2702cdc4384ca57de294f1cab900dd678296809fb4930dd1416035fe2ecc5a5a

Analysis

max time kernel
128s
max time network
158s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
20/02/2024, 19:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bitcomet_setup.exe
Size

2.5MB
MD5

e4fc74f5c702e0b7f4bf573ab02cac24
SHA1

91ed9030122ccc5891a0b69c8ce875c9dd6ce67f
SHA256

2702cdc4384ca57de294f1cab900dd678296809fb4930dd1416035fe2ecc5a5a
SHA512

433246c3efb6dac678da8a79eeede46b217311beadb006bfd70ff4d2b0da4bd894739f7f8205c56c8cb55205574520ab12819ddb0e5f94b67670c201ec0eb646
SSDEEP

49152:qBuZrEUFx+H98AHaCfu62Mcttjw4sPf5mlzPHAs0ed7+HRsMy:MkLFxE9vBu1Mat2fgHNQHRsJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
2292	bitcomet_setup.tmp
2352	BitComet_2.05_setup.exe
1888	BitCometService.exe
2816	BitComet_stats.exe
3116	BitComet.exe
3448	BitComet.exe
2628	BitCometService.exe
5040	UPNP.exe

Loads dropped DLL 16 IoCs

pid	Process
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe
2352	BitComet_2.05_setup.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	bitcomet_setup.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	bitcomet_setup.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\SOFTWARE\AVG\AV\Dir	bitcomet_setup.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	bitcomet_setup.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	bitcomet_setup.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	bitcomet_setup.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\SOFTWARE\AVAST Software\Avast	bitcomet_setup.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	bitcomet_setup.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\SOFTWARE\Avira\Browser\Installed	bitcomet_setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BitComet\tools\FirefoxLauncherManifest.json	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ku.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ms.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-th.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ur.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\Updater.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-lt.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ug.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\VideoSnapshot.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\ReadMe.txt	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-el.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-en_US.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-eu.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-hu.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\FirefoxExtension.xpi	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ar.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-et.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-fr.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ja.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-zh_TW.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-it.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-kn.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-nb.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-pl.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\uninst.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\WebView2Loader.dll	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-de.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-he.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\BitCometToastsNotifier.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-pt.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\ChromeExtension.crx	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-mk.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-sr.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\EdgeExtension.crx	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\License.txt	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\ChangeLog.txt	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\BitComet.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-sq.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-da.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-vi.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-zh_CN.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\HowTo-Translate.txt	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-es.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-fi.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-gl.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ko.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-nl.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-hr.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-ru.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-tr.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\ChromeLauncher.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\BitCometService.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\CrashReport.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-fa.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\ip2location\ip2location.bin	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-bg.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-kk.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-sk.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\UPNP.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-bs.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-pt_BR.mo	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll	BitComet_2.05_setup.exe
File opened for modification	C:\Program Files\BitComet\tools\BitCometService.exe	BitComet_2.05_setup.exe
File created	C:\Program Files\BitComet\lang\bitcomet-hy.mo	BitComet_2.05_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5056	2816	WerFault.exe	93

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	bitcomet_setup.tmp
Key created	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	BitComet.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BitComet.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	BitComet.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bitcomet_setup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Low Rights	BitComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	BitComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}\Policy = "3"	BitComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}\AppName = "BitComet.exe"	BitComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}\AppPath = "C:\\Program Files\\BitComet"	BitComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\BitComet.exe = "11001"	BitComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}	BitComet.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529298403426303"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\DefaultIcon	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\DefaultIcon	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bc	BitComet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\HELPDIR\ = "C:\\Program Files\\BitComet\\tools"	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell\open\ddeexec\Topic	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ = "IBcAgent"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\VersionIndependentProgID	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\Programmable	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\AppID = "{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bc\shell\open	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\ = "BitComet File"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bc\DefaultIcon\ = "\"C:\\Program Files\\BitComet\\BitComet.exe\",1"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BitCometAgent.DLL	BitComet_2.05_setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{59CABE4F-3BB1-43bf-8AF1-D08E4C6F1660}\Policy = "3"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell\open	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell\open\ddeexec\Application	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell\open\ddeexec\Topic\ = "TORRENT"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bc\shell	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BitCometAgent.DLL\AppID = "{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent.1\CLSID	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\MIME\Database\Content Type\application/x-bittorrent	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\TypeLib	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell\open\command	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ = "IBcAgent"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\0\win32	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\HELPDIR	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bc	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\CurVer\ = "BitCometAgent.BcAgent.1"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\DefaultIcon\ = "\"C:\\Program Files\\BitComet\\BitComet.exe\",1"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bc\ = "URL: BitComet Transfer Protocol"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Software	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell\open\ddeexec\ = "[open(\"%1\")]"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\FLAGS	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\bittorrent\shell	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL: MAGNET-URI Protocol"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent.1	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\FLAGS\ = "0"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\TypeLib\Version = "1.0"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ProxyStubClsid32	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\BitComet\\BitComet.exe\" /url \"%1\""	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\CLSID\ = "{C8FF2A06-638A-4913-8403-50294CFF6608}"	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\Implemented Categories	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\0\win32\ = "C:\\Program Files\\BitComet\\tools\\BitCometAgent_1.92.7.9.dll"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8A058D1-C830-437F-A029-10D777A8DD40}\TypeLib\ = "{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}"	BitComet_2.05_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1529921725-1823547078-1350365960-1000_Classes\.torrent	BitComet_2.05_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\InprocServer32\ThreadingModel = "Apartment"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\ = "BitCometAgent 1.0 ÀàÐÍ¿â"	BitComet_2.05_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\InprocServer32\ = "C:\\Program Files\\BitComet\\tools\\BitCometAgent_1.92.7.9.dll"	BitComet_2.05_setup.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2880	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
1476	chrome.exe
1476	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2880	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp
2292	bitcomet_setup.tmp

