c60c7061f20c6cf9645da0ebf22b143913038a93d9358c2693430e1925d6114b

Resubmissions

17-04-2024 09:27

240417-levmkaah66 8

16-04-2024 15:27

240416-svq3msde45 8

Analysis

max time kernel
1797s
max time network
1806s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e00b253eda798487f5fef2ef25164fd8.exe
Size

126KB
MD5

e00b253eda798487f5fef2ef25164fd8
SHA1

cf2c21c845f16ed144487e9f86d8b5ba8376008b
SHA256

c60c7061f20c6cf9645da0ebf22b143913038a93d9358c2693430e1925d6114b
SHA512

bd3dd458dfe3cc38c3ac24a53bf96f7362052fedda39df8aa13ce41a250ce27ecd55068898d4c21e1622f7542891b82adc1b2d884684bf080080bfded7f17d13
SSDEEP

1536:duokBZMKvOsg8ISIv47rz0D+/R/Av3coL6+9D8rbBuS7BeAXJ6xkRQsN5xgSF:RkBGWOsTIJgIDU5A/coLx9DoBRe/xK1F

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	Pinball.exe

Executes dropped EXE 64 IoCs

pid	Process
1296	setup.exe
2176	Pinball.exe
3884	Pinball.exe
2172	Pinball.exe
2224	Pinball.exe
344	Pinball.exe
4536	Pinball.exe
4456	Pinball.exe
1760	Pinball.exe
5116	Pinball.exe
2772	Pinball.exe
4356	Pinball.exe
4944	Pinball.exe
4652	Pinball.exe
3296	Pinball.exe
1968	Pinball.exe
2244	Pinball.exe
3744	Pinball.exe
888	Pinball.exe
1220	Pinball.exe
4156	Pinball.exe
2000	Pinball.exe
2192	Pinball.exe
1196	Pinball.exe
216	Pinball.exe
4456	Pinball.exe
1832	Pinball.exe
3484	Pinball.exe
4236	Pinball.exe
2788	Pinball.exe
2252	Pinball.exe
3256	Pinball.exe
4208	Pinball.exe
5112	Pinball.exe
3092	Pinball.exe
2308	Pinball.exe
3964	Pinball.exe
824	Pinball.exe
1980	Pinball.exe
344	Pinball.exe
3252	Pinball.exe
4540	Pinball.exe
4280	Pinball.exe
1644	Pinball.exe
4768	Pinball.exe
2980	Pinball.exe
1704	Pinball.exe
3260	Pinball.exe
5112	Pinball.exe
4208	Pinball.exe
668	Pinball.exe
4536	Pinball.exe
3104	Pinball.exe
2324	Pinball.exe
4028	Pinball.exe
216	Pinball.exe
1832	Pinball.exe
1404	Pinball.exe
3920	Pinball.exe
2316	Pinball.exe
4192	Pinball.exe
584	Pinball.exe
4852	Pinball.exe
2368	Pinball.exe

Loads dropped DLL 64 IoCs

pid	Process
3732	e00b253eda798487f5fef2ef25164fd8.exe
3732	e00b253eda798487f5fef2ef25164fd8.exe
3732	e00b253eda798487f5fef2ef25164fd8.exe
1296	setup.exe
2176	Pinball.exe
2176	Pinball.exe
2176	Pinball.exe
2176	Pinball.exe
2176	Pinball.exe
2176	Pinball.exe
2176	Pinball.exe
2176	Pinball.exe
3884	Pinball.exe
3884	Pinball.exe
2224	Pinball.exe
2172	Pinball.exe
2172	Pinball.exe
2224	Pinball.exe
3884	Pinball.exe
3884	Pinball.exe
344	Pinball.exe
344	Pinball.exe
2172	Pinball.exe
2172	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
344	Pinball.exe
344	Pinball.exe
4536	Pinball.exe
4536	Pinball.exe
4536	Pinball.exe
4536	Pinball.exe
3884	Pinball.exe
3884	Pinball.exe
344	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
344	Pinball.exe
2172	Pinball.exe
2172	Pinball.exe
3884	Pinball.exe
3884	Pinball.exe
3884	Pinball.exe
3884	Pinball.exe
4536	Pinball.exe
4536	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
1760	Pinball.exe
1760	Pinball.exe
1760	Pinball.exe
1760	Pinball.exe
5116	Pinball.exe
5116	Pinball.exe
4356	Pinball.exe
4356	Pinball.exe
4356	Pinball.exe
4356	Pinball.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pinball = "C:\\Users\\Admin\\AppData\\Roaming\\Pinball\\Pinball.exe"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Pinball.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\LICENSE	Pinball.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\manifest.json	Pinball.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\_metadata\verified_contents.json	Pinball.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\manifest.fingerprint	Pinball.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\_platform_specific\win_x86\widevinecdm.dll.sig	Pinball.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\_platform_specific\win_x86\widevinecdm.dll	Pinball.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023403-14.dat	nsis_installer_1
behavioral2/files/0x0007000000023403-14.dat	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 16 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Pinball.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Pinball.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Pinball.exe

Modifies Control Panel 64 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur"	Pinball.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3732	e00b253eda798487f5fef2ef25164fd8.exe
3732	e00b253eda798487f5fef2ef25164fd8.exe
3732	e00b253eda798487f5fef2ef25164fd8.exe
3732	e00b253eda798487f5fef2ef25164fd8.exe
2176	Pinball.exe
2176	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
2224	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4456	Pinball.exe
4356	Pinball.exe
4356	Pinball.exe
4156	Pinball.exe
4156	Pinball.exe
4156	Pinball.exe
4156	Pinball.exe
4156	Pinball.exe
4156	Pinball.exe
2192	Pinball.exe
2192	Pinball.exe
2192	Pinball.exe
2192	Pinball.exe
2192	Pinball.exe
2192	Pinball.exe
2192	Pinball.exe
2788	Pinball.exe
2788	Pinball.exe
344	Pinball.exe
344	Pinball.exe
344	Pinball.exe
344	Pinball.exe
344	Pinball.exe
3252	Pinball.exe
3252	Pinball.exe
3252	Pinball.exe
3252	Pinball.exe
3252	Pinball.exe
3252	Pinball.exe
3252	Pinball.exe
1704	Pinball.exe
1704	Pinball.exe
216	Pinball.exe
216	Pinball.exe
216	Pinball.exe
216	Pinball.exe
216	Pinball.exe
2316	Pinball.exe
2316	Pinball.exe
2316	Pinball.exe
2316	Pinball.exe
2316	Pinball.exe
2316	Pinball.exe
2316	Pinball.exe
2148	Pinball.exe
2148	Pinball.exe
2520	Pinball.exe
2520	Pinball.exe
2520	Pinball.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeDebugPrivilege	3884	Pinball.exe
Token: SeDebugPrivilege	2172	Pinball.exe
Token: SeDebugPrivilege	2224	Pinball.exe
Token: SeDebugPrivilege	344	Pinball.exe
Token: SeDebugPrivilege	4536	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe
Token: SeShutdownPrivilege	2176	Pinball.exe
Token: SeCreatePagefilePrivilege	2176	Pinball.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 1296	3732	e00b253eda798487f5fef2ef25164fd8.exe	88
PID 3732 wrote to memory of 1296	3732	e00b253eda798487f5fef2ef25164fd8.exe	88
PID 3732 wrote to memory of 1296	3732	e00b253eda798487f5fef2ef25164fd8.exe	88
PID 1296 wrote to memory of 2176	1296	setup.exe	92
PID 1296 wrote to memory of 2176	1296	setup.exe	92
PID 1296 wrote to memory of 2176	1296	setup.exe	92
PID 2176 wrote to memory of 3884	2176	Pinball.exe	93
PID 2176 wrote to memory of 3884	2176	Pinball.exe	93
PID 2176 wrote to memory of 3884	2176	Pinball.exe	93
PID 2176 wrote to memory of 2172	2176	Pinball.exe	94
PID 2176 wrote to memory of 2172	2176	Pinball.exe	94
PID 2176 wrote to memory of 2172	2176	Pinball.exe	94
PID 2176 wrote to memory of 344	2176	Pinball.exe	95
PID 2176 wrote to memory of 344	2176	Pinball.exe	95
PID 2176 wrote to memory of 344	2176	Pinball.exe	95
PID 2176 wrote to memory of 4536	2176	Pinball.exe	96
PID 2176 wrote to memory of 4536	2176	Pinball.exe	96
PID 2176 wrote to memory of 4536	2176	Pinball.exe	96
PID 2176 wrote to memory of 2224	2176	Pinball.exe	97
PID 2176 wrote to memory of 2224	2176	Pinball.exe	97
PID 2176 wrote to memory of 2224	2176	Pinball.exe	97
PID 2224 wrote to memory of 4456	2224	Pinball.exe	100
PID 2224 wrote to memory of 4456	2224	Pinball.exe	100
PID 2224 wrote to memory of 4456	2224	Pinball.exe	100
PID 2224 wrote to memory of 1760	2224	Pinball.exe	101
PID 2224 wrote to memory of 1760	2224	Pinball.exe	101
PID 2224 wrote to memory of 1760	2224	Pinball.exe	101
PID 2224 wrote to memory of 5116	2224	Pinball.exe	102
PID 2224 wrote to memory of 5116	2224	Pinball.exe	102
PID 2224 wrote to memory of 5116	2224	Pinball.exe	102
PID 2224 wrote to memory of 2772	2224	Pinball.exe	103
PID 2224 wrote to memory of 2772	2224	Pinball.exe	103
PID 2224 wrote to memory of 2772	2224	Pinball.exe	103
PID 4456 wrote to memory of 4356	4456	Pinball.exe	104
PID 4456 wrote to memory of 4356	4456	Pinball.exe	104
PID 4456 wrote to memory of 4356	4456	Pinball.exe	104
PID 4456 wrote to memory of 4944	4456	Pinball.exe	105
PID 4456 wrote to memory of 4944	4456	Pinball.exe	105
PID 4456 wrote to memory of 4944	4456	Pinball.exe	105
PID 4456 wrote to memory of 4652	4456	Pinball.exe	106
PID 4456 wrote to memory of 4652	4456	Pinball.exe	106
PID 4456 wrote to memory of 4652	4456	Pinball.exe	106
PID 4456 wrote to memory of 3296	4456	Pinball.exe	107
PID 4456 wrote to memory of 3296	4456	Pinball.exe	107
PID 4456 wrote to memory of 3296	4456	Pinball.exe	107
PID 4456 wrote to memory of 1968	4456	Pinball.exe	108
PID 4456 wrote to memory of 1968	4456	Pinball.exe	108
PID 4456 wrote to memory of 1968	4456	Pinball.exe	108
PID 4356 wrote to memory of 2244	4356	Pinball.exe	109
PID 4356 wrote to memory of 2244	4356	Pinball.exe	109
PID 4356 wrote to memory of 2244	4356	Pinball.exe	109
PID 4356 wrote to memory of 3744	4356	Pinball.exe	110
PID 4356 wrote to memory of 3744	4356	Pinball.exe	110
PID 4356 wrote to memory of 3744	4356	Pinball.exe	110
PID 4356 wrote to memory of 888	4356	Pinball.exe	111
PID 4356 wrote to memory of 888	4356	Pinball.exe	111
PID 4356 wrote to memory of 888	4356	Pinball.exe	111
PID 4356 wrote to memory of 4156	4356	Pinball.exe	112
PID 4356 wrote to memory of 4156	4356	Pinball.exe	112
PID 4356 wrote to memory of 4156	4356	Pinball.exe	112
PID 4356 wrote to memory of 1220	4356	Pinball.exe	113
PID 4356 wrote to memory of 1220	4356	Pinball.exe	113
PID 4356 wrote to memory of 1220	4356	Pinball.exe	113
PID 4356 wrote to memory of 2000	4356	Pinball.exe	114

