90

SHA1
dbac122c48c00d7aff2d5ba916dee4830f13d630

SHA256
e51027779657b0e4bb6d1a6d7c6496e1dfae4fbe5e922c85be158597099da900

SHA512
50662dec62e12a3cdb1495d7d5bcf03b51bcbcb8035736e92c9a9c3d86ad2bd49b20f6cf1c092eef8c0e8f718c4a71953d02e149002d8935a0af55880a1b6cb4

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll
Filesize
4.7MB

MD5
a04effc751bbb2e193d3be6833fb8ae2

SHA1
5cd8fdf9b467d4b41a2be4a949ff591923fb05b8

SHA256
47b2f85724c9473182df93bb5ec11adceb07633e00899cff7138f40349542dff

SHA512
da2c806a86366fa48fa0bd5e6438bbb3913c73a6157d14f2997ec62cee989ead9cd6172765f335e30be55a505a4b8bd144815d043722b9c8365dc20cc3694fc0

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll
Filesize
4.7MB

MD5
a04effc751bbb2e193d3be6833fb8ae2

SHA1
5cd8fdf9b467d4b41a2be4a949ff591923fb05b8

SHA256
47b2f85724c9473182df93bb5ec11adceb07633e00899cff7138f40349542dff

SHA512
da2c806a86366fa48fa0bd5e6438bbb3913c73a6157d14f2997ec62cee989ead9cd6172765f335e30be55a505a4b8bd144815d043722b9c8365dc20cc3694fc0

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser
Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx
Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\MonoBleedingEdge\etc\mono\config
Filesize
3KB

MD5
d9bc824737177af5792846f26507231c

SHA1
c44835e4881d95a97b597bebff5deba0233a5887

SHA256
60099cf91bb1a5717fc1f2d23cf36a61d3bfb70d9489fbb6f4bae98c560bf3d5

SHA512
f9558f9e985643d8205b5534998412a5896bb6f5712bce5d6cf27469200eed64f29efc01936ab00c4a93625b0fc573036fba00ba2c4eb1d1d7c47555608f11e8

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\UnityCrashHandler64.exe
Filesize
1.2MB

MD5
ca0d5df06cad7818822fb0e184e64439

SHA1
017bb25283784df99952e65375a53f95c35f45ac

SHA256
4d219aec1eb3903d66f2b8b5d10c8066e31cd7ea516eac98667188050985cc54

SHA512
428aa3e767ba227dfee554d92d67c4768d776471d4b488ad1b63e13e4fd7efa10026109f5bbefe07fca811a4a8a6168648b6356609ccf20a7b15378d248ddce6

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\UnityCrashHandler64.exe
Filesize
1.2MB

MD5
ca0d5df06cad7818822fb0e184e64439

SHA1
017bb25283784df99952e65375a53f95c35f45ac

SHA256
4d219aec1eb3903d66f2b8b5d10c8066e31cd7ea516eac98667188050985cc54

SHA512
428aa3e767ba227dfee554d92d67c4768d776471d4b488ad1b63e13e4fd7efa10026109f5bbefe07fca811a4a8a6168648b6356609ccf20a7b15378d248ddce6

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\UnityPlayer.dll
Filesize
26.9MB

MD5
fae81359a8e69e4aba08c669534a04af

SHA1
52aced83521fecb006f270a483a8030149d6ed30

SHA256
f8962d20a2c317384ab8895d5f92bac86265dce8c01a4b67fb783389b3ad0801

SHA512
2f1a94c4cd3e6d90c362625823a9a241f94e9cd292f9211db45e344fb05ea03e7b540ac1131ca34890b9e89af4900da044408b953eb40416e2b81285a9432a24

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\UnityPlayer.dll
Filesize
26.9MB

MD5
fae81359a8e69e4aba08c669534a04af

SHA1
52aced83521fecb006f270a483a8030149d6ed30

SHA256
f8962d20a2c317384ab8895d5f92bac86265dce8c01a4b67fb783389b3ad0801

SHA512
2f1a94c4cd3e6d90c362625823a9a241f94e9cd292f9211db45e344fb05ea03e7b540ac1131ca34890b9e89af4900da044408b953eb40416e2b81285a9432a24

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox.exe
Filesize
638KB

MD5
3b3d201fe6d89ccb4d68a6762faf00fa

SHA1
b1111f4c3efc29491f582c94e6c61d30db284229

SHA256
3cd4485a0c57c87d8a61f2b907e67f825aa0e90633d78b5748808c8e26ca3a40

SHA512
d461792d29b478bf591ad96b86b6fbd1553be61ff15adacf89f3f4045038da6be3b7ca334c486c8fa50188d6b1d3b3a8e9854faec5ad275ed6aa78ded083a38e

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox.exe
Filesize
638KB

MD5
3b3d201fe6d89ccb4d68a6762faf00fa

SHA1
b1111f4c3efc29491f582c94e6c61d30db284229

SHA256
3cd4485a0c57c87d8a61f2b907e67f825aa0e90633d78b5748808c8e26ca3a40

SHA512
d461792d29b478bf591ad96b86b6fbd1553be61ff15adacf89f3f4045038da6be3b7ca334c486c8fa50188d6b1d3b3a8e9854faec5ad275ed6aa78ded083a38e