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
2880	vlc.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2880	vlc.exe
2352	BitComet_2.05_setup.exe
2816	BitComet_stats.exe
2816	BitComet_stats.exe
3116	BitComet.exe
3116	BitComet.exe
3448	BitComet.exe
3448	BitComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 2292	3124	bitcomet_setup.exe	74
PID 3124 wrote to memory of 2292	3124	bitcomet_setup.exe	74
PID 3124 wrote to memory of 2292	3124	bitcomet_setup.exe	74
PID 2292 wrote to memory of 2352	2292	bitcomet_setup.tmp	79
PID 2292 wrote to memory of 2352	2292	bitcomet_setup.tmp	79
PID 2292 wrote to memory of 2352	2292	bitcomet_setup.tmp	79
PID 1476 wrote to memory of 5064	1476	chrome.exe	81
PID 1476 wrote to memory of 5064	1476	chrome.exe	81
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 5024	1476	chrome.exe	84
PID 1476 wrote to memory of 3480	1476	chrome.exe	83
PID 1476 wrote to memory of 3480	1476	chrome.exe	83
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85
PID 1476 wrote to memory of 4660	1476	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\bitcomet_setup.exe
"C:\Users\Admin\AppData\Local\Temp\bitcomet_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Users\Admin\AppData\Local\Temp\is-KSTEQ.tmp\bitcomet_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-KSTEQ.tmp\bitcomet_setup.tmp" /SL5="$70204,1667943,874496,C:\Users\Admin\AppData\Local\Temp\bitcomet_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\BitComet_2.05_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\BitComet_2.05_setup.exe" /S
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2352
  - - C:\Program Files\BitComet\tools\BitCometService.exe
      "C:\Program Files\BitComet\tools\BitCometService.exe" /reg
      4⤵
      Executes dropped EXE
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BitComet_stats.exe
      "C:\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BitComet_stats.exe" https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.05_setup.exe&p=x64
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 2076
        5⤵
        Program crash
        
        PID:5056
- - C:\Program Files\BitComet\BitComet.exe
    "C:\Program Files\BitComet\BitComet.exe" --no_elevated
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3116

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResizeSearch.au"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x88,0xd8,0x7ff8922e9758,0x7ff8922e9768,0x7ff8922e9778
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4016 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4720 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2624 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4028 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=480 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2992 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5364 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5760 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5752 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5208 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2724 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6216 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6348 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6520 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6880 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7096 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7256 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7416 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7596 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7564 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7576 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6876 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7392 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7208 --field-trial-handle=1872,i,6165786721981343990,4750217690251515262,131072 /prefetch:1
  2⤵
  PID:5384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1712

C:\Program Files\BitComet\BitComet.exe
"C:\Program Files\BitComet\BitComet.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3448
- C:\Program Files\BitComet\tools\UPNP.exe
  "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 12447 -udpport 12447 -q
  2⤵
  - Executes dropped EXE
  PID:5040

C:\Program Files\BitComet\tools\BitCometService.exe
"C:\Program Files\BitComet\tools\BitCometService.exe" -service
1⤵
- Executes dropped EXE
PID:2628

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:5732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BitComet\BitComet.exe

Filesize
1.3MB

MD5
c6bbdde3facdbb1c3493f5ab98acced6

SHA1
e1e75e5f677b2173b55d27d14e9e84bdb05ebc15

SHA256
bab56a302a663e60b005612058b003516fcde794796277d485202f31075ebc81

SHA512
29a802718f953818679e59a6024c339b3d2fdf91734f55d644dfaea22225b2888ad6a0f4b7009244d8a30ec86b0c408bae6d128d8b0dbed598c72635842f91f6

Download Submit
C:\Program Files\BitComet\BitComet.exe

Filesize
14.9MB

MD5
fe0c912648f18cce59c78515b7e74af7

SHA1
1caf5c7db713529046b27aa5c8bbf91efd55b636

SHA256
63f88dced2cfc7b9766c9c61eb7b36c251637eb4f280f8198bf3c4c6489580bd

SHA512
cbeaf97206b95cb107ab09d9a9b78bf2e14678fabfa2531122be692ab1063c8b599acd5adba00ee662df3941d0aea2430e33b668d783d4e5b0d2cf5f14fb0067

Download Submit
C:\Program Files\BitComet\BitComet.exe

Filesize
16.8MB

MD5
6514c2184f5fc849b5c3ec9c529ce5ed

SHA1
a6f0ca69305f6f7993a056c51a86dd8a758b44a4

SHA256
4476334315c18f19b50f895330df751a98c86d48e6af7ba5849101d4c3e2eec3

SHA512
e9ab67aa180d1138525b1f60faa61ed8896da5ad5862737b089b7033c7ccbbe53194b9cb55e0cd9367909ebe2e7d68bb9a7504de08447181504350fdbe29cc4e