C:\Users\Admin\AppData\Local\Temp\e00b253eda798487f5fef2ef25164fd8.exe
"C:\Users\Admin\AppData\Local\Temp\e00b253eda798487f5fef2ef25164fd8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
    C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.22 anonymized by Abelssoft 1345691138" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3084 --field-trial-handle=3088,i,11482510523448149296,2077918319347572405,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:3884
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.22 anonymized by Abelssoft 1345691138" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3328 --field-trial-handle=3088,i,11482510523448149296,2077918319347572405,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:2172
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.22 anonymized by Abelssoft 1345691138" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3088,i,11482510523448149296,2077918319347572405,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:344
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.22 anonymized by Abelssoft 1345691138" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3880 --field-trial-handle=3088,i,11482510523448149296,2077918319347572405,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4536
  - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
      "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.22 anonymized by Abelssoft 1345691138" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3900 --field-trial-handle=3088,i,11482510523448149296,2077918319347572405,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2224
    - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4456
      - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks SCSI registry key(s)
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4356
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2900 --field-trial-handle=2904,i,1740749025044837075,1018879817898628248,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        7⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3016 --field-trial-handle=2904,i,1740749025044837075,1018879817898628248,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:3744
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3128 --field-trial-handle=2904,i,1740749025044837075,1018879817898628248,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        7⤵
        Executes dropped EXE
        
        PID:888
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3660 --field-trial-handle=2904,i,1740749025044837075,1018879817898628248,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4156
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        
        PID:2192
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        9⤵
        Executes dropped EXE
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        
        PID:2788
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2984 --field-trial-handle=2988,i,8567363208728713784,5190015059805495840,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        10⤵
        Executes dropped EXE
        
        PID:2308
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3220 --field-trial-handle=2988,i,8567363208728713784,5190015059805495840,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        10⤵
        Executes dropped EXE
        
        PID:3964
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3716 --field-trial-handle=2988,i,8567363208728713784,5190015059805495840,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        10⤵
        Executes dropped EXE
        
        PID:824
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3748 --field-trial-handle=2988,i,8567363208728713784,5190015059805495840,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        10⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1980
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3760 --field-trial-handle=2988,i,8567363208728713784,5190015059805495840,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:344
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        
        PID:3252
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        12⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1704
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        13⤵
        Executes dropped EXE
        
        PID:3104
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3004 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        13⤵
        Executes dropped EXE
        
        PID:2324
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3372 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        13⤵
        Executes dropped EXE
        
        PID:4028
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3396 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        13⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:216
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        14⤵
        Executes dropped EXE
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        
        PID:2316
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        15⤵
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        
        PID:2148
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/125.0 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2964,i,3595364312645147506,7662279148038584772,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        16⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/125.0 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3220 --field-trial-handle=2964,i,3595364312645147506,7662279148038584772,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        16⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/125.0 Mobile/15E148 Safari/605.1.15" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3724 --field-trial-handle=2964,i,3595364312645147506,7662279148038584772,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        16⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/125.0 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3744 --field-trial-handle=2964,i,3595364312645147506,7662279148038584772,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        16⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/125.0 Mobile/15E148 Safari/605.1.15" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3768 --field-trial-handle=2964,i,3595364312645147506,7662279148038584772,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        16⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2520
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        17⤵
        Checks computer location settings
        
        PID:3080
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        18⤵
        Modifies Control Panel
        
        PID:2300
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:3612
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        20⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:956
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:2472
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:1048
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:216
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:2428
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2900 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        20⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3184 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        20⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3664 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        20⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3728 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3736 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        Checks computer location settings
        
        PID:5696
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:2944
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        Checks computer location settings
        Drops file in Program Files directory
        Modifies Control Panel
        
        PID:3256
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2860 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        23⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3016 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        23⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3228 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        23⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        23⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3288 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        23⤵
        Checks computer location settings
        
        PID:760
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        Modifies Control Panel
        
        PID:4976
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        25⤵
        Modifies Control Panel
        
        PID:584
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2868 --field-trial-handle=2888,i,1984563630675149794,16769900347900171316,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        26⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3144 --field-trial-handle=2888,i,1984563630675149794,16769900347900171316,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        26⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3544 --field-trial-handle=2888,i,1984563630675149794,16769900347900171316,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        26⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3592 --field-trial-handle=2888,i,1984563630675149794,16769900347900171316,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        26⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3612 --field-trial-handle=2888,i,1984563630675149794,16769900347900171316,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        26⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        Modifies Control Panel
        
        PID:3672
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2892 --field-trial-handle=2896,i,16707894724090360814,6365548081255173973,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        28⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3012 --field-trial-handle=2896,i,16707894724090360814,6365548081255173973,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        28⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3432 --field-trial-handle=2896,i,16707894724090360814,6365548081255173973,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        28⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3464 --field-trial-handle=2896,i,16707894724090360814,6365548081255173973,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        28⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3496 --field-trial-handle=2896,i,16707894724090360814,6365548081255173973,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        28⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        29⤵
        Modifies Control Panel
        
        PID:780
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        30⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        30⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2904 --field-trial-handle=2908,i,7364511610811302809,15017866470955629740,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        31⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3152 --field-trial-handle=2908,i,7364511610811302809,15017866470955629740,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        31⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3560 --field-trial-handle=2908,i,7364511610811302809,15017866470955629740,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        31⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3576 --field-trial-handle=2908,i,7364511610811302809,15017866470955629740,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        31⤵
        Checks computer location settings
        
        PID:5180
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        32⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        32⤵
        Modifies Control Panel
        
        PID:1560
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        33⤵
        Modifies Control Panel
        
        PID:3644
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2880 --field-trial-handle=2884,i,4067284579980095339,18019641497145698950,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        34⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3024 --field-trial-handle=2884,i,4067284579980095339,18019641497145698950,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        34⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3156 --field-trial-handle=2884,i,4067284579980095339,18019641497145698950,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        34⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3308 --field-trial-handle=2884,i,4067284579980095339,18019641497145698950,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        34⤵
        Checks computer location settings
        
        PID:4616
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        35⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        36⤵
        Checks SCSI registry key(s)
        Modifies Control Panel
        
        PID:4704
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 12; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2936 --field-trial-handle=2940,i,15755298207347561134,1565475067398024696,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        37⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 12; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=2940,i,15755298207347561134,1565475067398024696,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        37⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 12; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3696 --field-trial-handle=2940,i,15755298207347561134,1565475067398024696,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        37⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 12; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3728 --field-trial-handle=2940,i,15755298207347561134,1565475067398024696,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        37⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        Modifies Control Panel
        
        PID:1724
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        39⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:5256
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2900 --field-trial-handle=2904,i,10961231405403764612,10484527620574285205,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        40⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3048 --field-trial-handle=2904,i,10961231405403764612,10484527620574285205,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        40⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3240 --field-trial-handle=2904,i,10961231405403764612,10484527620574285205,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        40⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3280 --field-trial-handle=2904,i,10961231405403764612,10484527620574285205,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        40⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3528 --field-trial-handle=2904,i,10961231405403764612,10484527620574285205,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        40⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        41⤵
        Modifies Control Panel
        
        PID:3084
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        42⤵
        Checks computer location settings
        Checks SCSI registry key(s)
        Modifies Control Panel
        
        PID:5052
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2936 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        43⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3152 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        43⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3564 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        43⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3592 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3596 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4436 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        Checks computer location settings
        
        PID:4108
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4560 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        Checks computer location settings
        
        PID:240
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        44⤵
        Modifies Control Panel
        
        PID:2028
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        45⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:4948
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2904 --field-trial-handle=2908,i,11295755845691393597,13243161529672189757,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        46⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3152 --field-trial-handle=2908,i,11295755845691393597,13243161529672189757,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        46⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3572 --field-trial-handle=2908,i,11295755845691393597,13243161529672189757,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        46⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3664 --field-trial-handle=2908,i,11295755845691393597,13243161529672189757,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        46⤵
        Checks computer location settings
        
        PID:2220
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:404
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2900 --field-trial-handle=2904,i,5771801201008825885,15620950643361646359,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        48⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3140 --field-trial-handle=2904,i,5771801201008825885,15620950643361646359,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        48⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3556 --field-trial-handle=2904,i,5771801201008825885,15620950643361646359,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        48⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3588 --field-trial-handle=2904,i,5771801201008825885,15620950643361646359,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        48⤵
        Checks computer location settings
        
        PID:2896
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3592 --field-trial-handle=2904,i,5771801201008825885,15620950643361646359,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        48⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=11844 --field-trial-handle=2904,i,5771801201008825885,15620950643361646359,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        48⤵
        Drops file in System32 directory
        
