hxxps://www[.]google[.]com/

max time kernel
858s
max time network
862s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (539) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	qbittorrent_4.6.3_x64_setup.exe

Executes dropped EXE 7 IoCs

pid	Process
4596	qbittorrent_4.6.3_x64_setup.exe
7896	qbittorrent.exe
6596	qbittorrent.exe
4284	qbittorrent.exe
5708	Caves of Lore.exe
4860	UnityCrashHandler64.exe
2944	UnityCrashHandler64.exe

Loads dropped DLL 9 IoCs

pid	Process
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe
5708	Caves of Lore.exe
5708	Caves of Lore.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File created	C:\Program Files\qBittorrent\translations\qtbase_nl.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_TW.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\uninst.exe	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_pt_PT.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ca.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ko.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.exe	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_lt.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pt_BR.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_uk.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_CN.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ar.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fi.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ru.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hu.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ja.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\qt.conf	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_gl.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_cs.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_da.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_it.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_sk.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_gd.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.pdb	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_es.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fr.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hr.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_tr.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sl.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_bg.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_de.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_lv.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nn.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pl.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sv.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fa.qm	qbittorrent_4.6.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_he.qm	qbittorrent_4.6.3_x64_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Caves of Lore.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Caves of Lore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Caves of Lore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Caves of Lore.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133514556823101034"	chrome.exe

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\Content Type = "application/x-magnet"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\shell	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\ = "qBittorrent Torrent File"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "qBittorrent"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\shell\open\command	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\ = "URL:Magnet link"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\ = "open"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\shell	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\shell\open\command	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.torrent	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\DefaultIcon	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\shell\ = "open"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\shell\open	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\shell	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\DefaultIcon	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\Content Type = "application/x-magnet"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\.torrent\ = "qBittorrent"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\DefaultIcon	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL:Magnet link"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\.torrent	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\FriendlyTypeName = "qBittorrent Torrent File"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\ = "open"	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.6.3_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\URL Protocol	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\magnet\shell\open\command	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell	qbittorrent_4.6.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open	qbittorrent_4.6.3_x64_setup.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
7896	qbittorrent.exe
6596	qbittorrent.exe
4284	qbittorrent.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2276	chrome.exe
2276	chrome.exe
4596	qbittorrent_4.6.3_x64_setup.exe
4596	qbittorrent_4.6.3_x64_setup.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
7896	qbittorrent.exe
4284	qbittorrent.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
7896	qbittorrent.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe
4284	qbittorrent.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5708	Caves of Lore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 376	2572	chrome.exe	71
PID 2572 wrote to memory of 376	2572	chrome.exe	71
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 3728	2572	chrome.exe	86
PID 2572 wrote to memory of 840	2572	chrome.exe	87
PID 2572 wrote to memory of 840	2572	chrome.exe	87
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88
PID 2572 wrote to memory of 1204	2572	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6ae9758,0x7ff9c6ae9768,0x7ff9c6ae9778
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4820 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5520 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5468 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5848 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5096 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5568 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6108 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5168 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5080 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6224 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6276 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7136 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6996 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6812 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6808 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6524 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6520 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5572 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7512 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5872 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5848 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6616 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7408 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6888 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7088 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7104 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7212 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7580 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7348 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6328 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2292 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5176 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6580 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7888 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7836 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5480 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8448 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8664 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8804 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9008 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9276 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9280 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9368 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9816 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6956 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10104 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10028 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10344 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10196 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10652 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10460 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10800 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10496 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11108 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11228 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11452 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11700 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=11404 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=11860 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=12176 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12316 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12320 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=12504 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=12908 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=12880 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=12844 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=13152 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=12732 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=12728 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=13180 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=13168 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=12160 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=13016 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=13032 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=13056 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=13132 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=13100 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=13080 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=13068 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=12792 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=12776 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=12156 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=12884 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12636 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:7000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12748 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11200 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:7404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11492 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:6672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10716 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:6560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10760 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:6536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12636 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe
  "C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- - C:\Program Files\qBittorrent\qbittorrent.exe
    "C:\Program Files\qBittorrent\qbittorrent.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:7896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=13396 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:6556
- C:\Program Files\qBittorrent\qbittorrent.exe
  "C:\Program Files\qBittorrent\qbittorrent.exe" "C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0.rar.torrent"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=1132 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=13680 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=4668 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=13628 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:7388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=13372 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=11288 --field-trial-handle=1824,i,8902190963531407392,554294855989506338,131072 /prefetch:1
  2⤵
  PID:6868

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4140

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6d02a03c03fa42a1b74b9a33bc52589c /t 8088 /p 7896
1⤵
PID:388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4680

C:\Program Files\qBittorrent\qbittorrent.exe
"C:\Program Files\qBittorrent\qbittorrent.exe" "C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0.rar.torrent"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4284

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap31444:106:7zEvent31356
1⤵
PID:7664

C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\Caves of Lore.exe
"C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\Caves of Lore.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:5708
- C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\UnityCrashHandler64.exe" --attach 5708 2350627753984
  2⤵
  - Executes dropped EXE
  PID:4860
- - C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\UnityCrashHandler64.exe" "5708" "2350627753984"
    3⤵
    - Executes dropped EXE
    PID:2944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x3fc
1⤵
PID:6848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\qBittorrent\qbittorrent.exe