Download Submit
C:\Program Files\BitComet\BitComet.exe

Filesize
1.3MB

MD5
adc5beb54c03f61beb806ae2d93c8a1a

SHA1
988ca6ef2ef9e2aaa001c6a1469ef7de664c9174

SHA256
32b1a0a18fe586ba5ee989b1be29193052f196a38018eb5b55bbb89b45125613

SHA512
15ecbe4021a1bfa9d57536b4d42ad585492e49124979a0c9c1a36ff5a0480eafe32240f7cb039752cb63e80d2b3c5d7d69eaf026c8514bc6872f21f0fd86caf1

Download Submit
C:\Program Files\BitComet\CrashReport.exe

Filesize
1.9MB

MD5
af3a99efdd6a70f8418431b2dd5daf10

SHA1
d43721f53a5d62a7aea22979abe41a97576e33d0

SHA256
019c73a89eaf7c0d5a5817f2acbb3a7556ef08e1c5a465a739701ffb617435ef

SHA512
3ca7284b0122d58adbed7c69dc6e842f2d26cd409453d1910d75d73c38464719fcc04bb5b624d5f69e6e93e3bff9c5bb5851770ef5c4a1d3d1a6b0586eaf6d13

Download Submit
C:\Program Files\BitComet\WebView2Loader.dll

Filesize
154KB

MD5
577f05cd683ed0577f6c970ea57129e0

SHA1
aedf54a8976f0f8ff5588447c344595e3c468925

SHA256
7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf

SHA512
2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047

Download Submit
C:\Program Files\BitComet\ip2location\ip2location.bin

Filesize
4.7MB

MD5
339f832e5c73a8aceadaf721d47cbfc5

SHA1
e59e47d06df00c1553debba3a57c2a218f24a761

SHA256
39c429ff8ccfc055b4b9ab0935bccbd54e1554f94e00b03e63e6d32c70284043

SHA512
1b1463450f1592b2a9de7faf729438f7e807d0de9424b361d275200dab7b8a8f6a54721f6c468c6fe8af9439da4ff3eb429f2eed49e00f6e7300ff00a4088201

Download Submit
C:\Program Files\BitComet\lang\bitcomet-en_US.mo

Filesize
825B

MD5
17c3fc235a867e450d26f423436fdfd4

SHA1
20d930b8172eccb58d1af81b8576eb3a083cff6c

SHA256
163533015c4ca7bdeaa0bd768851b27fbf275e5dc36e8d225c5e06b4cda5e2de

SHA512
c88d6b5913d436089d2fd286d95cd5d62f9db73eb0cbc261928820d035286016c16ea65526514d5c4373ab962cb8234f2d6ae311f5e5c45185bcc6848b5dc8e3

Download Submit
C:\Program Files\BitComet\lang\bitcomet-it.mo

Filesize
244KB

MD5
e1ebfe3753f2703366317bc47b280e25

SHA1
0df1f140715aabc1beafba9dfe6b23fc7b417dae

SHA256
8049db9a49c3167efb38660707eef9767bd44872eef77d6ea4f2aae7ea2060b1

SHA512
93c9960c07dfd7640c5705ceb315ce612bb5c120bfa4f5ee8c03d76fdef16521ddcef283ddfee87565775085e76d4cdf1f306d7e98f30a93f2585522b934ec34

Download Submit
C:\Program Files\BitComet\tools\BitCometService.exe

Filesize
768KB

MD5
04d89a31529bf87c0f9a5424432b9f20

SHA1
80c62c739eacfff465ad016b78f141c944a50a0e

SHA256
e69020b5faa9221a50a1ef9d3da1474ed5848926545874c2ebee46145e0e712b

SHA512
8c8cff673a3f78432ae2dacd3732388c7fce5dbe246bd76821340a2010d09ee3f938fc1296e245fd3fda37e648dd55ecf4deb8f481dfe9df5aa37e30a09ba781

Download Submit
C:\Program Files\BitComet\tools\UPNP.exe

Filesize
320KB

MD5
c69edfc7b05a9f455227eea3b2df06e2

SHA1
f386ddf3db6c60c8bfe61071907cb216bc2cf4e6

SHA256
3e8aa738927868b6d57258c8271fb10b45bed3063e14f66f67a863baa64a6d52

SHA512
456a5c5b8c7cdbc268bd638acd46c674e4db6b0760845c376b4cd84c00b622432f82d1de206da9ddc7d0e0231885d5975e3e22bac91c6873b653fec953dfa7f5

Download Submit
C:\Program Files\BitComet\tools\UPNP.exe

Filesize
42KB

MD5
e1a56f69709a86acb80094f9160cd773

SHA1
d76c96790b0fe66b4dba2ac5aebf86d1e54f246c

SHA256
70f2ae0ca16dd9ca762120f7d63dee5aad9d502e1b3373cca9a715f6ab06a74d

SHA512
6b122e5f8cd4e0546e068e786cdde98096afa1567d693b431d0097f48be3e5985d1785eaa7d42c73b60859cbfd05e109bbbc03819629c829cc67b7f4ef4d0b83