        PID:3256
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        48⤵
        Modifies Control Panel
        
        PID:6076
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        49⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        49⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        48⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        48⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        48⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        48⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        48⤵
        Checks computer location settings
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2880 --field-trial-handle=2884,i,11459822722770251908,12682391254118299602,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        49⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3144 --field-trial-handle=2884,i,11459822722770251908,12682391254118299602,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        49⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3320 --field-trial-handle=2884,i,11459822722770251908,12682391254118299602,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        49⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3368 --field-trial-handle=2884,i,11459822722770251908,12682391254118299602,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        49⤵
        Checks computer location settings
        
        PID:5968
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        Modifies Control Panel
        
        PID:3600
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        Modifies Control Panel
        
        PID:2948
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2900 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        52⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3100 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        52⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3592 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        52⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3552 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        52⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        52⤵
        Checks computer location settings
        
        PID:1420
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        Modifies Control Panel
        
        PID:1628
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        54⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:2120
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2856 --field-trial-handle=2860,i,6178391106680083663,4130625777558469421,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        55⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2996 --field-trial-handle=2860,i,6178391106680083663,4130625777558469421,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        55⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3448 --field-trial-handle=2860,i,6178391106680083663,4130625777558469421,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        55⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3516 --field-trial-handle=2860,i,6178391106680083663,4130625777558469421,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        55⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        Modifies Control Panel
        
        PID:5908
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2856 --field-trial-handle=2860,i,9472334515557535491,8350807865231798210,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        57⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2988 --field-trial-handle=2860,i,9472334515557535491,8350807865231798210,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        57⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3480 --field-trial-handle=2860,i,9472334515557535491,8350807865231798210,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        57⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3680 --field-trial-handle=2860,i,9472334515557535491,8350807865231798210,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        57⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:4608
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        59⤵
        Checks computer location settings
        Checks SCSI registry key(s)
        Modifies Control Panel
        
        PID:5816
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2876 --field-trial-handle=2888,i,16242925599630024903,7968542619260647693,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        60⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3192 --field-trial-handle=2888,i,16242925599630024903,7968542619260647693,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        60⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3724 --field-trial-handle=2888,i,16242925599630024903,7968542619260647693,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        60⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3756 --field-trial-handle=2888,i,16242925599630024903,7968542619260647693,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        60⤵
        Checks computer location settings
        
        PID:788
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        61⤵
        Modifies Control Panel
        
        PID:2924
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        62⤵
        Modifies Control Panel
        
        PID:5300
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2888 --field-trial-handle=2892,i,15959662060853766550,2801391652334635298,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        63⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3120 --field-trial-handle=2892,i,15959662060853766550,2801391652334635298,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        63⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3576 --field-trial-handle=2892,i,15959662060853766550,2801391652334635298,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        63⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=2892,i,15959662060853766550,2801391652334635298,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        63⤵
        Checks computer location settings
        
        PID:3356
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        64⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        65⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:5824
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2900 --field-trial-handle=2904,i,3215216832650981588,2435288849772498939,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        66⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3144 --field-trial-handle=2904,i,3215216832650981588,2435288849772498939,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        66⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3524 --field-trial-handle=2904,i,3215216832650981588,2435288849772498939,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        66⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3640 --field-trial-handle=2904,i,3215216832650981588,2435288849772498939,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        66⤵
        Checks computer location settings
        
        PID:3884
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3720 --field-trial-handle=2904,i,3215216832650981588,2435288849772498939,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        66⤵
        Checks computer location settings
        
        PID:1416
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:3240
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        68⤵
        Modifies Control Panel
        
        PID:4532
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2884 --field-trial-handle=2888,i,15817902582884666092,13195381356569085967,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        69⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3020 --field-trial-handle=2888,i,15817902582884666092,13195381356569085967,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        69⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3428 --field-trial-handle=2888,i,15817902582884666092,13195381356569085967,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        69⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3596 --field-trial-handle=2888,i,15817902582884666092,13195381356569085967,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        69⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3696 --field-trial-handle=2888,i,15817902582884666092,13195381356569085967,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        69⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:5916
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        71⤵
        Checks computer location settings
        
        PID:2552
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2928 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        72⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3044 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        72⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3520 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        72⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3640 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        72⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3720 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        72⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:796
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        Modifies Control Panel
        
        PID:6076
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=2968 --field-trial-handle=2972,i,1866867157111765188,6809371843748392467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
        75⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=2972,i,1866867157111765188,6809371843748392467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        75⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3708 --field-trial-handle=2972,i,1866867157111765188,6809371843748392467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        75⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3740 --field-trial-handle=2972,i,1866867157111765188,6809371843748392467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        75⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3756 --field-trial-handle=2972,i,1866867157111765188,6809371843748392467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        75⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=2972,i,1866867157111765188,6809371843748392467,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        75⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        73⤵
        Modifies Control Panel
        
        PID:1588
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        74⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4016 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        72⤵
        Checks computer location settings
        
        PID:4636
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4000 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        72⤵
        Checks computer location settings
        
        PID:5800
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Version/17.1.1 Safari/605.1.15 AlohaBrowser/5.6.2" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3908 --field-trial-handle=2932,i,16341348876499791791,1852326605213103758,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        72⤵
        Checks computer location settings
        
        PID:1232
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        71⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        71⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        71⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        71⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        71⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        70⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        68⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        68⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        68⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        68⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        68⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        67⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        65⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        65⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        65⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        65⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        65⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        64⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        64⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        64⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        64⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        64⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3716 --field-trial-handle=2892,i,15959662060853766550,2801391652334635298,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        63⤵
        Checks computer location settings
        
        PID:5232
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1148 --field-trial-handle=2892,i,15959662060853766550,2801391652334635298,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        63⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        62⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        62⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        62⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        62⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        62⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        61⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        61⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        61⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        61⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        61⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3760 --field-trial-handle=2888,i,16242925599630024903,7968542619260647693,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        60⤵
        Checks computer location settings
        
        PID:4724
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=2888,i,16242925599630024903,7968542619260647693,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        60⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        59⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        59⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        59⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        59⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        59⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        58⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3692 --field-trial-handle=2860,i,9472334515557535491,8350807865231798210,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        57⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3512 --field-trial-handle=2860,i,9472334515557535491,8350807865231798210,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        57⤵
        Checks computer location settings
        
        PID:4760
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        56⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3624 --field-trial-handle=2860,i,6178391106680083663,4130625777558469421,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        55⤵
        Checks computer location settings
        
        PID:1472
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1148 --field-trial-handle=2860,i,6178391106680083663,4130625777558469421,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        55⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        54⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        54⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        54⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        54⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        54⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        53⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        52⤵
        Checks computer location settings
        
        PID:5204
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1044 --field-trial-handle=2904,i,18360147519148406413,10504546762221252218,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        52⤵
        Checks computer location settings
        
        PID:5276
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        51⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        50⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3384 --field-trial-handle=2884,i,11459822722770251908,12682391254118299602,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        49⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1016 --field-trial-handle=2884,i,11459822722770251908,12682391254118299602,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        49⤵
        Checks computer location settings
        
        PID:2620
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        47⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=2908,i,11295755845691393597,13243161529672189757,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        46⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36 Edg/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4060 --field-trial-handle=2908,i,11295755845691393597,13243161529672189757,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        46⤵
        Checks computer location settings
        
        PID:3744
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        45⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        45⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        45⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        45⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        45⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        44⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        44⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        44⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        44⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        44⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4512 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4588 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        Checks computer location settings
        
        PID:6120
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4468 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        43⤵
        Checks computer location settings
        
        PID:5820
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=1156 --field-trial-handle=2964,i,14706761728248624146,10086073397543027008,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        43⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        42⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        42⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        42⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        42⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        42⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        41⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        41⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        41⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        41⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        41⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        39⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        39⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        39⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        39⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        39⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        38⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 12; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3744 --field-trial-handle=2940,i,15755298207347561134,1565475067398024696,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        37⤵
        Checks computer location settings
        
        PID:1928
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 12; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=2940,i,15755298207347561134,1565475067398024696,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        37⤵
        Checks computer location settings
        
        PID:720
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        36⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        36⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        36⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        36⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        36⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        35⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        35⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        35⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        35⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        35⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3408 --field-trial-handle=2884,i,4067284579980095339,18019641497145698950,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        34⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=2884,i,4067284579980095339,18019641497145698950,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        34⤵
        Checks computer location settings
        
        PID:5520
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        33⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        33⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        33⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        33⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        33⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        32⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        32⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        32⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3744 --field-trial-handle=2908,i,7364511610811302809,15017866470955629740,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        31⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 EdgA/123.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3940 --field-trial-handle=2908,i,7364511610811302809,15017866470955629740,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        31⤵
        Checks computer location settings
        
        PID:5348
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        30⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        30⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        30⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        30⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        29⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        29⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        29⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        29⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        29⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        27⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        25⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        25⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        25⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        25⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        25⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        24⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        23⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1168 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        23⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3872 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        23⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1168 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        23⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 14; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --mojo-platform-channel-handle=3780 --field-trial-handle=2864,i,3440748523870871515,6541741966011261,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
        23⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        22⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        21⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1164 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4064 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4220 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4256 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3900 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4444 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        Checks computer location settings
        
        PID:3532
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4512 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4072 --field-trial-handle=2908,i,15190909436882051711,2906693414425289523,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        20⤵
        Checks computer location settings
        
        PID:5388
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        18⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:4768
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        20⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:480
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:3780
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:2244
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:4968
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:3364
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:252
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        18⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:1308
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:3008
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:1056
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:4644
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:4420
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        18⤵
        Modifies Control Panel
        
        PID:1820
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        Modifies Control Panel
        
        PID:1624
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        18⤵
        Modifies Control Panel
        
        PID:2488
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        18⤵
        Checks computer location settings
        Modifies Control Panel
        
        PID:1184
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        19⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        17⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        17⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        17⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        17⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        15⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        15⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        15⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        15⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        15⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        14⤵
        Executes dropped EXE
        
        PID:4192
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        14⤵
        Executes dropped EXE
        
        PID:584
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        14⤵
        Executes dropped EXE
        
        PID:4852
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        14⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        14⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3404 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        13⤵
        Executes dropped EXE
        