Filesize
30.8MB

MD5
63aa994700be0b73d52bcb0fdfea099c

SHA1
bda9d034ebc1e4fe86159a5001f199e6e3f84028

SHA256
1cd057a98030e0cea6095a82470792da9940fb627c52391b2b1dc215d42dfc31

SHA512
7f4d3a526ec7bd64a7bb7208c87105336f62d87ed0f658bbd20584e8ae04f42dbd984a80cdd982b329775cfdf2e2eb57c40be43ee0cf54bec56f3f84f37e0b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Red Plume LLC\Caves of Lore\Unity\4eba9931-c0bb-4ba0-b1d4-a0d2cfd431ba\Analytics\ArchivedEvents\170698283400003.d0fe85a5\g

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\LocalLow\Red Plume LLC\Caves of Lore\Unity\4eba9931-c0bb-4ba0-b1d4-a0d2cfd431ba\Analytics\ArchivedEvents\170698283400003.d0fe85a5\s

Filesize
440B

MD5
5501f4b6cde1fb95b56cae8b9fbe21c8

SHA1
a18e6747a69b5f8d471fac90e2550feea9ba76a4

SHA256
4e3b2ac417bca16f8c62f3d68394135b8704fc4d015c3be4fb0e042f240f177d

SHA512
a49feeaa2d52a83d1533e01589c7214d967da4c7fd23b534f5cfa79d442aaa9ddea712b0ee805fe28ab8e397b46020c2edb9214c08539de8c914049befa8d8e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
75KB

MD5
63c29820f4c0264cd99599a07a7d96d0

SHA1
c4858990ce9a3c4f722234dea0529ab2c5889bdc

SHA256
e1b291c4d1d474956e9f06c3e9b05e4fa9fef6063cf2bedc6588891161019a88

SHA512
2b9a5b355fad836ff25b195efc748f8160653551cbc9d633de40640be785c4fd26558f815888fdc52157ae153a065bd39420a9d07aef29c2761bb3275c86e4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
89KB

MD5
2f90aac2762e73ddc6483bb2803a40f4

SHA1
4426b03996f4195cf4a63328efbb874185f39fbc

SHA256
b7d6a1657e3bdefed77f3d4c556c107a5f6a46ed92048dcd8619139f56f4b3e5

SHA512
108fb3eecb872b26f34f61b8f972b41fbfa19317a02d70f0749bdc3aa39571585491581c8aa8e08ce88e8b051ba79dc753bfa2448513ffae71a7479d257b0d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
92KB

MD5
31c23bff40a0b2ded7a24b554ca1d5e1

SHA1
309b637807237d4bc20d7fccd2931186d20d3005

SHA256
f160d8771ac928fbfd9c68b57749acfea5e36d9602f52d0dd24695191441c9af

SHA512
ff62ea8cd66fd988b846d90ffdeb60d26386fec089e1e4e36b82a430e12af5d68fa1f184a92b50c5f0b173ca0b333709e814bbb02d9d7f557d9ad499a0034a60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
50KB

MD5
eb6c785070162c5609f95c0c2754d83b

SHA1
62b75eada691e7a87ee9d06d3a4fc1375af77a58

SHA256
aa359d884d2fe942fbac5ee68218d485f7792850beadcc7638a3b3ba521b2fe2

SHA512
c9dc3dc0f35e50137241350ca7ad19feff8a7d97f0016a820fc2834881bdeb2e66c41c482807d7eeae2065078cc2ff6d89a0c81d64bb31db35fc8541c2c9d61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
70KB

MD5
b6918b30290bd776167cbe52f353c166

SHA1
f2022522438b4500c9bd4c49933617f8f75ebc8a

SHA256
e5662427c151089f0705bd84bcf5b3d449fc3d074df32318cc1c4699c33acddc

SHA512
ff3f69d32b95fa0c85518e4ef8cf61dd8f3230eaa83dcd5bffc3caa17b261eff944d2853e0cb98eaea794dff5e2b94d2faab96a8410df2f4d04821a71661a1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
54KB

MD5
d0a89575478a5e0c5911ac42eadf3874

SHA1
f2168c11651bb293e9fadf9f5dade0721ea15e20

SHA256
13027a22ef5bb30e264cfeabe266d2b8b78e2f93d890f013e88b9eb57f4283a2

SHA512
4bcf5664d25ef6fca802857d4c09c8c19ec60f43174971e99b9270e908395cd49505759729162c7153d3fa1ab8db760b6670519b86460a88b8446525f542b077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
28KB

MD5
274aded33fba32eb80f099c3a7b03ddf

SHA1
780ba7b6de505cbea720dbf2fbbdac808fb6a9a8

SHA256
1d1f7b892f3861670aed2d07a619a74788a6e8948723c4ae7c09cc6d43cd2069

SHA512
23047cb9b9a1a36355e224b6c7b12df15ba0cf24162737341c866f2abc5239658d9c7a84ec3790fd92142b5107d3c455eb00f6f9c82862a671dceb52fcdbca43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
20KB

MD5
5d7359668cdbc28bee78a7b0768e96a4

SHA1
54a372073a576ba0a123defc30d434c1e78798e0

SHA256
87d1a2d0380d2cd7a761a6e641abceff46f4c27d75626fbbf08393ff3a1c6eb9

SHA512
84217a1b6d4fbd3319b832081fc167b9151bf5b7f1f0c3b715bfe129e8a207a9a179ee1ede7a0ca215755d61f2612da0a5ee920743be28aa09876bc42f850950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
50KB