Download Submit
C:\Program Files\BitComet\uninst.exe

Filesize
320KB

MD5
0c42b68631d8f553658f0e3ed215d7d0

SHA1
8fb3792f0f1ef265503f75444dd31f2eb09bf2b3

SHA256
0913076c59a0f3ada2f8a018f5b474a6adf67719ce301f2063f7b2cd906b4707

SHA512
313a69493ad15e79030f8bd36960c36d195cdf8435e56c66fb2f5534907ec6f7ff45881c20871215d1044201cd024d31b4487afd378799ae6530f8d3bed8caf5

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\BitComet.lnk

Filesize
1000B

MD5
00aa6bf63b488393427b0f16cfb10492

SHA1
976b96d68894369c0b09e3498e79035cb0b93d0b

SHA256
a1a25cc7057f4d60e88dd1dabb85bc16cdece426aeec1c91ed59d438359f2134

SHA512
d69d6323da7a23b4bdf9501b9be14894f97be8bda5e83251152a4e7263fe3d4302e7faf01dc6dd338508f2bfa1d440012e97bf16c1be4576923e358633343a5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
55556c81150acac1be8cfa963f2b82eb

SHA1
c0cf64bf5c2da8f0448bbb06a519c10eca6d2793

SHA256
e855eeea8d129e693ba0fded32735de794ed1251f5ec5de80f3246f520cab101

SHA512
7ef82b2a9ecc6b0133f8f0cbdf89bb7049fd43fec2cbaf98a2a2d4a2e4108d233dbc498913ea146478a7aa726cb45b80e2396938136cf6ad7e8bb4ab60150d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
61KB

MD5
a1eb05b2e53b4908558d8ff04593ba0d

SHA1
cf7fc2706462d69876d05b3a8485a5b5ff71bfdd

SHA256
d95fd728438d7db547d3f5aa714b2bc81add8cce4dd03b0ce479d2dcfc61bd52

SHA512
108ab871d7bb98b5feb0fcbf6705710b34976da63ffe1033c8b3fe9ef2723238d9686f3a1d49f64b6f11dacb69953effd81badcf4ff42d3506bf0e85fcbe9b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3b2600518a7dc85428a64b618a893556

SHA1
c5c837b2ec4931029a5baaffc8d5d18a9b96da39

SHA256
7090e3d715b2a49c300387f9467ea0635cbfb17895720609f799691ed5a602e8

SHA512
cdafc38d0dc706762e249bd909ae15253974e7f0e6945d00148df1d1d43645dd6c8dbded4d55ab38b5510c15a33e87c3c31564b072f8cb6fe38921eb29294043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7c7503874a074feebd283767beada3d2

SHA1
14fde93437187837717d16f742ab476f355f5b39

SHA256
30a6ff29bdeba563b6026055d5fd865186bbbaf03080a6ed7efe97a403d44588

SHA512
a9480792b4f27584f8681a5a12e34cd7d68a28c913e039aa7949646c58bde01a73c028faa996f0e33c973a3d0e08d9cd0ea39af3a8f70e54f448b4b482697bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b5e127e617332dde35c07482eefe016c

SHA1
f3feebabd1116b6fd93097934d7c165c3406aa8c

SHA256
0ae944c31096ef7041d70b0a5a2ec7240a8dc189bb62d399f7b14338a59918ad

SHA512
0e044030cf9a7cd0a95592d8d11609f7aedaa21b66ef8bcac8b7c9bb418d1cb0fcaabd369671d013260693e5e4b9a0562bde51540775b8245e1a5b27ada3905a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b11f48afe5ed421eb590f256188a972

SHA1
1361683d40ed318138e61e724b725025f2f0a549

SHA256
a0f9ec8ad03fb8cd2cfd90a2134e41f6523c773f4a428bd6e2dc64daec8c40b6

SHA512
24c5d1718a42f79b0978155d80c8f6c208352234403161d2fa7a5c1e060444be222a37b02f37879f44fbb6e31130e2370e302140dbd972bdc0ebc08841c9db7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7431ecb26f5fc4fb04ed984e72de516d

SHA1
96b33de28b46d7e5bacc36bb7fcab36e1e1a5a98

SHA256
b10abb33384f5a180a0522f0d3f9d3b9066b4a9e29d83e6e5a9e9156911b8d1c

SHA512
b2f6c9e25baf04eb8168758f4711960811af18170a281bb191137a11a55bf0eabb8f8735b717a82172a48f4e7aa7765c5bdeb2c5141c569716cb9de7b308d2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d9be5282c06c2b4724e1e8797434a4b0

SHA1
7e0e7249e447853614893298033cbfd4dc933eff

SHA256
4a70e7bca430ccdb7a195bad51248074b058eedfb8136e01aa566d49df7a0896

SHA512
0c39759f24f0717d70fed22991367013ffb7fa284007cdb223e3f7d9ef3adeb7a2409c941595b12e319208f418a6a384e984f538548a57daabf2e45e5b103d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4d7687f139434ecdf120a3042b6aa91f