        PID:1832
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        13⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1404
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3140 --field-trial-handle=2956,i,8664274973697429918,1425992932665940766,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        13⤵
        Executes dropped EXE
        
        PID:3920
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        12⤵
        Executes dropped EXE
        
        PID:3260
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        12⤵
        Executes dropped EXE
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        12⤵
        Executes dropped EXE
        
        PID:4208
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        12⤵
        Executes dropped EXE
        
        PID:668
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        12⤵
        Executes dropped EXE
        
        PID:4536
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        11⤵
        Executes dropped EXE
        
        PID:4540
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        11⤵
        Executes dropped EXE
        
        PID:4280
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        11⤵
        Executes dropped EXE
        
        PID:1644
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        11⤵
        Executes dropped EXE
        
        PID:4768
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        11⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        9⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        9⤵
        Executes dropped EXE
        
        PID:3256
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        9⤵
        Executes dropped EXE
        
        PID:4208
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        9⤵
        Executes dropped EXE
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        9⤵
        Executes dropped EXE
        
        PID:3092
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        
        PID:1196
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        
        PID:216
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        
        PID:4456
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        
        PID:1832
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        
        PID:3484
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        8⤵
        Executes dropped EXE
        
        PID:4236
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3672 --field-trial-handle=2904,i,1740749025044837075,1018879817898628248,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1220
        
        C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:124.0) Gecko/124.0 Firefox/124.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Pinball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=2904,i,1740749025044837075,1018879817898628248,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2000
      - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        6⤵
        Executes dropped EXE
        
        PID:4944
      - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        6⤵
        Executes dropped EXE
        
        PID:4652
      - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        6⤵
        Executes dropped EXE
        
        PID:3296
      - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        6⤵
        Executes dropped EXE
        
        PID:1968
    - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1760
    - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5116
    - - C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe
        
        "C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe"
        5⤵
        Executes dropped EXE
        
        PID:2772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x64c 0x6ac
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping3256_818082588\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
738B

MD5
f8d3078262e004d01bfacd5bc19ced50

SHA1
11c4ff5f888503b8ccedfd791f5f036681f7be20

SHA256
efc4d2e0719d32aee809f5d46c4f60d799b1082179327279b64327f4e90c6672

SHA512
6614575b8cc0c4547e71b0203baa4c0cf742b92470dbb3f4d567a21dd9a9774ad6bd61eae96e99f39e56b1c97c9f72bf4e85d491676b6a130d3944dc99c30bbb

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
831B

MD5
b207ebc87aef05012d710f82e3870e1f

SHA1
ef44b289e8ccc9f174893d6f5b8b6301b0ddcc05

SHA256
5a775e36f419805aed75faabd6b4c39740e3b9a0454a0882b3884517bff6212a

SHA512
979719fa0e2c94e6d3144ecb489c5c9bad1d99917a2ced31b63299463777168956b21b901fc2cf3213ee6c1f5e3d15caeebfb48ecd9f066ed54e3301a6382f8c

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
831B

MD5
646037daebf12e18c4bf1e8e51518b7b

SHA1
75a13afbfd15b9eff3296b336326132a85f3cf4c

SHA256
0bb5b7991250afe7aa0a882139c715927bf232ba5aeab2db9ff82ca849f8f843

SHA512
81628c44477449c0953cfb36cafee8c1a1f9b895b7ff98d8caeb51a6c17820dded1fdf8141776de847cbb7fd1427d811d9d9ff552b4c3329a5147e5191c9def7

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json

Filesize
831B

MD5
711353573582d7c296ed55ad4ee5b5a4

SHA1
7697dec34df461fbdf04916da30ca55688dbc29a

SHA256
4cd56e33a82c32a8c0cf7577aa37ef65b84c443aac78ab028ea4e26032ca57f9

SHA512
3180da35a3a523a31af9a2d8ca5306cd65499622c9e6bf9e5663606a8ac1af3001b55f30c18bea2639559242e6299d90ddf117f8e637dd47c88a43695b94010a

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe593927.TMP

Filesize
529B

MD5
a4c998c384a7a06f9c133d29aa965219

SHA1
ed7e7c3c0367d3eef4baaf3a5e0cea9b6f680733

SHA256
21605d2b2e8e9aaaddb669b6234481e185e547d0f392d919a137b8a5eba7e8cf

SHA512
68a7e7bf38d95fd66e839b3abcf236f3078bcc9b21081787c64300f452abb94d3df8da67182b87213a1b65dcc50e69927e1ba9ec92aa1b8b0a5b76c381d49842

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa54E7.tmp\INetC.dll

Filesize
21KB

MD5
92ec4dd8c0ddd8c4305ae1684ab65fb0

SHA1
d850013d582a62e502942f0dd282cc0c29c4310e

SHA256
5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

SHA512
581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa54E7.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoF5BC.tmp\liteFirewall.dll

Filesize
81KB

MD5
165e1ef5c79475e8c33d19a870e672d4

SHA1
965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5

SHA256
9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd

SHA512
cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
102.2MB

MD5
f6c955039d8d0158871eaa4742cf9b42

SHA1
8c8af212b3e15eb8642ace3f93ed549547ec925b

SHA256
082acf311a0c64d1d96cfaeae5f2b43409eb4463e21700748965e21b718f2353

SHA512
4dc41a01fc59467de515aeb5dcdf0856db7c2258b400039643711d658184b97bfbcbc4814d1ce65ace022c3a1381ddfb3b0273f423bfc141d7342235159a21e3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\Newtonsoft.Json.dll

Filesize
560KB

MD5
8f81c9520104b730c25d90a9dd511148

SHA1
7cf46cb81c3b51965c1f78762840eb5797594778

SHA256
f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886

SHA512
b4a66389bf06a6611df47e81b818cc2fcd0a854324a2564a4438866953f148950f59cd4c07c9d40cc3a9043b5ce12b150c8a56cccdf98d5e3f0225edf8c516f3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\Pinball.exe

Filesize
183KB

MD5
7c29fb72d1b284f81245d2d09f7b5d7e

SHA1
5a944edbd670dd8daa5a94de8be82fd7b5122b7f

SHA256
6baca4ab95c86bbc783842cb57e80c71be5c3ca379d54b4f279d939af3b416b4

SHA512
fb0ca73a86f852ee9b2557c62fef2f7b8ca905a0cb085cfab279d9cf8fd0cb6dee8f19d66d3a218a6f61a8ff6cad06636e6641340895648ac46969beacb5e144

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\Xilium.CefGlue.dll

Filesize
855KB

MD5
b03c7f6072a0cb1a1d6a92ee7b82705a

SHA1
6675839c5e266075e7e1812ad8e856a2468274dd

SHA256
f561713347544e9d06d30f02a3dfcec5fe593b38894593aeedf5700666b35027

SHA512
19d6792eb9ba8584b94d0d59e07ce9d1c9c4da5516490f4abce5ae0d7d55b357bda45b2093b3e9eb9d6858061e9d3f530a6655c4779a50c911501ae23925c566

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\chrome_100_percent.pak

Filesize
641KB

MD5
3404dd2b0e63d9418f755430336c7164

SHA1
0d7d8540fdc056bb741d9baf2dc7a931c517c471

SHA256
0d3fca7584613eb1a38baf971a7dd94f70803fc130135885ec675e83d16a4889

SHA512
685d63633db8a57d84225c2b92c92016e1ce98ba2bf8d3ddace2eb120b3bcf84c718787d59db6ec61f34cf91cb651500b4e4ff0ac37aeb89561cdcc586946c80

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\chrome_200_percent.pak

Filesize
993KB

MD5
3fbf52922588a52245dc927bcc36dbb3

SHA1
ef3c463c707a919876bf17c3e1cd05c0d2c28ca9

SHA256
c6fe346106c5e4950161ed72eb0a81fe3537a94e4a59461aaf54e750d1904f76

SHA512
682eb6d61b564c878fdb971a6439fcda9f1e108bd021a32e8990b68b1338986a4866a0965dea62567501c8826d43cebf2b7c8be8323de415a75e8d89a9d592e7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\chrome_elf.dll

Filesize
1.1MB

MD5
207ac4be98a6a5a72be027e0a9904462

SHA1
d58d2c70ea0656d81c627d424f8f4efccef57c86

SHA256
2ba904da93acc4766639e7018ac93cc32aa685db475f3a59b464c6bc8b981457

SHA512
bfb6c58774829db3d5fadc92cb51477ff4eac8fb934db6583a312bb1157468f6dd3a4a3afaf25a687b74890dc8a69857a12d0b38b18d83e82836e92e02046ff3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
38KB

MD5
9f58cadea7889f238cf331a99615a9b4

SHA1
7f2d0503cdb1e54ba07b5466a7480cc4b8ff20d4

SHA256
1aae76aa3f52c74c4747892333bcd5a4d943bfd3c4cee5cb448179a9284a754e

SHA512
944cb12b63b1950f4e9b6ef5f0ca368f84e0060d3cb09aea1dd889b17df1509ea38330c63c3b9522bc085d923b09a523681945ec71c44cc03864c7a6b4943ae8

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
57KB

MD5
93ecb3f72195051a22b69ba9053e7669

SHA1
10ffd1f0759d9d28df71c7cc34edc85405fd5904

SHA256
ad7b852ea2defbf53cfbab192d71ee4b17f9b089801311d31079cbd26d5e1e20

SHA512
4d90e670ec77704d61d79f37dd86f63241e412312d5bc675b29afa59051cd2099c51d1b4821e24c0357e3a32e39ce932076532925c2d0990239b9f1f867d5dcc

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
39KB

MD5
3d5fd646334e15c5ace46e1218c01ece

SHA1
dbcd080d147dbfa854b064dbb6ddcd479b3352ee

SHA256
49b861d81719a754e269e32107fb0ed4f9aa7215537568a286f6e3c19262e48c

SHA512
e3eb37dde6711e30c54c2cfc455114afd06eb8a1c1b2b9e995f343bac1e5a0fb38691cd494ff07d26eddcfcc39fd3cd5a7308f66e5aa359ade16b412cde35f77