MD5
3151a103b2afb98a4511d5b3df4affd4

SHA1
2037e9bfff6f16981075cb2d54320c5332289b48

SHA256
1a29dd9f016d9b501f9d632e341be9582e9905a5f6ce7175fc4a79f30f0437be

SHA512
eeec9135ece96668cf314633fd25cba260826d39066f26b16122b2f2f157cfd8138d436ee72be4530c48a327368001aca440a8ff3490b2402549304489d47478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

Filesize
64KB

MD5
6023e5773f57cbb81b497e5ff9aa5cfa

SHA1
952ef9fb373898152d0487a16bb27b6600f9c17c

SHA256
35a748146c5afb7bf936423cfdc905fbf4b974a4b592f940402c8e568b78b296

SHA512
25479b88ae880e02d875b3f3781919693bd281e56aa3ceab5c047ae2571ae52567aaf6aae9bc3df9e2461838195ddecf35af82116d0ac7f2668da27317ffed49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
18e19837b3580f2004812d75e01f2166

SHA1
da96e59ffc86b82aecacbe371a3084cabb9108f3

SHA256
242985fa7a8c12ff23e2b87d00adb66cab89fc6817ada2b4c4f3056a90a67455

SHA512
c348ece9559f0e6df41830d2833c1b39de91c68df531fbcd7505485951d1b750ece39c2aeefe540470b424d60ba8b6b1c76acb2fb03bf6759837038321e7ccfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1a1ff65e6867f2a8b59f2736e7c64537

SHA1
45288481e196f2f9ef7f25fb70c8e6a76e509eab

SHA256
231ad7421c2a24a18e7505e54295b762605e1a82a2580a2b2026d4d80f760313

SHA512
79fdc611ce2a446149596fbb13793ddbf5e9660fb4e0ae2315df066de1bb7153afa0565bafa515c618e1e69fefa899ab12e7b311f33d6b5ea703f20c094b52b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3622a34202efc939096f0bd75f8769f8

SHA1
3daa09b5a48404d35445f1e216febf3bfe950044

SHA256
ea747395dc4938e3a333bc46d25e67b82c0e7ae5133af5ab88a14df0adb3123f

SHA512
7bb5a4c2cc46e9a755fd1c301170ef5c53439f1a85029bbf744da97cd89d171b5f0105005dbf4e6a5deb5048ef8afa0542da34826665d0912c31d1d67dcb5f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cc273a11aaee566df5e488c134d16703

SHA1
7e3bbbba5d8b26c71a5145b0588c64ff5e389dfe

SHA256
615985fb3ec668b7056a09ef306a255b0154f4ed3ddd751f25b69f787fdb537d

SHA512
d3f1d438d987cb1456167313d6b5ebd871235a95f6d4db4f8f4dfbd79f4888c167d964aa81d0965cba80281ebe488343a21933829551eafad63733f0859247a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f94ad55f4e1520e82a11964350bee5fa

SHA1
5e522c05dccc2f0c26337ff8f7f4a90f2bee3350

SHA256
f0502dfdae9d03ae3c86413299f7d81534c05a6fde07fe65ceaeaf74be23ab52

SHA512
d3a8c13ee466ece307427b6afe6fcbbf02192b551365f26bba7040cd295239615a677ed98e18a001860a58880b22cf9d690a54edca69bd6c89b38ef596d00a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
40f4743a805a4e49a96d2a61a7e06c6e

SHA1
b0357d5a69853041f39e5b3332664dbdb45f3e20

SHA256
fba318df40c0618a08dc952a82d26888264b0edd8cfb087ffaeef18a1024ce04

SHA512
690991242e647849b71de4d1a7704d48c717803bc46aa9c238a2f6e6f7f6f122b0fb9c433820a42abb43f0ba7387ba4334562653a9dbe1798e4ab97c0fea33df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
74842d250e5bbe4c2f3101e065502973

SHA1
9316b1428e24a963316864fc806b53a34d4fc246

SHA256
9c5cc67e54aa920a678ac6901d13a281c374b0fd6baa4197615584de8eebb2fc

SHA512
53eb462b24ec6dc2aeb81394c286dc92c2add9554c79d148fb0899e65f583507f33d6f6f196cd5f3cc1a48290938ff8bca4f6103c14fc4c44c250b485b58c124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
802e4669e2a123fed95a5a78136cd42d

SHA1
0f0e98e44414fd8334896194698ba7e51e1fce08

SHA256
78b93a65feefcc534c2a4c9901ebf1bfdae69f7245b634bdc05b37c3fcbbc7f0

SHA512
8f4e615e4f344aa701a7aaa7819a80d0453348d76e9145942df366473ee67334c74ef696be9c1117e528fe9e9c6d3fbc53df6ec2fc9038edcdf7f5d77cf07357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
4991a57c3da561d515e716403ff748a1

SHA1
dee1d1e09c7c80247fab7485f95cd74e08a0071a

SHA256
3a1609a7d255d7fb4468398456c6b76251cd5f8d58c9d95b6aca428500e0bf0c

SHA512
f2c4b9ac8030d7b236d85756df823061712df6181ae06bb76e518e7bb72c888a4bcbc7fbb11e0e56ed4f4b6cfe01c954392fc67b61a8fd954949896584c87aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
753179d7de86a4d87f87d582676fbc5a