SHA1
a90cc2e6b68880d81e399afc1ab56e6298435ab6

SHA256
3f69f73bc80caa8ece42f3fe38b86001031d01d81ddd0d8abd9c4d09232d3209

SHA512
8ecc3cdc381b4bf84fb5cc397aedc845fa43c44373afaf40a2c71377bde03abb236e6dbe890dd3ac06015e885cc8564a6a03a243e70669f73c58a1cdbaa61eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa91394a51bce9c68e48af7da034bbaa

SHA1
dc9f32b4d9aeddc2247ddcba00dbe73aa7f20a4a

SHA256
c05ee8ebb075c18d4afe1f1bce89fe7383b37c3074215ca7b1eeaf4d55948d3c

SHA512
fa39ed40160b47e32065c9c94f8fcb3daa6d05098db07dda82e94237997494b11b31ad40af174cdd6b9358eb87811fda465ebba9096a0c395ca50d3c096985f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93e07ec93382f192b316303d985b4dcc

SHA1
bb0f40ad972829e2c291322fa77d86a102a757d2

SHA256
8d47b3f5bb2197ad6c0af8d7b893507e4a99456aac63e3179ea34e4e4b493bb2

SHA512
3f9972661ef64b22de97b3c4053ad0175d015ce794bea6337ecb9b42c0cbc6ad39daa7e2bc5776fc5d5b8c7eb702129cf564e9d47cf5919308673dab991fc0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a5c14d2c75d0495d596e6d6c43d66c2a

SHA1
bed5a3b98ca5f9b9d26b41ec4fd631455c85c10f

SHA256
b58bb8e1998cc445f56aa2b3f8b0c1c3ff9a5703c4eee4cf8caf3557cd9e35a0

SHA512
90034541d55a8cd14ad380308fb5a4bda7bb718ffaf84a2c5e10d1ce52ff45e3d3970ca50dd39d725e24b9748af4037869066fda000fa83ca6ee6030b2f17000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bfb7beeb6fd6c1d750b7d905a44b889e

SHA1
e1df3c4dc69a6db1ce06daaf8e3fbe74509bae85

SHA256
74ecc8405e1933f372ffa8938f49f02662db77962af84099c5715f9ac4addf08

SHA512
cb5999e4f1f1c108c4dfda494a368ca542daec53e3b3fd245f68485e992ac159abcdee392a33e4ae5c5dcb0c87bdcc7a1977a95dc763ccb5234f7605357b812f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
9516989064a51121c23faa44ec5159b2

SHA1
4ba8d3bf27b9c62df94d2920297cd6305c60c733

SHA256
1240b65d97ecab0b9836ad3fde417d1d5ab66083cd012fcdde220a2f61c56de3

SHA512
90f3677e861b3733bec9ac528a52d997c8bcd72112f98a56d8a8d1de0126d9b12d97da75cd04f211e42916f57224eb6d53ec447f84471b60f3e5aea6391938c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
add9794eca5f8c742040e34aef65ca63

SHA1
658f4106aeccf9ce0800247852d517abe8d532a8

SHA256
41dc4d6fe7e68e85bcb7793ea3ac7d0bd2f5b1e13f1ebbfa4fd36770b80e05bf

SHA512
00301bfde80bbf3741275e7c86c9a046718e0f64e9313c7032a11b5d25c055436078fc5c36c9d0b874efa67dec2abd89d67c1cd3bab20826ecd822faa154e71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
3ba74158758dfaac82b7b9f628e23551

SHA1
4cef6dd684928a80ba7aec72c17b89f4191de5a4

SHA256
41dcd055bedceed3580c30d0757dd1f1362c448d93c8009026e9a5ac2f9c2bef

SHA512
20de3245b349ec6e347e580e1e0f0feded6d9bf2f72f152cc96d320d97de3189ac647dfded95536986b663df97d12d72f7776792de1b57a40e0056de6209c425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe599b8a.TMP

Filesize
93KB

MD5
ea61f951ba7997e3c135513731fd4475

SHA1
f147fb6c91b94ffb717a60dbed4c2d4f7809c9d5

SHA256
0526708776106a73be418995c2307980e6a9b0c3edbb1dd84adcc11b046be2d3

SHA512
deeb8e7cdbc162576d481e39c993ff8d5b12d409ec27f06a2ae802380eec136ba60783f5112862999bf9bbd05567a7d0749f1e14278d09021635e5d5031b49a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\AVG_AV.png

Filesize
114KB

MD5
5ef5291810c454a35f76d976105f37cc

SHA1
8ce0cc65ae1786cef1c545d40d081eda13239fa6

SHA256
03e69e8c87732c625df2f628ac63bd145268f9dea9c5f3dd3670b1cf349a995c

SHA512
3bec461bb3cbbbdb3c05171fcc5ab7e648b2b60d7b811261662f14d35c3836148b14cda1a3f2be127c89cc732de8cf1644d2e55e049eeeb2da8e397c58cc919e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\AVG_BRW.png

Filesize
29KB

MD5
0b4fa89d69051df475b75ca654752ef6

SHA1
81bf857a2af9e3c3e4632cbb88cd71e40a831a73

SHA256
60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e

SHA512
8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\BitComet_2.05_setup.exe