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox_Data\Managed\mscorlib.dll
Filesize
3.7MB

MD5
f1332aa6761e05696fbf67a94713124f

SHA1
243a04d90a736dd14aa38ab25f1025618382150a

SHA256
efa9830957224e9841f99312e3144f8397c6319cde635abbde9fb11860b67a6c

SHA512
9837fb2180b3837cdb68b6c87e9c20a96329892a90d800944fb64a14cba314578619e87fda2da1f55bf7bcfa5b736d204cd84483aa1e929b0e5f4b9cda048add

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox_Data\RuntimeInitializeOnLoads.json
Filesize
352B

MD5
bf1a3f660ef234f9e44bc6f4b3ff4371

SHA1
0defc9aed5f389314c14713fc080baccc6eda37e

SHA256
d929883a4786c37cb17f388d9280b428e69c8b3d185d5a3162b195c8e9d9f828

SHA512
2c6e75c93576e7064157d8913febf1259c2fc87ac654ee6d1e05b3ce3843b5cb65810c94af580692d31234dee649a0e66353a8d10117aa6187cc60212be68240

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox_Data\ScriptingAssemblies.json
Filesize
4KB

MD5
5c02d2a0e0180a858fae7ddf875ad459

SHA1
9cd296a78a8a3ee18421a1065deecc315e67539d

SHA256
5ed45b6e7e40ea67986f5ab3d5df99551da2ffb56722afbb01dfdce80bbf55bc

SHA512
dc31a3b233e2f2183d22f7fce07f0cfb67620ddfa36a4f3fab2d030886c943cfc24bc8b93c0269eb91f78c497e5dadafcfe175f718ee92de6620adf914347a5b

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox_Data\app.info
Filesize
18B

MD5
b2cbd6d8337ddf436c792a8294c6f5e0

SHA1
0e0746cdc1db4c3a00758f4277a09cd4f1746af1

SHA256
1b7d2c71398a227721d629fa9ebd9fdcc040cb4536a227e394527e076e9c6e6e

SHA512
cbe7401eb854143ae5ceea95761de2dbb400010a746dd91eb72ab47a20eef8892b77279ce23178f88da31c2a1c37ff469100dd0e1fd26c6da4dde135bbce83e8

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox_Data\boot.config
Filesize
69B

MD5
2b77119d737c1c2caf66bc03e37efed2

SHA1
07516483372e39b828f8a4d8a6f3e13f2a607b22

SHA256
25202c8f0caa8139d220c1db829ac0445de52047059b03c920c7d145ddfeb4ba

SHA512
53de04a485fc86e9327e39f6c2efce794f44295817f7106fc66e814e3f690209ee04c33b08c21dd951a15fbe472bf7b5a92acec465130319b85fa5ac09f9baf2

Download Submit
C:\Users\Admin\Downloads\WorldBox.v0.13.9\WorldBox.v0.13.9\Worldbox\worldbox_Data\globalgamemanagers
Filesize
2.1MB

MD5
edcfe5e2c896abf2c044ae245efbd7d5

SHA1
2865fe924a2bf3b20c5d36906b986a1804a59018

SHA256
0d6c5aad630723aaa7cd3313f87ae82c4231ec0dbd093229a2c04b14a899fbf7

SHA512
cbf1b26ae33224a07874fc4fe16a591d803df47137746f3ad74d1853bdb74507bc930905133bb4b6b111bb6436e7185c4710084255ccfeb87f2170b22af4f90d

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.5.4_x64_setup.exe
Filesize
31.3MB

MD5
6e35e4512488a44ebf34bff82dc4724f

SHA1
38903134b1a0a774cdcf728d3484493e7d83592a

SHA256
3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

SHA512
a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.5.4_x64_setup.exe
Filesize
31.3MB

MD5
6e35e4512488a44ebf34bff82dc4724f

SHA1
38903134b1a0a774cdcf728d3484493e7d83592a

SHA256
3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

SHA512
a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.5.4_x64_setup.exe
Filesize
31.3MB

MD5
6e35e4512488a44ebf34bff82dc4724f

SHA1
38903134b1a0a774cdcf728d3484493e7d83592a

SHA256
3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

SHA512
a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

Download Submit
\??\pipe\crashpad_3964_GNTTORTUKXOOBFBB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/556-1687-0x0000029675530000-0x0000029675540000-memory.dmp

Filesize
64KB

Download
memory/556-1688-0x00000296754E0000-0x00000296754F0000-memory.dmp

Filesize
64KB

Download
memory/556-1693-0x00000297D9230000-0x00000297D9250000-memory.dmp

Filesize
128KB

Download
memory/1612-1084-0x00000140EBC40000-0x00000140EBC50000-memory.dmp

Filesize
64KB

Download
memory/3504-1070-0x00000256D2E10000-0x00000256D2E20000-memory.dmp

Filesize
64KB

Download
memory/4812-1171-0x00000197DE7D0000-0x00000197DE7E0000-memory.dmp

Filesize
64KB

Download
memory/4812-1187-0x00000197DE7D0000-0x00000197DE7E0000-memory.dmp

Filesize
64KB

Download