SHA1
765fd12fd3cbf4320c5cc5f0fa0866cd68ed15ba

SHA256
32582c1cbaa087da3080701cf5c973bcadf0e0522625a33c2df2ee48249be287

SHA512
169465955a68dc4787a809ce280154b6b8de2b551e74220388e47c09cef14af66024ea08bf45fd13e0caea34105979a3819821510e7b9a742f85c8d3be413a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
834b51edcda26ec8af88876d2905c00e

SHA1
c84754fca36dbf06df88c6ea6c15beddc29ab60e

SHA256
0dd635d1a690cf1ca63139b8ad023480008222a5f096cffea7415fbb51796335

SHA512
0a15363bddce4238d92b6d5d6b0dd430da99f20e686d9876c35f18c6d9720611cf7039f845f8ed93ca12e1f0cadc9a2f40b241a84c7600819e4fc12ad0b29cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
dec8beb90031226b64a3ff2ff56c0871

SHA1
5d889ec78ebe70471322f25966d726b2490a545c

SHA256
81cd2008ae4d9d27bd6cc7de002afb88806ea7a618c7b30ff54676e890d03a40

SHA512
2a45a9110f20e8392794f859f628d62c67e3e26b3029af688db0a7ff9b74e50797b1c196641fc6955e639512163cfe5b8d1f4962de464bbf5f65336f09e831c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f74c669a9b55b3fec419161c2b6b76b

SHA1
ce6186a3960d015e93fec238c63b1be07fa2d03b

SHA256
c140694d2be99e2b7bd839c34ba26aa4f5224025b0af48a41d2c50ad577c5425

SHA512
c28fba7ed0503cfcc3b51c44eb9ff3c101974462c4738608364f45d2a695fa820f88af6413e20191d4ef3437d99d3c0abea937c7a6f1b9e5219c2407ecf2a97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb75d60b58d2f37fb79e290f860a3e93

SHA1
8a0e2ef218c63447bbd624060c9ab769203d8b0d

SHA256
691871394cf3cfa6bda5ec9f36f326860a562bae8930d6ba84b695abc5e63b3d

SHA512
3aa7cb3e95f42729fc5bb42930b7d8f9e2f71b1f04c61620ea2752b4d862adf0e48806522901c4413f198571f7736187656494d6b637cfa2d9999e95ebe03786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
06eff32dce8b5bff7b8f01f1329ed775

SHA1
3a4a8b8727560cf2b4fc31f9c83bd880995af8be

SHA256
c8c3882e90719c3f1bf22bf45de3af53eafaca50b736731576422b36c1d3ea19

SHA512
30b18602165acbcd93cb6481eba9fe786b81ffbe03d576ef4d2284c652bcb67815d66111069ba4611b7410e9a838a0a4c46efdaea40d2b61bbfd572f306f9ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5f0efff9059cbe29aab23ba9091fb5af

SHA1
76674a84c86c2c49abee0bd6f8b58a305508523a

SHA256
ab4cdc8497149ab88e4f93a6bac6b83e04d26e7d958b464967bc7cebe084952d

SHA512
f3968c13829c5147975357f5feb41701f194077f4bd0a0b76ff85858f5b1a538dc7052ba06f8f7605479fefefacea266354af28bfeca60837897bef6d85bdef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
d34ff4b5e77ca4255cfb80fec0d701ec

SHA1
0e698cf37ac2246db5cf06114c3b269dd8699738

SHA256
1441c732f92fed7c47ea0df4ee365d5439a8d2cff2a17d310de9bfe5dee45fcb

SHA512
bd54eb2850bc5d538d2899a29183d9ec5f7c291773154cfe42daefb968dacb4c6bc333217db8e60deb1790bc96b5bfa381e049fdaa09d09f08919714ad93fbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
37f558abc3a105bc623892a07f6fca0d

SHA1
807083ccfc015b5d69011da5b05139b0b127cec6

SHA256
21acb56c3756fd5a947371036b9348306ae04c2998acc59fcfbf7c18b4f869fb

SHA512
4883a014e16b89379e79799fd2c44e243e33cfac0bca7f3045632bbad9f7dd09a286f2bee3629d0488f6ab107808c529e24ccb08cea743ba295e192a64ac5ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fc96bea9c6e5d1b1f01b25045bb40934

SHA1
ea60f6602675f76bba9322c7c7d7a72d627e678f

SHA256
2b302cbd7c5de49b111af25c7cef53ddeb2991dfcd869a60d392967a25101df8

SHA512
1e9703c5a0af97434a65ad039662f1e19820a69d9949dfe8e8bcff8fcc0982e086a6d89c36bc520c0cc6674bda3aa9011cb1db4a89fb9c4868e7b3f3af00d8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
b51b20859dbce45c532358b02198e306

SHA1
f4067836fdce474062506d8d535c08e8b3bfff64

SHA256
c82d9393543a26de3ce2a6ddf425b5e29b62db989f6bd2174c576d8b9a64a68f

SHA512
b061083c3f11069066ce831d614cad437541da94d6cd1173b7d2379717dc6d94125f95cefbdcef459cef6b584e798ede69b5752609cc086df5c8a645df9b2338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
ca547d967d229a7a1af1dd8d0d488ee7