Filesize
6.2MB

MD5
ffb5e3e5732359a5dd9683ade7495370

SHA1
e693c786e70b501e80bd71344f408d7d53be5f92

SHA256
dde6ee81de432978fa96333322842ffc6fc83d3c35f259bf9c4341afe8874b06

SHA512
30b748cb1cdc77b4eaa78232cd18477894831ac28b9c30ca2c2bb5d563d4f8d343546eae9cdb02e67061cbb9f7fa006e102c34d5b5f9452288d67523f67b92b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\BitComet_2.05_setup.exe

Filesize
5.0MB

MD5
a03fd6b0f80d4a11df3788e4bcfa0855

SHA1
cd0840012ff8328aaea23af6425f1a7b249ab243

SHA256
928d307e65793bf85abbc16c71d460e4afca524ee32eaf88ae2e90c254c85446

SHA512
2d460afe637df948f7ee993a09adb6eb90c558c4118b2bcd05f582c72e1874382ab986b4f7424511a991d3d11f85f6076aed1788b6a69cf3f308e340521ae330

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\logo.png

Filesize
7KB

MD5
00c1dfd5900d804ff4780564ca6bc967

SHA1
717a57575fe421c205e19f0ffcb11385a780f9da

SHA256
61811b09c5acbe2c153346501f61fc6d2808494504307c183afcc8d79aaad683

SHA512
3edf45e0b745f240b13da51430554ecb0ccd2e041a578f11a590a5a752e3d5629a843652e04754aae9ab9a4a014aa1b2a4108fb0e85e7fce88b8a2fbeaee8662

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KSTEQ.tmp\bitcomet_setup.tmp

Filesize
3.1MB

MD5
0cdb76133d1f74eb495173c323f14ace

SHA1
d4952b17e02a8037000c8098cbf1af18e4c5f244

SHA256
47a639ec283f95f83611252aa3fea3f2f381b37bede5afd199f11f25f7472578

SHA512
1140303e400be5a4bd943133676a459c549dcd14d7dd1c6ab3e91a0fd7c7ad62fa21939506fa61b209851abb5b42965ecd1f46d9ccb17ed91ede1ecd5aa4b910

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BcNsisHelper.dll

Filesize
2.9MB

MD5
197eda7dbc52888f59a4fba4a2f6c9c4

SHA1
625edcddad85b0b33e5d8a5e166820ea14a1d466

SHA256
0ceede3296aff8cc405c0bc7b86d291d96d83568a3662a7fa883771210208568

SHA512
be74fd1c1e5b5637c57d00ec31747de9fdcf5d1cd9ecde76e1b67abc43d2c89422a81069a2a8919ca3f1888bac78c811dfa629198566a0db809289e3a838c6ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BitCometService.exe

Filesize
2.6MB

MD5
ae7fbff183ff30913ebeb38913e8cfad

SHA1
545cf38e47318185e168f04a733c2e0b13119c21

SHA256
f366f293905be928918ad30a020fd369e139f64fadd4cedff9f9fa1e663e9065

SHA512
baf9d4ef6c607a15dc203321e3412043b446776f4e364efdb856f804e889853bebeea8ea98b319eca468e2ee8e305050205cb19f280c33427e39967e4ca9ffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BitComet_stats.exe

Filesize
81KB

MD5
edb96675541d0275c42096b64d794d3b

SHA1
d722c55ec62da1866a6ef81072970117b85cf290

SHA256
842df63767cacb7aedb75fb352c1505d518662e2e9dca5a297515ebdae093918

SHA512
5c7c2e848c68f6168035dbfb834d31586d0ca1abb16f220c617f9e36a87b6d4ff0a1aef03a73d5313d8962c9befb1bdf3ed2a700ee3668df948ec067e2b1d124

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BitComet_stats.exe

Filesize
14KB

MD5
406c40091e7712476b66335f463238aa

SHA1
a83b34a0c8ec39ebeb0ddbc61f51c9473ce48b57

SHA256
f9f8982204e8f3878f7308c716eb4633c82bd908c2cbd4fd03b179523dd86bff

SHA512
d760efeb6a4000bcf496e5ffc911c1a435139b98eec1e33575a19df73b5de2bafec0d0b1d89f41ba53a1e85730052f56eab64827d83bea281eb17833449129b6

Download Submit
C:\Users\Admin\AppData\Roaming\BitComet\fav\fav_en_US.xml

Filesize
1KB

MD5
d5261eed2ad6a3d575a41ad04d2a642e

SHA1
60078784e7461174527a76f4ed5347e2c52389d9

SHA256
7ffc245b285b07d908ee24dbe0861d97bcbc5529f513a8bbde4e5ab318d6ba74

SHA512
3c1011137729ef6e121f1e1ce241cf045ecb4467a77aa3ce12edec271ccd1193f989cbce3f298ed62358ae08799765cded9eca204b90ca77d3507185348df8a5

Download Submit
\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dll

Filesize
871KB

MD5
2eba751a1ed9d254d4e8da5ece436158

SHA1
8556f3918506ec480902ac5c4b6dae19e56ec50d

SHA256
32cac384e0361a7538aca9b31e50ff4bbe6666a0567b062083610643351ba1fb

SHA512
edbdf5651b5cf9341d843af982c5d14a2c53745d03f98296fd7ec5f7eae83d172056c76b6edda1aa0f309b166b976d9c464ccfe5edffe4d828c9ab66bea8a983