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
28KB

MD5
362568dd9bb1f90a3d4817df9498a005

SHA1
ca773d8ab62657ed45adda7fa0c3dc60706b3c68

SHA256
efe133dcd87395513f2592a834a7e93c7b5e3c623343d0a73419c13afac0f8f0

SHA512
6aab518bba32e995ad6dd08734bb5be2311c2d47b4a22e4e67927af04cd636819284c7963c9dde8b90f74b5a9c2d14ceb796a459d4bfe376989652b8383c7cf7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
82KB

MD5
81b560174bd5910a10afc259320ec4e2

SHA1
8dc05ac1d697b700d2cb72b4d9dcffdb57cf4460

SHA256
8bc50fa8c6f1bbdfeb4d76c58195b16d9fc000e459aebd6b33a229f6ff305360

SHA512
773613bef85e5d19a13bcf06604b6ab7ee0345736593b9c6c536763f13dd4500cabb21c4c811343b9055e55bad35fe92a767424ccab2597040cf51c22130e8e4

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
68KB

MD5
8d6c65b42a5dbccb56c67e2160cd96fc

SHA1
4121f8728ec1ea15f926a68a6619862ac815ed81

SHA256
efdf0a3e3f61b6c40ad84133fc9c4877257c18e6826266ae97359d17c31b8cdb

SHA512
5a06892cc07ed1398f921e9ca96f83564bd812da8da4cf9138cd214de102b5de4337d9e3ce42e23c116b44d0f70272eb09df69a6c8a63e045a7694226f4f57c8

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
24KB

MD5
16bdac01c0cbe0019a106c0c725ae4f9

SHA1
be16b81c36f402120aa616806e3cbe2f3827e84d

SHA256
28505c7207110e56cd81b227f20875320cfe64028c9b20aac64c5d8d62397008

SHA512
26e30df32ec733155d28162f550777643fd6b9d5fe26cf35462882ec543d84717c34fed1900e6543eb26986e6f71abd361d929d406b647ae347a527731661d47

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
50KB

MD5
d2f324752d57f416c547e394ba17aa1c

SHA1
8a25d4c68a9aabbdf631e5bec96b17cc72efd2c8

SHA256
b8a3c22bf522a4b6f23f6c4cebb1d0d003abcaadb56e55eb628bb152e0550a59

SHA512
e86c267170c19d8035f907ca4ba63ed92feeaff723fb36a3d97b732965265bf2349fd77e6b7ea85b78bd90af9a0dcb1497747483ad290921569dc9712071011d

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
42KB

MD5
76513544fd5b96feb9c0b3e3562284b7

SHA1
c33944b062db2ed4e72f3fed32bcece35eb16add

SHA256
3e30ee8f3e5ee11db5e2987fcfd17f4fb1467734eeef17e192ada856aff929d1

SHA512
66651959d8722c899381aca62427d07d8cad44f98f1bbe234080d93a92545077d4a3d08093dd8e4848f406e12d79d208ebb27c844efd58a56fc0883742f2341d

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
35KB

MD5
cd6c472d4f13b346a8ebe8943a4ab09f

SHA1
dc59e4d47fc352a1c23fa70d21a1da6dbe03e312

SHA256
c48914b80078ebbc0f98177001c834751c7aeaa407724f6b6391c7ce5f09be0a

SHA512
a21cc17974c02dd3f8892d3655086660b88f61ae2e3f82684dc38ec7a968ce6d1c1747aa0fb2029168a41f678e5a395b755a285f6a967f341b3e6e244ad543a4

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
35KB

MD5
537ed6034996c6ec2da54b28bf184977

SHA1
2050eeb47cc622bcd5c326fa5a2a81a7230189b4

SHA256
0c6b7cc8c9c7b95cb9ce25de408fcf2ef3a08f1c7352e4905c65634d544c4b95

SHA512
d278d693c301fbb363fa8b15a01748707b144c5f1f7dcd86060971684fdfdf9cb19ef0d8cc6fa088e5547bfca60ff0346427ab051149d66077ca5b93fd49db75

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
44KB

MD5
3b809f9c123c73575567f34bd61a4b06

SHA1
78666218fe7527ac07b5c1afd513c307bc0a714d

SHA256
040e38b43a731f784986526147301ec16a022648411d69c5f1380211099c32e5

SHA512
b44f70a68fa02267f8485818cc3bd8af2a90bfc0978f6facb8ad9bc425335cd2c09ef5f5b05d255e23ffceb129362d01d30de6da2249a8ab4485c59bb918d811

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
17KB

MD5
c2b3e56119fec0be8f383864c62540af

SHA1
e4bc853ca53f8ae93ec8b3d179e4a18066e76ad8

SHA256
c5e025a102de08a4d3bf0a1cad5aa65081b206ca8fcde9a341257849042d9ea7

SHA512
7f6534fd126eeb5ba31e104c27d63ed6932a53bcaeaff91a3ec4266a3b675b015bcba63e6ab3c38f224d2dbfcac070dc87fd4332c9eb74b7c33778631df5ffa5

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
12KB

MD5
e9ea72530976f3e31d5f9eb85f14d190

SHA1
5dd0518f0bd7b0760a635524ff44dbe53b0b6028

SHA256
bf14bfdec30a08e8b38560c053cd19e94947af8d03b5554dd152e25bd53848f2

SHA512
3fc46ff0ae2bcc692fb56c5e638c52fd082b06e1506ad5f6abdc42d4436f5bfac1906b6cea037d9c8448c1d6ab3ff1195823e3ea0bede174c4ed3afc7525bdca

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
22KB

MD5
223ed17e6a7724297202217f622cf72a

SHA1
dac3f743530a8bc0312c1bbf748a6ac19072d15d

SHA256
6c1e44187a5cd7c49bbb2b89c53549bc08ea7505e4c8d0033b21de7462342c20

SHA512
f555e6946b1872a695fbbae0a3c70ec68b5fba2d6a4f4fe0481ebd15d0eb9ceb0612c062ea47a8c79fd210885581544f2c28bab8ca8b8b8bd930c3ae71e5b5f9

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
46KB

MD5
925e2a35deebb363a9f548b91b6397a6

SHA1
55e746fe31a215910459577f773a4d5d52a70621

SHA256
2c7ceb7f2f223f25ab4d0ef143514b53045eb22646cbc9520ebcae48689e2368

SHA512
5078c603b6b7fe4684dab649db00b8c19d0064f79b171581b00476e43d5e32eafa33e08f4bc2560871d616f1602480e6518108252bd7cd7042288319dd013921

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
9KB

MD5
2fd28c1a898bc60ba2c6dcfbe492f8c6

SHA1
fb8afc3dd5e93de98b74dac377874051574d08a2

SHA256
2664f8e01e29426bc1b978b8b144b34bab5ad40c6649632d89abe16906ac25f8

SHA512
e6114088b40cb005a5923a70134d9b6c6f8323410fedff3905d5e1689a49e825157b92fca68c63bbc6a753580f541db1d2ea51015fc3ec40d032a26d15ce91e0

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
38KB

MD5
3e5a3a662c4f9456cc1b6f957200a2fb

SHA1
9f191defefb2f4a91363cd64b849e7e4d20fe611

SHA256
aa8642ec96372790ec9e38653a5e6374851a49967187954c659d54e047b22fc2

SHA512
e8c41f96ca1c20c6a86d1de0f33e3f7e86ecd2f94ed88d9abf3419079257f542ffca7ad79c8e1dc7cfc306d957bba6d06c95a08b0a7179a44842d246979d0765

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
35KB

MD5
ff57aa08b33a194526ec598f24dea6ca

SHA1
94aba7c2ff1c5365ff44695ca7065a9c59e21ed0

SHA256
5525794d8add465f94ccd0bddcc239d0f3dc2452d54a6d50cf4378547f8a1769

SHA512
1461a7efced86d90aa572770c49fd4642aa33a311707489f1e075b755db3f31d5ed1f62a27249a81d9f376e123a4550381dabb235a5e0495a71ff84848bfb8ad

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
50KB

MD5
0a69af0de8856f1e6d51dbfd7ed2dad4

SHA1
f6030ccdfefd53a03b128af3745969ca41e95724

SHA256
14b419615114a7780da76b00290748bcfe8a90689bbb6354823d1383b6bce2fe

SHA512
6eb01dbfb3abede73189f33074d72ea9d565cfbb8271ddce4d4a597cb6a3459c2cad8d5266325116f0bdfc72aa785cfde3205a30bbabafc4da5d8784dc635f19

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\0.jpg

Filesize
4KB

MD5
797a0967195facf2a2c686268862f2bf

SHA1
9324e6714bc2203d781f746002b00e28bf48d99d

SHA256
fe5227fd9b4e86d238fde1c63422c0b1f7a30da0aeed3312443ff84c9ee341ac

SHA512
7b5e6f99d42e27353c2a4001b355a05fa255f8f6adaf2056e4a29ba960a096a899ae83d207a7bf54c2f8b415eb72b6821b2d40b031a16de75dbefcd6ec58e20b

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
31KB

MD5
eca2f9f05f6767e37efb23b213dbacac

SHA1
79676a4d72f8504b3580eacf83bc2077b4c5f07f

SHA256
1b7e777dccce1aaa27486a7d7072d65f0537ba40d619dba45c1b025ab01a6613

SHA512
111ba08a6665cca1c1f11d17803908513b6ae4f2193e100194ae0dc621cbeb95281052fc972e43f8137e585ceb65442ee3c04ce97ab61ca7d005a351154d08d9

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
38KB

MD5
d2065b4776de6278482e2bc2f80dd0d2

SHA1
bf007427b0af812824b015bbb8c951ee90cd7c5d

SHA256
b0b9e65cf24266172b882aea93ccf9875a3241a12734712b7cdf103ae191d007

SHA512
6af3d8774f18d49af06f3a0e11b28a375860df950b963c476c14f868a683e7a0f1ae467f520171d129a412708babe4968a3d3750adaca37186b750459ba573e1

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
44KB

MD5
6a300828f4480bc95157fe3e3cd11eb4

SHA1
39e3e3240c0141adbf103d0d688fe2d2fd32da5a

SHA256
f159cc1c80094e4559a9b1d82361789b0d0ab044a3f66b5983575d5ec9431bb3

SHA512
abec567d599dac9d346578639923037f3add2652ee211fa161a289f0f2210344f79a67154922e5a6db5eb015251b52692173123e242a17f142741951bddb2f54