SHA1
12ec9ad0613db7053f6d992e8879acf0e2802ea1

SHA256
4afa19544b46f01bcbe7ca8aa34e21c0be45a21e7d7b22625a8f88fcb8a84207

SHA512
7b0df8ad94fb83db87488cbcb419dd56440c7bf649c9c44396fdd994d2f9630632fa908abe971a2f8a4878877ded7a4c70e1738700be70949d2974edefbe083f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a173828d1f85b637dd74a62695ae2457

SHA1
5d468d6f34228a343bd8e6b82328f35e292fd457

SHA256
924419e3b239a0d3a0ea759a5d0e46750950b861274627b602ed05ceae3a010a

SHA512
6dbf84b04297707d3b9b068ba85eb95deaf5c508e380c3257ed1e47c23cfb7e7a501f9b4d4570f672971f23a075bc3b096dc544f68fb7c8fa8d28dccff326d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
bf99e21a687ab6eea20ff806ffbeb97a

SHA1
df2c8594c61329c1e2a71f9a183747a79dd73cd8

SHA256
db7a5e0184466676aaa3fa6af3e7a9b4d5002ba230ceb5390340dca345264da9

SHA512
fa633c3cb09ac5ece06f8721329c744811d2c356f9af639cfb59362819f9cce1c4b39d62f802743d21dc119bc4c319cf61199d91fdaf3d4b641bccb567ea073f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
ac1ff1bff0bf4dbe25a710050bc7ab20

SHA1
3367add9964ae47c8e8d5e2c47622802777f8144

SHA256
f67b078691f244df17a264bdb547e27543cca7f5db28d17a8d727390c76910c3

SHA512
f6b7c6c724566149d8eb2397f794c9af09228f42c17eb7afa6fc22ae213f466fe110f2184328b835f075b7f292acd145ab404eca715b6042137e6b371224ee50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e93531092e8a4defccd687ed8865a474

SHA1
bfc756a75cb169df80eadbfa9255c02abcb1c732

SHA256
09d8d42a51a331bf18ea5886d2b613fbb764bc75df6da3486023470f2af2e5d1

SHA512
e6e8a439575539407878aeeb09c2dcbb0c0d3c0552421ca5a3b10da22bd790425e5ab0e546ad9911762df91ca30ed8c7d5b782bcaaf6a61cbe3088399a5f34cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
55b969dfa834877c39464e7d465ef76d

SHA1
5d195f030077a27f229e2bf5b66cdb93db405c0b

SHA256
57afcf34b2ca17d024ffd6da47dabc3583247c4deb6723f8ef4fcf8871cf92f7

SHA512
fcd2bdbb0ab9874c13b4c3018b64c32e259a6084a4fe8c431439414fa1913b7ca197b223701feb2f6a0452b42693ec46ae15f90f575daf6211266102382db360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
163a9102cdcde311258b360a56dd3743

SHA1
bbfd0e55c58366fb84fef868dd575e7678149bf4

SHA256
6f51ea9607c15d271f52e8af1ad1f1515c7b4c8dbc393c4a00ce781237ec5379

SHA512
4424b3d2e1f1190dabfd338f16774948e68c6b4ab4635d7e6add8820efe1fd9d21446c700dee6d9c834aa68ea0db1f44d58e1b0fb87a74ca33e77f83fadec39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
356bf5b496e79810454fcc19fd061847

SHA1
a2e6f8cd5b008bce0309ca7f853941fb50dec86d

SHA256
61f7f5a0eb22a9a01661dc7f998d3cbcba36ab2026a375ec22974d6e5cdaa705

SHA512
3d386f62a8b3f43034206bcbc97c136a7adcc496ed9ee91905d1985060f5f5132f8bd95378d961d334aafa29af793e9b120654b6f57fc8a3a1d9ac99abfe6026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8e07a5fd2ece7fcbae58d7b7c25b794

SHA1
25b226208a8e5616a0f1b95eadd75679995243e0

SHA256
281e01afafb9dc2e2851dc695ccc558c72ab50eb6560db1053ad9a191a7deca1

SHA512
e7209528ac95f42b33f133feb41b772fcbfe1a0f014a2ac884e59939c9bf7b485219057f965067b1eeeac44cca5275757eb288ad5046a3df60c207be99e5b99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0131fe13ec53f0ee7526dc3bdc3e0f22

SHA1
9f7ade8e82a9310c2e63adedd5702d93d9671470

SHA256
0cec5f32af5a743ccaeba2756063f10e4fc697734ddf9dd50d69611855b7263c

SHA512
dd8eae56bc3c9f9baf2e6f6260ecc5a5fe957674bac9ace24b6982e1635f34d905e449202f90c82b45748cf0dcb5436d2d1e091ba05b9d18d1be3a852fff9d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac0d110b4c326234bc304d65bb868370

SHA1
044b252bc3485d762c60931c8de86606bbd5828c

SHA256
e1620968de693d2e857af06ce0a80f6ad823b9a783703a050e865d43dbdae870

SHA512
898d7eafd1c3ef83f15a9cbd09e35f8ff6b4730c5abc4555b933fa788f98cf8863a93751dd495f74593ea1f2c6e56a5852bce0ce8ac582fde64e98efba5c3e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0f88016d3bff0d0625f8a23e14f49b1d