Download Submit
\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

Filesize
749KB

MD5
7455fe2a83979f90705062160f98a96d

SHA1
6aade40a65871c938f168e6382b8ac7a34f46879

SHA256
04cf2cbb23da8fec93d9d021b4ed3168afadb4be9f47fb7e4d209a2c41dbaca5

SHA512
92aa6e78d1259144be567ac970ee2bca1ed27d8c343c81a21acb7c791ba129fd491f4f066f86e22fc0b63064134663c486afcf63ab1d352218e8fa8412859775

Download Submit
\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-3VTEI.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BcNsisHelper.dll

Filesize
2.8MB

MD5
e81309d5ade402a2bdee90f57872d72f

SHA1
88bb88dc7d5ac6f5aacc3dddf743dc8c8161cfaf

SHA256
1444f19a683c30d12c87ca7efdac42409eacf1a587fee693be12b921328c2a94

SHA512
3be20772eaaafcacef0f9e02d2b9e29b9174ca3ba352749f83c96c488f59b5af70d12a78ae373d6bcc0472bbd58876e96986b6da190d77e891c84c91231fa7cc

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BcNsisHelper.dll

Filesize
2.9MB

MD5
b0f45c7f8a0ab65acae72c1a74b2041e

SHA1
9e04ae637b4470a4113b548154516bdaf543302d

SHA256
b0236d6d6f3b517d534f3048c1ab808b28f76e7602703ed2922ce051b239eb7f

SHA512
2d20a0c5753079db19252484b034a5ee16e2b85a705dc829ef3c21a9368f2b216a3c0a8454fe5be89171c8c438d8d65ad9ec16c600661faf8b763feb22e8787f

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BcNsisHelper.dll

Filesize
2.5MB

MD5
033e3bef2dc9bccd53b183092130e0a5

SHA1
d4352783af10dc0cf5a7da617467736153c59184

SHA256
6425efc3f565fb271f9adad2f07f31163d39f52b1d120f553f4d09cd3dd89b9a

SHA512
caa3e16bf2aed38549c5d71bb95a917ddc023e7339e4c824c6050f213f4bbae244c12461c02496b8ee4414d6ef73be99c61c5497f53b2bc5d27c0fb1cf50d4a9

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BcNsisHelper.dll

Filesize
2.7MB

MD5
252a97a2c76946318c3d5fc7bcf17097

SHA1
b3e4d6005502782da371cc4fb86b8635857ce295

SHA256
4fd4fced336d78e21f64558c7b8947840b786cef8910be8b5ebb619ce712606b

SHA512
e9a6445c61b1e9eecde38d3d794b16367e3ec02f7189d0ece4c46613134f89266f589ef182c893f1ea3124d407ccae851fce528d4860518bc956399577a01242

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\BcNsisHelper.dll

Filesize
3.1MB

MD5
48b932ff8c977e3991e959f824883ad5

SHA1
6e1bbf12be0babac3ec6e30487ae0a66950e6b8e

SHA256
764f9a8f8388d73aab366d24645a49ae055318db1f4fd88636e2b3a61ae95987

SHA512
777875b3237442437bc3d9df558f8d23825b618cf04bc07d3b8dd42a72a8fe09afa20e6b31791ffa86a12b22d7395d419b250313306c41ee854ae62bc1fd9498

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DCF.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
memory/2292-35-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2292-5-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2292-33-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2292-32-0x00000000053E0000-0x00000000053EF000-memory.dmp

Filesize
60KB

Download
memory/2292-31-0x0000000000400000-0x000000000071D000-memory.dmp

Filesize
3.1MB

Download
memory/2292-24-0x00000000053E0000-0x00000000053EF000-memory.dmp

Filesize
60KB

Download
memory/2816-429-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2880-62-0x00007FF891E60000-0x00007FF891E7B000-memory.dmp