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
2KB

MD5
1096016ceed39732987bfdd09f68bb52

SHA1
66caa4ad73a88c21c6ec954cf483111d5d81e8e0

SHA256
a96e9833ff3f578807de759f9fbfdcf41cddc99bddd269fa4c40b065638eb2ad

SHA512
3a6dad89ec9e2e6e08063e0c728584929ae20922317a823b042bd0624eb91751bd59983d161c8964348815f1e24a081528c5f9438ae492547b09ce3f57dc7e54

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
791B

MD5
c7a7830c314ed81f20bcb896f69687d0

SHA1
9a5b9114b3fc506ff1274bf5bfba0eaf4b97bad6

SHA256
5455dd770cdd814c2984c22b35e83a3a8885996e495ad99821b2fba5e84b85dd

SHA512
a9005418bbfad2ee0626581890143296402d033d6e8abe115a6919b02f02ade0c84ba502a658c5ef8d9c829b36a7ade4a418a7a9d78a0d30fcb0c07800f51583

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
1KB

MD5
d59cd79b29f6b2542f574fce40a23228

SHA1
50e975b57f25278a210bdaea6c2b1dc6980223e5

SHA256
ffe5956304a996c8d764c744a845cb6409f9b64732f349193018dad181b1f629

SHA512
e3385acac7fa896d1b3eccb6e220ead66f32590970672224632c877dc6177ee62e035062162fba904d3bb6b39cfd5053e6b53d59d1c37ff750797675c3acdee6

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
59KB

MD5
69c5c28f49dbf77c95ed545f146c4f88

SHA1
574bf0695ce57f6ee889f8ae68b2d0efcd17656e

SHA256
ffecc6a0fc16e185db09b26c731c91d4fecc07ae1ac53e4740ac367cfdc987ae

SHA512
eae3e4d2303fd6503abce3b16ddbd4c42a348fa0bf374ce1850d9ff05ae9942d9ff7d26ff72976120ccb5f746f8f68bcfb9ed1eb2b9bacf52941e803af6cc3c4

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
27KB

MD5
79a2d51c79673bb6a6b46de1e2b9ac99

SHA1
e400004a13499e427ffac4dd14080121264cd61c

SHA256
d029a7879bcb8add456267b78d24cdfa7236d9c92e9e1b921236b4a786c09c9e

SHA512
d0486e117500a8e8c4f633917561bdfceb51123694bd096a3ae9a5a19a41fce0be82635852fe03c494bf58e79e5bbcda1748814537a6f2714f9f5b91bb9fa4df

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
46KB

MD5
0ef2a7b88635f166a05eeb690f33cb15

SHA1
94009018d1c7579a574c057f8c96a34eaa6b7f75

SHA256
a41f797c9c0caf52b4d59c53c3e9e6becdc9e4bc2419db716d2398c82aa28230

SHA512
81eff010432959339c4ae5966cb695d4ac8304d2ea7962beb104b51f88db497eecb7a6259afee7dc16792107c5f5eeda5f53296e9e8dd34d261bfaba681b8c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
22KB

MD5
53d7b8d79763ac622182adbc7843d755

SHA1
9485796f78117d898c43a050952b3b85ab3df0e5

SHA256
8c54feb74fdafa1430a83fb22075b3f930ddf644057891798e5e807600055f06

SHA512
4647eb3356caddeb1e25bdc0de4229700d4943e37e7404007d0c0f803e72ae052edda3d7a3c4b08bb332c096297ca38946a46eb75e537fb124dcca2856b59390

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
26KB

MD5
ce16d94213e39f1808763d65740d2824

SHA1
f0e6bae8a3f22cb3858f5705c297acc64b8611cb

SHA256
ec2de2d22b8334f933aa6abe13d17bfa3284106c3d0c1bde7796d4f6b97c31de

SHA512
5d9d78f8e776ae7454045eed82da45b64b8e8255e5ed0fcce23c7bcd5d9f926ed63ed3ef29875cb32b76f6db13f4340fe95a6d3ca07ace19505246b89bad4fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
2KB

MD5
61239b34368a5ba6b951778ac1ea3e20

SHA1
1de72799ffdd2fbe35ffccc67ed5b4f6cdb84f30

SHA256
e6d09d00975b7c705feb3f70474437c111d941dd1ec36b0055f159f4adc9626f

SHA512
2d5bca4ad787b663077c5b989ce1565f4913b763d26734541c5e7f1adbeab3601f4424f492e56ccfb59840abb330f95150ef9910df635c3ca4e7cd247225b327

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
3KB

MD5
6ef4078faf5a85d30eac2b827f4bcc74

SHA1
5195c22d2d9cc41159c62fb3f97409d945b413b5

SHA256
430562ca3be2d3e6f6f3d65ab654cafdb93c7e7eca579867b0eac078ce67284b

SHA512
ef157bb3ae9544afa1d15805379168c8d6d1adadced8118e56ddf715464de8c88f0862e25f885be8539e5265fd07cb2a2951fe5ed6bb82d139a42690eb14ec22

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
42KB

MD5
2f5397ce119d42618d633fc3cdc1a1dd

SHA1
e98e335616c79319078374be0af3abb6571a45a4

SHA256
bb29bacfcb886e3a73c9a5013cdc644ece32daf50ff5fa1ae8ee337b4085ab14

SHA512
01abf5727ef4577a632d58b2fd7a1bc00f83e3d711871fa298a5f4cff512b1b233358ccb2332d81cf1ac8e26f9a622292ec20146187e5bff9169a2523c07860f

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\1.jpg

Filesize
51KB

MD5
d573599e1b7e11612274c942b8dd50e4

SHA1
781609872111b7eaf8d760097fc6bce8a3c505f3

SHA256
134150bd7dc400e8c5a32879326206e8b16fe3af2ccd28a2681597bea837d70f

SHA512
0517f951a54b8f086d27f576b142251bdd759a0495bf66a3d246e9978fe28629712e4045bf95b94eb7f61bc9d07f6ef6b80ae1d955a23c971cbb50f6e4bb95ab

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
28KB

MD5
c893bc9f3a0d7c3e5445aa53f983c82b

SHA1
1f7f10f37c93fa3b4ade76779333362fd29e6e6d

SHA256
232b085342d1d00a25675005ddb0d44880e0847dfb55caf1e52f6ca889a048f5

SHA512
accc28f4039a3d1b41fb588bc3b76fb4df1c6c1499459e4ecad931854221330df52d93efef97b7aa324c0f66b8ba6ca35569955f1181493787b9249d721830e5

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
40KB

MD5
c9505f45fb8e599f87f8176a57f12303

SHA1
f92da081b948370ef1706222509de61dd4de0381

SHA256
bbcca340652ff5e1b1f661d9cdc602cff3aa673ae0a6f761c0ca024ddd7dac15

SHA512
ff5072bb7ae5c325b342e18626e535fcfe25bff4abf327ea2bd5a48d6c8f94472ec5337f111cafdf3d4b7b2caf1862f1410f02919239d7a28cd42606b4ca34d3

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
22KB

MD5
a294ed41b36cb9a646ce2906d1bcd86d

SHA1
3ba0a245c07f75b44de239c02321f4676d175203

SHA256
49b93d9724925582c6ae7f5e919eb7d52e4e8abec9b931aca7622eb5463df73d

SHA512
e2969671120b9e4a7570e0ab21de9d27f4aae685f7bee8426da18fc58b26bffc57fd28aae262819a8253289e8ff0a6188848cefb7b639766bab687b7b170d1b9

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
43KB

MD5
ed61eecc6b9dd2a5ecc5a552f92181b4

SHA1
7aad0ef9574144f373d2fcc1f04a428615db7e77

SHA256
42d736299bbe00f1e73ae182c0f998d96947b361918ef929c841071142b35de8

SHA512
519882b7ff17dda6be1b4db7364c0fac22bdd0d4df1b51e6aa391c965451fb07d504dc295c05b4124ca868fa6980bc51873a138b5871836db7c233dfe7e54934

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
25KB

MD5
c7dc19bb2509c8238b01a8dd8d312622

SHA1
34af0ab574e4b92167d483b3dff534f9d13ba7a7

SHA256
f35930f999e3de3e9d2d68a98ae4d421f0d9afe2cd459b6ef8a700066ab55f58

SHA512
66302469f8e982ed0db058bd6b107905bb4826f61e321bfd4fb8257250d9d75be8b7dae2ef1d9a5fa46de5bc81fbd7914254ac6d9dce201833e5291cbbce8cf4

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
54KB

MD5
7db250f184f57e470865347445ac1bac

SHA1
e24aad84e70c068b7242f013a279642cf1269841

SHA256
18e74714ba71b92d172c81f40c0dc84e667cf95b1167848e480eaae6b497bec4

SHA512
7f46b39fdeefb5c409aa9df4924a096135a510221da529aa62ef13929caf515126f7593552ac47245d574f85b199511a665d264fcd83dc7795bfc7a334d3c3ad

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
27KB

MD5
472ad6144842f4cc85dd7d2df448180a

SHA1
1ab4539b5b3a0fda63cc94ddcfd364830dea2068

SHA256
2b5a3fa1b7f1ab5ed4f73ab33dac786647f96734526e7515737a945fbab971c4

SHA512
276bc73d2079de55b66b123ed690698b44203f95d2e105fcc5b6dd44e5d3a7edf09a3a0a0ff4fd432935c95ea66d2c561889d9db47f340bcc620d69dd5877a55

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
53KB

MD5
30581964e4ab232dc253030a81ee9f88

SHA1
d3c33595e60420dcd1ad81ddcad03460905b2bb7

SHA256
9372e344642f76781474ef5e08dadfb01f424df86a3d4435a0562c3d94b469aa

SHA512
875bcc4cd5cb5fd1ebe086f906deb512baa6a4b88bc73c32cfff52d833c0e7845f99ebd6291b1cd77fc917110ee1d805b8154333ed4844e554352c573aca295f

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
35KB

MD5
a7ff39bf6c5a2b90577294b2ac6a3cae

SHA1
843492c350af86541a7074f6d4b875d54ba3c353

SHA256
8ea493e5dd09f900028c80d7772a8990b051f90f9741d8b08eeea902c8094cfd

SHA512
7cc0af54c7621cef90764bc197d6bbadc908e7b8fba791cac3e8de325223ddec7b5cf47aaf959613fee7703d92fccfed61b5083e2ebf7eea9a490717418915b6