SHA1
0156ba80a9031a6bbec17682d6dfa431dae444f5

SHA256
cb912a9edf9f9cf0f20c5d0966dab74d450e605606eb339e52b3b7a7542752bd

SHA512
111335609cd7517705ed0d2615678e414a434e35bace5afbf98e98bd8cb898d49430a1d16f53d2468cd62e649c9032bb961b6fa4945b966d9eb7507769e5948c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a61b703c0faee722f5529ab1e8256163

SHA1
17073d7db3eee4f7679f7786c18a41472e5162fa

SHA256
b02da92596373231b4a5a6b6741d2587c5496a857ceaae01f5bd877dc91e2da2

SHA512
8495c5757e4a144b7a75242eba984b44f5fc41482ac9c4caf9aae96bac30ccc966c25c829fa47780e78971e28825f6b1fd46b662159b547902ab80dc35204239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
994c6b40c122ed0c2b48f738d713c98c

SHA1
15d8e5750b88b9cd88d0850cd0bfc78c69973c1c

SHA256
58829e9c7ea66864c80a3bb0356fac004f2d29eb7dc9222e576b7878d0505d73

SHA512
1b6b18b3e263dcd769a35d1640c13bec0d3c1acf5876a465df01ef66a7f4c7b5696d057895c785a27e7a61c3ce6e9960bbce6ae23969607848e1346e0310eb14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1799c255e29b93f03a131d52bf2bc690

SHA1
7cfde9dd8c06c66b7961777fad6dcbfa5c66b4d2

SHA256
7c813ef4fac0e370eecceeeb35a76d4252182a3ba91188de66cdba975b2cede1

SHA512
c256ee0d9f85be688e5a0e7596e94d2f34c18107aeb5e4e60c8e9c52429939c71d3b359c80c766799d4c4db7b79440f90b06774192d7958e8e5992bb793a1878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9fbe87fd72172380c1e9dc3d78116766

SHA1
7b157e26743adec30c493afbb59fdb3eb64c9a8f

SHA256
918edffdaea331c5d0d83e32ab45c805ea05ad726b187713d38e16db6da63511

SHA512
7954fc426a0dd83c49babee9cbb0300a83721a716b0caf20da4fc31445eaa78e48c16dee69735a9439a778ba9f217ecb1915600a1e1fd98d6a4ff43b33e94516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed462094c6350ed3e6f4643bfb4c2ee8

SHA1
962b098f3530be9b6408e5d5c0fea7cad02afe00

SHA256
7a08dd764e79764da81f4e5c2aec13df11e79d6f57a0aad7e0fd3256bb8fe912

SHA512
08423ce7efd04c2eaa10ee14209625a33b7b6f054d3838e7bcb17b0e82f91d5d5854da5f2f6fed0a031d9b5d34edc8dcf53fe5e2572a800303ae83f8715204f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c46134f11b1e3e71df6b4439b585c6c

SHA1
ede82fc7c2c23dbcb5bc4f027dcb20e6bb3bdafe

SHA256
0b53241084c08f0a0b47cffaeb71795cb42b2876bcadbefc0255731927e96c70

SHA512
950001248e9c7cf767cd61122812c40f67b542deeae3782178218aadd55b5972949e7f176565dde5f3f5eb2b8132ef8088b6a827fe7d4a1989f0bd4d860aaa1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa9cf39d4a044a48b4cb30bc7acdb8ea

SHA1
1a12078849fadccd5a68c62d8567332297ac0d3c

SHA256
17f170b1f977bfbe4ce88f16340a94bfad0d7e7918fc30fdd279dc647531614c

SHA512
2067903fa6f3e877337378cc5a1aac866e5ad2576fed1c9c31b899d62fa2fdb5f91bc8b48119bf99377bf970533848183359758534e8a8e6e16de2a476732f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
721263aaf8762006f719f2195022ee96

SHA1
efa80396d785ad58e90aa134012a7c39d0071b29

SHA256
fb9e5bef0ed1364e25a688e08ba9eeabb10c017a7ed50c503a4d2f35fee152da

SHA512
5f5c8b76b172c3f56858db54cfcf7d6856511c45c3f5ae47d996c03ea429847e448d22b85b38aaea3253a65cc8d3955dcc38ad405328d7257e9e509e2524fed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
4f09975bbee5bce581e909d368416b18

SHA1
dcc5028b69e521e3c609e71989efe87e0318f377

SHA256
f875357396c43545a31cb0ff8fe4b9ec7b38b0c80b3d5bfa28abf81a20379412

SHA512
476e3d76c1bbb433978e6dfd57dadbe13c9bc0e7368efac6a7bec35fc558913abf54fd17df87ef939ec60c66fb0660987a22ad20e04d008919f13881b282c6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
dbd61e69c706f0cc16b29fa67b788a75

SHA1
b9ca67b79ea48567c2ea7eab2ab17e57f98efcbb

SHA256
eb692e92d2fc1c78ef71f79a4bbab478db0e886761b03a096b9e670c3185a163

SHA512
6a32e1e2fece4ec66a234059d7c09c4672e099245073fd966cf435334430636092e91609da2c321d5221154da4b1d2288588bc163750b0b9b320afb47d59b1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
73783bd851e7eab38b120a4cd7058abd

SHA1
88829ba0377f2bea3c7021cbcf3414ff1413dafd

SHA256
2c51e48836864405f7ff9f9d3cc71c343d809edf6605c85d2b62adadea20428d

SHA512
2f1a7758a1bf79641f9d452f3528c76d2942be68d115e19a033391be7a284e75d5663f53af67b6940a3691078387a97b98188dc56f3f50708c328943c6d86874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
07d3a327d6ad3042d3c106c109704183