Filesize
108KB

Download
memory/2880-96-0x00007FF881F10000-0x00007FF881F21000-memory.dmp

Filesize
68KB

Download
memory/2880-97-0x00007FF881E00000-0x00007FF881F02000-memory.dmp

Filesize
1.0MB

Download
memory/2880-98-0x00007FF881DE0000-0x00007FF881DF1000-memory.dmp

Filesize
68KB

Download
memory/2880-95-0x00007FF881F30000-0x00007FF881FCF000-memory.dmp

Filesize
636KB

Download
memory/2880-92-0x00007FF882010000-0x00007FF882021000-memory.dmp

Filesize
68KB

Download
memory/2880-93-0x00007FF881FF0000-0x00007FF882002000-memory.dmp

Filesize
72KB

Download
memory/2880-94-0x00007FF881FD0000-0x00007FF881FE3000-memory.dmp

Filesize
76KB

Download
memory/2880-90-0x00007FF8820A0000-0x00007FF8820B1000-memory.dmp

Filesize
68KB

Download
memory/2880-91-0x00007FF882030000-0x00007FF882091000-memory.dmp

Filesize
388KB

Download
memory/2880-89-0x00007FF8820C0000-0x00007FF8820E5000-memory.dmp

Filesize
148KB

Download
memory/2880-88-0x00007FF8820F0000-0x00007FF882125000-memory.dmp

Filesize
212KB

Download
memory/2880-87-0x00007FF882130000-0x00007FF882242000-memory.dmp

Filesize
1.1MB

Download
memory/2880-85-0x00007FF882490000-0x00007FF8824A2000-memory.dmp

Filesize
72KB

Download
memory/2880-86-0x00007FF882250000-0x00007FF882481000-memory.dmp

Filesize
2.2MB

Download
memory/2880-84-0x00007FF8824B0000-0x00007FF882547000-memory.dmp

Filesize
604KB

Download
memory/2880-83-0x00007FF882550000-0x00007FF882561000-memory.dmp

Filesize
68KB

Download
memory/2880-82-0x00007FF882570000-0x00007FF8825CC000-memory.dmp

Filesize
368KB

Download
memory/2880-81-0x00007FF8825D0000-0x00007FF882782000-memory.dmp

Filesize
1.7MB

Download
memory/2880-80-0x00007FF882790000-0x00007FF8827BC000-memory.dmp

Filesize
176KB

Download
memory/2880-79-0x00007FF8827C0000-0x00007FF8828FB000-memory.dmp

Filesize
1.2MB

Download
memory/2880-78-0x00007FF882900000-0x00007FF882912000-memory.dmp

Filesize
72KB

Download
memory/2880-77-0x00007FF882920000-0x00007FF882933000-memory.dmp

Filesize
76KB

Download
memory/2880-76-0x00007FF890770000-0x00007FF890791000-memory.dmp

Filesize
132KB

Download
memory/2880-75-0x00007FF8907A0000-0x00007FF8907B2000-memory.dmp

Filesize
72KB

Download
memory/2880-74-0x00007FF890E50000-0x00007FF890E61000-memory.dmp

Filesize
68KB

Download
memory/2880-73-0x00007FF8907C0000-0x00007FF8907E3000-memory.dmp

Filesize
140KB

Download
memory/2880-72-0x00007FF891CD0000-0x00007FF891CE7000-memory.dmp

Filesize
92KB

Download
memory/2880-71-0x00007FF8916E0000-0x00007FF891704000-memory.dmp

Filesize
144KB

Download
memory/2880-70-0x00007FF891710000-0x00007FF891738000-memory.dmp

Filesize
160KB

Download
memory/2880-69-0x00007FF891770000-0x00007FF8917C6000-memory.dmp

Filesize
344KB

Download
memory/2880-68-0x00007FF891CF0000-0x00007FF891D01000-memory.dmp

Filesize
68KB

Download
memory/2880-67-0x00007FF891D10000-0x00007FF891D7F000-memory.dmp

Filesize
444KB

Download
memory/2880-66-0x00007FF891D80000-0x00007FF891DE7000-memory.dmp

Filesize
412KB

Download
memory/2880-65-0x00007FF891DF0000-0x00007FF891E20000-memory.dmp

Filesize
192KB

Download
memory/2880-64-0x00007FF891E20000-0x00007FF891E38000-memory.dmp

Filesize
96KB

Download
memory/2880-63-0x00007FF891E40000-0x00007FF891E51000-memory.dmp

Filesize
68KB

Download
memory/2880-61-0x00007FF891E80000-0x00007FF891E91000-memory.dmp

Filesize
68KB

Download
memory/2880-60-0x00007FF892930000-0x00007FF892941000-memory.dmp

Filesize
68KB

Download
memory/2880-59-0x00007FF892950000-0x00007FF892961000-memory.dmp

Filesize
68KB

Download
memory/2880-57-0x00007FF892B80000-0x00007FF892BA1000-memory.dmp

Filesize
132KB

Download
memory/2880-58-0x00007FF893080000-0x00007FF893098000-memory.dmp

Filesize
96KB

Download
memory/2880-56-0x00007FF882940000-0x00007FF8839EB000-memory.dmp

Filesize
16.7MB

Download
memory/2880-55-0x00007FF892BB0000-0x00007FF892BEF000-memory.dmp

Filesize
252KB

Download
memory/2880-54-0x00007FF8839F0000-0x00007FF883BF0000-memory.dmp

Filesize
2.0MB

Download
memory/2880-47-0x00007FF8931A0000-0x00007FF8931BD000-memory.dmp

Filesize
116KB

Download
memory/2880-48-0x00007FF8930A0000-0x00007FF8930B1000-memory.dmp

Filesize
68KB

Download
memory/2880-46-0x00007FF8931C0000-0x00007FF8931D1000-memory.dmp

Filesize
68KB

Download
memory/2880-45-0x00007FF8931E0000-0x00007FF8931F7000-memory.dmp

Filesize
92KB

Download
memory/2880-42-0x00007FF898450000-0x00007FF898468000-memory.dmp

Filesize
96KB

Download
memory/2880-44-0x00007FF893200000-0x00007FF893211000-memory.dmp

Filesize
68KB

Download
memory/2880-43-0x00007FF897C70000-0x00007FF897C87000-memory.dmp

Filesize
92KB

Download
memory/2880-41-0x00007FF892050000-0x00007FF892304000-memory.dmp

Filesize
2.7MB

Download
memory/2880-40-0x00007FF893220000-0x00007FF893254000-memory.dmp

Filesize
208KB

Download
memory/2880-39-0x00007FF6A2CE0000-0x00007FF6A2DD8000-memory.dmp

Filesize
992KB

Download
memory/3124-0-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/3124-710-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/3124-30-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download