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\2.jpg

Filesize
41KB

MD5
be0b2d15110d339035415daca3b84060

SHA1
a063f03cee22fc1aca56bc6e82f45fb54337d935

SHA256
47c34c243f71cd49a2a28b776272f127d3753aebf98b17a73fdd84a047b42e5b

SHA512
f6407b296f0e7d2cceda87d4bfa538222facc460700fd3d469bb7f374528aa6be505bdd1f15fed72687ff2e128af3e9e036816cba7afaf35f82e90dfe0434b46

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
30KB

MD5
50c15a9158fe6d380853cdeb48cd0d94

SHA1
ebd9238e66cd3d1f4e6af246ca8a220e17203ab8

SHA256
24ae656fe9c7cd7a7d1f1070e9bf3079eb8fae0f77dccd054c91b030a7d84ac0

SHA512
dab9bc788abecf1531fd058cc15d7703a6814f7549f5248fbc098d01a622b25b4179fac2f55c93a155a9cbfb6f7238a3339b31bb0b57bd260862315a931b70ef

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
25KB

MD5
ff5a0e0145f66d730263a07936760d4d

SHA1
46b59b14996dd16cb49ab861e0676c19dc141f89

SHA256
46866bf231cd2f08b54eeafa532b64e337aadb87490499e90bdd8594972f6810

SHA512
5aba7dd2b0aa28c151e9e07d11e728d3a60b1a59c95f5933748ffc53842f7eb3eac4a1f72d26be627ca0bbbf6d4803cdaeef89f45317c7b98a59fdde44005795

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
48KB

MD5
de23cab972d76bda827ec4dae9febf84

SHA1
56be400e6ea4ea13121b32c97c3d416cd04bc2a3

SHA256
7001801ff2a20e2e6596cdb839ec14baf41e131bcd3f59e5b43a0cf6e8dbc2a9

SHA512
ac48ca19f8d10ab7744671066d6a022e8c8091122139e8100a5b6e828e58b9c13b396507c18017123c7181d55b1530c5accd6b0844c00dcd0af48c6f0303c566

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
37KB

MD5
8282b2c0bc78c1e01a02c227b76833ad

SHA1
b6596b936bc148bac085cfde78091e7fdb45ffe7

SHA256
1e02517c7c3b783cc73e88246487b3928fd2cf4ced5c978fbdad7162fb4e8920

SHA512
bdb6a9ca250c55ab3e6c685ababb651d03463693bd7b86fc067c442c9bc1dc850e5e67a85e4b75fe3c672d6d9391ca5b11a358682cf09e33f0d3a4a80dd8d607

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
56KB

MD5
561fe67ae3f70b6e0c4f2cbddfbfec50

SHA1
bfa056e2285475f916ffb61b9f858dc49be35e0f

SHA256
82d62096e07c6a986a3ee6e82bbf8ac8b402dfb68d1498b354b5f4356afd2b8f

SHA512
460aea701e474fafa1f05a3eff00672591d4c959bc0efd731936580b9d3d8dc55a9563d7602eb46cf6a03e1cbb88583e42b0efa12e3ef0ceb53fa861208aac6c

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
29KB

MD5
bb1e5028ba183815346a221d7e5d63de

SHA1
e1eea3f617e88487ab5829ecffdf1079b75e57e0

SHA256
0052cc323b2da2eb9ac4f2c1e5488a273fee621dcfa80d634515fab50a7aa249

SHA512
d2002e9babcda4a230e6015da30713fcb8e43be6e62ff1ca67b0570b94f7943a6f6f23501994f72649e0d0fbe2ad52c82bb2e36ba6b3f9849a7f487349d6fbc0

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\3.jpg

Filesize
52KB

MD5
285297377beebaac945b103104e744a6

SHA1
ed6bf8c75bfc39ee99c48ace7bfdaf75a3b594d7

SHA256
064bc305dfb150dd9aebd57999434667c81196dcea6d7871ea97db0b213cf0a6

SHA512
9ba2ab88b8107dc2ac97bcb9a667bc23b37cd40436096907fc6df3329e6afd2f1bd742c9f391626297ef61ec94734c645bb1001caaaace1996ea670c1ed3069a

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
18KB

MD5
d6fa4100dc2675a253c0d49c1f1d95fb

SHA1
0fc460479ceafd57817898adbb9defe53aa3b3ca

SHA256
87481349201d5e559f502d6293458cb5942c2b132932c9fda863184d183cbc84

SHA512
201b3c3458e3c11c7b38f542f5fadb448697c2202d1af7108d0ca34fb5da491916ffd3e6a0014b9945c18d82364db107508bd8f2bcd8f274756dc664f8f91a09

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
39KB

MD5
17113e07934e6973cd3f7c5d0b3c114a

SHA1
1ac5c7cd7cc30d7af4b9318341f8788df5417d6e

SHA256
985c3affaceeff003f92f1e227a1e68fcc8c45e2c7d32600eed08356ef936ff2

SHA512
b43e8e50e02dd87b5d20c9caa4ab6110810a8bafce8ccc07bd8d40d7f95cddf33b137eb0f4ec489678edc9a215b6e040a8fca179d16a1edfa71fc0953440a072

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
22KB

MD5
e86bd287d35116aa62c72fc70b77a2c3

SHA1
ef39c36e4c359b49249b14d35b7ff6fb87e3950d

SHA256
ee3c880a281e2f43d5a25f08887f72dfe1cd608bd86dfc2388b70a77249147d8

SHA512
8d4cbecdb8c3adc6c4dc51fee5e3df975f22097df03cea1b248c6ae271fa91b6a3c2e74941161593fc80bb46f54af84b0d3ca9bed06803ed0078b484da1e0c3d

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
13KB

MD5
c2af02cdb973cef6b63e22ead29922f4

SHA1
237c213880ddcfd9b33627540a8f01f725623811

SHA256
a3c210205b0995ea2c04a0210b99026b4d79d12c812bd37f28edbe2e972516ba

SHA512
8182dc557ed39305543f46b0871aa2e768f796ce5ac370efea043dfd61d015da3c1274f6b02726b29074c48be8c6b1f19b58de0356a6907679d3a57138321e7c

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
35KB

MD5
cbbb621a6210a4c3952eb4cafc60c6a7

SHA1
68466c2bf9106bf0f8a11bfabac2cb99c7d4cd77

SHA256
dfd7d148d140963ffb999bc41eb5f642d94ac8ea25779c8a1cc584bd5cbce725

SHA512
3fc03d62e6afcb3af16a2754d07fab1c4feaff0ce8a8eeff7b11fe99e83b9a59bfc8744528e41a859519e7ae8cf7d4789e91abc628d0430f5362c1e2a97ef22d

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
22KB

MD5
2f096e51b6198cbce962a9f20c8070a9

SHA1
d8ae7878f9d48439012023992515446aead8f82a

SHA256
6976b02f91ac177f88009ecee70896119adc86d5e624926aabb082be49981749

SHA512
c4fdbdf0548b46ac3283c95ae1da849f8f441e5ff68715593c324dbc850c80a66b947daa80bb4e6aa07e5bec20ba9c8124fc482900e5df372190188fe8735310

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\images\4.jpg

Filesize
23KB

MD5
5143b501d41211e90133693f1e32b795

SHA1
bd7a7e61e961ea7407317a94853036dccf7d8b9c

SHA256
3e56594fd34a4a08a01aded963dc5e47527674a2736baf08d0bb478fcf1616f0

SHA512
83e9d3cf44881783709c754fa57f01da13bbae4fe235c99dceff4634a0bc0d3f999900537e0c75f5f61ed784a0ac11dd7937cc7d5c0c5fd397b14e5f829fe4f8

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
12KB

MD5
60683a794a1f004eaaff39d968078917

SHA1
122c0af1300b5fe32d52021371ac3ed56086bc41

SHA256
c718eca70de08264d8ae0b83f66ca36d9c54abb3d2afcf2c1eeade164cdda908

SHA512
b61c96813dee9bca68c3319f26cee189e90d77d9feba5004d23fd5e70eaa87b1f942e0f5214f0743df7e6855e304ef6ed5be2336fba2e58a70193dd4c4b94d57

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
15KB

MD5
cd1927706b2a638c0a413c1bd37aa591

SHA1
d398509e0ce3c422a6a14466f2571c95c44de4c3

SHA256
cf42c2947d84a7a3e72ee0e9cb0cc8911b6793733a0db46193b09f1a940272c5

SHA512
09c922af07373a2a3d67ebaf4906d790d587648314e29c1942678b35c15dc3b26d2ea507f2fc9cd1146fc70ff2e8a0318b1d194d550cd4a9a89472df424a2473

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
6KB

MD5
d461601fe5db5ff2d49e2e6bbf262526

SHA1
bfb96861431d297e2d21c0dbb0132fc283bebba1

SHA256
f9cf08620bc1e01d80cf904209b9d207922ba39a8d71c6be0dfcf9b540a27a07

SHA512
4f3465fe3ef0b9254bed43f402ea42592a553ec4187a14e759b9a9fcff0c2e7d41d721fdd828e95016838d0ece0b46cedbf3172fd1c0e03c83f33509cc367180

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
3KB

MD5
eac745605a3069e2e3fefb0d0293b498

SHA1
5088b5503b6ae1a7e0ad2ae7ec1b77c4117405c2

SHA256
5eae73a5c09f0df10d4327b6d4e7a1c52ad3dbe905d657d85779e5bbc701e211

SHA512
654b54e7e7a6a3689525e8417f093e620d6a6c2e829261e7214edbe71d8d5a77748af1701b0a6a31391260ce4038b18ca306757dc3cce9b2d303b5a16685d6a0

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
16KB

MD5
3c3ec321ae1374ea6e72d37d2af942f0

SHA1
af3e3356759ea0b01d8ad106b597ce23f70799a2

SHA256
659cbd4e6d25ff8583599380f43985b2c101e1b93a17c5dd0a185e5fb6bfb421

SHA512
906e71a19b0c9c2080fea2db094342aae4995d7207a41d5ab5b4ba07c5bfd716aacdaaebef6ac7d6d44516c933f9e5c56b96da9a86fda23ff75b133a08403fb1