SHA1
966c472b521dfdb4432caf70d80eaec67a5dae1e

SHA256
6a297257989ab3b882f74f458a855c172d593ea803f827c953611ecba20d1600

SHA512
934a714cb671e8b672b8503cfd72483c4a495bc9c657947790109576e7a8245ee140ec2d7fecf6485ae19f09bebaa051437308abeeb66ba983a78893459305aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
ba31642768bb8fcdd28c592d11a0a353

SHA1
84ea66183d779597a1bed56b8ff8551efa3fb89f

SHA256
9c0c3d90cb612f4f4f5130d88d3d762d5c556c70de5a7fc5d493f956f22565c7

SHA512
65166e80580b530be9673c6fa50c592b835d5c508d334ad5bfbddc497a57b1d7b96f12cc20aadfd3032f1a4bbbec58a52eb98635e4f6652008d5655e8e16cddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
c7d5d924a7ceae3d01541f68cbaf0ccf

SHA1
f58feb8e1638d165300b3903663032c1b32396f8

SHA256
b3a37f1f523eedf3fe0a14853344efcf16785632f160eb3e4097f2aeab606ddc

SHA512
c3f9c245b4cb5fb2185bc631b6c8802ea2baf31989bae2a6b664cbefa325289d5392b615b81447179c494a9fceeae00617e9c4838bdbdb25a294b8a5483bfacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5929b6.TMP

Filesize
97KB

MD5
d6a8bff7893f387980a0a0c70187425c

SHA1
01e067d1c7b25ecac11acaf0edae8806e20c8616

SHA256
77176d0768824a60bb88c5a4c804178dabe94b216f2cf2673742edad61681c5a

SHA512
a87d04c7c9b92ecce9893ebf058ef2c43bb9bcb41aa081809dbf7f689c781ea8ce692901221977fb890455dd319d1828db10782f18235f056c7d319a109ca214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmDD44.tmp\nsisFirewallW.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.json

Filesize
4B

MD5
5b76b0eef9af8a2300673e0553f609f9

SHA1
0b56d40c0630a74abec5398e01c6cd83263feddc

SHA256
d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817

SHA512
cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d

Download Submit
C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0.rar.torrent

Filesize
15KB

MD5
636734ca2e0b0e58249525f7cf46a1ce

SHA1
caae01628619e12a16d260cd8ea95c9332e180c0

SHA256
2c0ed14199f3ed0a8b173efe712bb7d34515b85369e094918153d2448a5b12e1

SHA512
eb2bf28358013cb59eff06aa275b9d10fbbc6c70bc8fa6d84dc72b967a617fec9d4cf861a6907a8407943272a13a921f9f50084cae922d3b35ae0f47f7eb757b

Download Submit
C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\Downloads\Caves.of.Lore.v1.4.3.0\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe

Filesize
34.1MB

MD5
daa53d95d6935aabaf66a0607110fed2

SHA1
0c3a414b34f343a9c04be2770e111a2862c88693

SHA256
49120084b513287ae224f654854a88ed3a8bff124efa63d57db3f81d16adb846

SHA512
759b898608242eef9e8c401bdf40c69d7efb9ccc5444c1d842a2a9d91de156b703ef53ff08052b3e78c5bd04b6412001ec69a6baac1b6b0517571a99f6e73d5c

Download Submit
memory/4284-1595-0x0000020A87AE0000-0x0000020A87AF0000-memory.dmp

Filesize
64KB

Download
memory/4284-1580-0x0000020A87AE0000-0x0000020A87AF0000-memory.dmp

Filesize
64KB

Download
memory/5708-2496-0x00000225672B0000-0x00000225672C0000-memory.dmp

Filesize
64KB

Download
memory/5708-2497-0x0000022566EA0000-0x0000022566EB0000-memory.dmp

Filesize
64KB

Download
memory/5708-2498-0x0000022567650000-0x0000022567660000-memory.dmp

Filesize
64KB

Download
memory/5708-2499-0x00000225676E0000-0x00000225676F0000-memory.dmp

Filesize
64KB

Download
memory/5708-2500-0x00000225676F0000-0x0000022567700000-memory.dmp

Filesize
64KB

Download
memory/5708-2501-0x0000022567700000-0x0000022567720000-memory.dmp

Filesize
128KB

Download
memory/5708-2502-0x0000022567720000-0x0000022567730000-memory.dmp

Filesize
64KB

Download
memory/5708-2503-0x0000022567730000-0x0000022567740000-memory.dmp

Filesize
64KB

Download
memory/5708-2504-0x0000022567740000-0x0000022567750000-memory.dmp

Filesize
64KB

Download
memory/5708-2506-0x000002234C580000-0x000002234C590000-memory.dmp

Filesize
64KB

Download
memory/5708-2505-0x000002234C590000-0x000002234C5A0000-memory.dmp

Filesize
64KB

Download
memory/5708-2507-0x0000022567750000-0x0000022567760000-memory.dmp

Filesize
64KB

Download
memory/5708-2508-0x00000224D02B0000-0x00000224D02D0000-memory.dmp

Filesize
128KB

Download
memory/5708-2509-0x000002253C3A0000-0x000002253C3B0000-memory.dmp

Filesize
64KB

Download
memory/5708-2510-0x000002255F3B0000-0x000002255F3C0000-memory.dmp

Filesize
64KB

Download
memory/5708-2511-0x0000022567760000-0x0000022567770000-memory.dmp

Filesize
64KB

Download
memory/5708-2515-0x0000022566EA0000-0x0000022566EB0000-memory.dmp

Filesize
64KB

Download
memory/5708-2516-0x0000022567650000-0x0000022567660000-memory.dmp

Filesize
64KB

Download
memory/5708-2517-0x00000225677D0000-0x00000225677E0000-memory.dmp

Filesize
64KB

Download
memory/5708-2518-0x00000225677E0000-0x00000225677F0000-memory.dmp

Filesize
64KB

Download
memory/5708-2519-0x00000225676E0000-0x00000225676F0000-memory.dmp

Filesize
64KB

Download
memory/5708-2514-0x00000225677C0000-0x00000225677D0000-memory.dmp

Filesize
64KB

Download
memory/5708-2513-0x00000225672B0000-0x00000225672C0000-memory.dmp

Filesize
64KB

Download
memory/5708-2512-0x00000225677B0000-0x00000225677C0000-memory.dmp

Filesize
64KB

Download
memory/5708-2520-0x00000225676F0000-0x0000022567700000-memory.dmp

Filesize
64KB

Download
memory/5708-2521-0x000002258B800000-0x000002258B810000-memory.dmp

Filesize
64KB

Download
memory/5708-2522-0x000002258C7F0000-0x000002258C800000-memory.dmp

Filesize
64KB

Download
memory/5708-2523-0x000002258C800000-0x000002258C810000-memory.dmp

Filesize
64KB

Download
memory/5708-2524-0x000002258CCF0000-0x000002258CD00000-memory.dmp

Filesize
64KB

Download
memory/5708-2526-0x000002258CD10000-0x000002258CD20000-memory.dmp

Filesize
64KB

Download
memory/5708-2525-0x000002258CD00000-0x000002258CD10000-memory.dmp

Filesize
64KB

Download
memory/5708-2527-0x0000022567700000-0x0000022567720000-memory.dmp

Filesize
128KB

Download
memory/5708-2529-0x000002258CCE0000-0x000002258CCF0000-memory.dmp

Filesize
64KB

Download
memory/5708-2531-0x000002258CD30000-0x000002258CD40000-memory.dmp

Filesize
64KB

Download
memory/5708-2530-0x000002258CD20000-0x000002258CD30000-memory.dmp

Filesize
64KB

Download
memory/5708-2532-0x000002258CD40000-0x000002258CD50000-memory.dmp

Filesize
64KB

Download
memory/5708-2534-0x000002258CD50000-0x000002258CD60000-memory.dmp

Filesize
64KB

Download
memory/5708-2533-0x0000022567720000-0x0000022567730000-memory.dmp

Filesize
64KB

Download
memory/5708-2528-0x000002258B810000-0x000002258B820000-memory.dmp

Filesize
64KB

Download
memory/5708-2537-0x0000022567730000-0x0000022567740000-memory.dmp

Filesize
64KB

Download
memory/5708-2538-0x0000022567740000-0x0000022567750000-memory.dmp

Filesize
64KB

Download
memory/5708-2539-0x000002258CD60000-0x000002258CD70000-memory.dmp

Filesize
64KB

Download
memory/5708-2540-0x0000022567750000-0x0000022567760000-memory.dmp

Filesize
64KB

Download
memory/5708-2541-0x000002258CD70000-0x000002258CD80000-memory.dmp

Filesize
64KB

Download
memory/5708-2548-0x0000022567760000-0x0000022567770000-memory.dmp

Filesize
64KB

Download
memory/5708-2556-0x00000225677C0000-0x00000225677D0000-memory.dmp

Filesize
64KB

Download
memory/5708-2557-0x000002258CD80000-0x000002258CD90000-memory.dmp

Filesize
64KB

Download
memory/5708-2558-0x000002258CD90000-0x000002258CDA0000-memory.dmp

Filesize
64KB

Download
memory/5708-2570-0x00000225677B0000-0x00000225677C0000-memory.dmp

Filesize
64KB

Download
memory/5708-2571-0x00000225677D0000-0x00000225677E0000-memory.dmp

Filesize
64KB

Download
memory/5708-2572-0x0000022565320000-0x0000022565330000-memory.dmp

Filesize
64KB

Download
memory/5708-2495-0x000002255F3B0000-0x000002255F3C0000-memory.dmp

Filesize
64KB

Download
memory/5708-2494-0x000002253C3A0000-0x000002253C3B0000-memory.dmp

Filesize
64KB

Download
memory/5708-2493-0x00000224D02B0000-0x00000224D02D0000-memory.dmp

Filesize
128KB

Download
memory/5708-2492-0x000002234C580000-0x000002234C590000-memory.dmp

Filesize
64KB

Download
memory/5708-2491-0x000002234C590000-0x000002234C5A0000-memory.dmp

Filesize
64KB

Download
memory/6596-1503-0x000001EEC3E70000-0x000001EEC3E80000-memory.dmp

Filesize
64KB

Download
memory/7896-1570-0x0000022BAF400000-0x0000022BAF410000-memory.dmp

Filesize
64KB

Download
memory/7896-1365-0x0000022BAF400000-0x0000022BAF410000-memory.dmp

Filesize
64KB

Download