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
39KB

MD5
8710b1517761707f75b1831b9fb42e42

SHA1
0954c435da51d415f4c964e7775004c5f99eb637

SHA256
751f3d69cd3a22f268e359eb4c289fe7e41bcfee3cd486e3d978527a2fe8ebe4

SHA512
406d63726f6a060acc565ad8503bb33d2af0dca90a1993e40fa59b193ae22b1d4ee72cd5f9fdafa417ed30364950a6f1bb92607b9626dbaa9e37c900b0d340e0

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
23KB

MD5
9889bb43f036cbcfaed94b1bed5a946d

SHA1
d86d1584a8fb2c64cdf5bb134ae4e28f70696c12

SHA256
fdd61bf71eed613e15adcfbe3e3bad4caf61cae2387316ff198b0a1bf6f9e45a

SHA512
735ed4f74f228edf4ca2c1f99cddfe5ccef3ae84053f3f9deb284c61e85b6189c306dc8c876ccfd430532cc57f1395c09d135fd7bad936729802bfcbdcf6cd14

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
5KB

MD5
6a30c05acee32aa878267b93c2137fdf

SHA1
f3211a38caf9cfe948d4e88a06cdea9bb726ca7c

SHA256
33a21a53be0bf5dcd247cbd666db11946576121ef8177bf8557c9b5fbc022d39

SHA512
69917fd068e9c5984271b900961b9a5a6a1b4b2ad9f35f0d533071df4418811a83655d85bb24bd6b80312ba9dc40838b2d985b89fcb536e9cc8cd3d7c3f7965e

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
5KB

MD5
dedad342670ae0f61297cab962bb8b1f

SHA1
48c729fce973a4e6cad8f92073556c755dccfadd

SHA256
5dfb8fa248cf7fc95e9364c94df7813b9772971924277e4d25094b803ecbca76

SHA512
9e55af5476ae7f4d40265a75dd273edbc3db05b3348b5575e1f81c1050fb6bc70dc7450df7e971aced848742c1448a9a0ac4119fa6aad6e6818f789dc6c6e83f

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
126KB

MD5
c6ab70fdc64afc0cac6b791d740990ae

SHA1
8293bdb8d4b30df048da542b82cf36465a33f6ff

SHA256
0df656c35d84135ae81c72c512128729dfedbe6f95edac555b37859ba724605b

SHA512
9dafacebed87af5e14019f96fb982afd8a78e972d9ad62bfc1947736f3109fc41c237aeb07fc8d49c1fbe0b7470b8e05298f3ed9cac266092ade0cfb2b266160

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
6KB

MD5
d03c28cbe2716d9680d812c286085641

SHA1
351ee9c4d8686cc9766385350f780e8ae23a533d

SHA256
d9f749caaaa1a4c3e05b54defdd140f07e3467e78f159f707a6f0b88fb7b8318

SHA512
b6645fffc4e3e8321209fa01430738a3028a8ae427be9f10556ccc66f46f87c4eba6d100efc4d2db46cc6ced7f57de84b5f7fd6545ad95918e01254dbcbc45db

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
12KB

MD5
be78f01645850d2aa962fbcfbcc45039

SHA1
decb94d72f42e0349bb42487e3311693fd72a86c

SHA256
de7b524a8297e9c45baee9f26d19bbabcab532a90d8d5af81e6248f0037ed59b

SHA512
cfbc31acfc0ecde474eaf306155d53372c097bdca61a7f469e7c4f01fd3b3f3ce020c0ab981960d6e8a2f7163a5d90e54a5c2a839cf771118229c449e0afe185

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
12KB

MD5
f2fbbb2b09665afb4f600bfdd93f5324

SHA1
27e49c7583e8494c824f964a845474142d464cc1

SHA256
8d79e4be0db5555a8515891b50fad0553645a45e1b168b0b0402e506f8193cf2

SHA512
8cfc96c1904e4fee0c0cab087b5a5a383ac072c8758d56a7de880ce5625f814a328ec9ed353fa8d06804930062fe51e3c15d5e61da195feeca175785386e4071

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
4KB

MD5
44d18f37de59e74ba39ebd714985dd80

SHA1
9df50d82dc3e76f0b1e871a9996f478a9c6c6601

SHA256
b3b4873b263e0c3a365ec3751b3dd8d3d2837c266d64a0f9c6d940c9ae3587c3

SHA512
077e491fd97977b0efaeb1c591ac86f781c44470ea91d474266fa7f34924277bc0cf05d6bcfa5532ed7263e1f87c33ae14e2a005bf1022cff2430add39b08fba

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
2KB

MD5
6304c736663bc5ab7777d5a655f26cdc

SHA1
98aa3786f1cd0e05cfefb3ea771f04b999f6c88e

SHA256
9ac4f794f7681cc335a7e5f2efadb4a95ab47a27fa6f1458ee337d65d39a4951

SHA512
0ddd65880b1804b50195ee7898f9cca2674c317736e2868e46fd1882b24162c754f859ef5404be3256c5b4d53380ef104112d1f0b39841855bf3a1eddb12c2ce

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
5KB

MD5
14f6ede2dabcff3626374d4f770cf838

SHA1
c653b1c5dc784b05deceea39c7d0559b9c1f0375

SHA256
6c7ec823f7aecc63e2312ce0a2376e4abc7283282a2d123e37231736f1410a42

SHA512
88bedb4cc82133e874e10de474153174226312d918bdc31344e4af2cdc1059db4777cae06760018fd11ff861c96ee750a7e7b19c3f62d8dbd1ccd09b8b5a6b0e

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
6KB

MD5
5746f8a1377d1b9dd7de5765d5568aa3

SHA1
6811beddd771b8ed5f306b8e5575a101e2b17c70

SHA256
67571ae2242b70b9907b7f79e6dd95193c69464678c37e868eeda8ef3d4a9e82

SHA512
d7a3cc78cd9b6fed4799b1209c8caa187ce5ac748a72be9dd83eb6ea698de33fa244215068c58db390a729a303a51252f63370bdbf1047f36a72f69826f9b05f

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
5KB

MD5
9617c96d0fe23f63d598b8d48e7af090

SHA1
2236f724ae9fb147ee4f40a20d19d8aa8d9c8818

SHA256
04854f5cc1e5893989c4c6bf50bfafdec1ebf4fd89f42c81fbe73cf886e76997

SHA512
26ab7d501bc9bbe898f7263c780a5532e465b7f285181b8d8ef2bc75f166c58b5895729edb9d2fec878dd770acce3e1973f31f20189acddb310451cc988024eb

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\info_0.txt

Filesize
14KB

MD5
13744eef3f087c8a1339786c0d23eb35

SHA1
9f236ac6677a42bdf7f3c2651828c9bdeb5de831

SHA256
ac57f1d770e09f4cdd9bcf3ce958a32fe07b3d02aa557aee5cd762d7aa747555

SHA512
4e559dce60b101098779ca477a04b50783bf39d14f465eae49da6ae803e33d1a0016c869e4dcec296f4f3c321b935a7272b0868f18256ff7284016b7bfa0454b

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libGLESv2.dll

Filesize
6.3MB

MD5
63988d35d7ab96823b5403be3c110f7f

SHA1
8cc4d3f4d2f1a2285535706961a26d02595af55c

SHA256
e03606b05eeaed4d567ea0412350721c0d566b3096b18c23bd0b3fcde239e45a

SHA512
d5f5aca00be9e875fcd61531cc7f04f520fb12999e36e4fe06beaae491b47d2e9fe182015db1cbfbb8e78cf679f2eb49e20ecdf1b16d1d42058d6f2d91bc3359

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\libcef.DLL

Filesize
168.3MB

MD5
f5259cc7721ca2bcc8ac97b76b1d3c7a

SHA1
c2fc0c8396d8cd6764809a2a592972e2ebca64ba

SHA256
3fe6a262ef01cb8fd4dc2d4373de0f1f0a89ee51953452ed4557cb55f1da9ab4

SHA512
2d01b1f2b24717eff37965bbc32d167434a65f3dfff74342d2e2fa8fbb0e97c3f61fdf673a13ad63031d630d9ce46a6f9f0c4f89ebd30c31f3ea55817b9d1331

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\locales\en-US.pak

Filesize
424KB

MD5
feab603b4c7520ccfa84d48b243b1ec0

SHA1
e04138f1c2928d8eece6037025b4da2995f13cb4

SHA256
c5b8fbdbb26f390a921dcacc546715f5cc5021cd7c132fd77d8a1562758f21f4

SHA512
e6b3970a46d87bfd59e23743b624da8116d0e1a9912d014557c38fd2664f513e56317afa536df52e7e703863fbd92136be57ee759a2ffc2958ab028f6287e8b7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\log4net.dll

Filesize
269KB

MD5
7ea1429e71d83a1ccaa0942c4d7f1c41

SHA1
4ce6acf4d735354b98f416b3d94d89af0611e563

SHA256
edec54da1901e649588e8cb52b001ab2aec76ed0430824457a904fcc0abd4299

SHA512
91c90845a12a377b617140b67639cfa71a0648300336d5edd422afc362e65c6ccd3a4ff4936d4262b0eaf7bae2b9624bcd3c7eec79f7e7ca18abe1ec62c4c869

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\resources.pak

Filesize
7.8MB

MD5
f7ec58aea756f3fd8a055ac582103a78

SHA1
086b63691f5e5375a537e99e062345f56512a22c

SHA256
517418184ea974c33ffe67b03732d19b1234dcb9e5c1c2e9e94ed41b3bc1d064

SHA512
c620c6e16bbcee9bc607e6ca75d602c756276ac69e5f3761d82de7728164133656a71a69043eb1a86ce3051fde4327a47efd41d1ff47c8385699ca67c423ad7b

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\results\1_info_0.txt

Filesize
1KB

MD5
8531394a90dc465d261b90942fc57c2b

SHA1
650408353b9bf22710adabed64adad777281f573

SHA256
c8e1fe2591f82e72c5836a7386f537f698a51768ee80846b1ea007df23660812

SHA512
e721719bafdda183f57c2a3362f492453665ac57d5581d1f1a0c7384811895ee7ca8828688b79f38637e7904535dead59cea00fbdfb51e7fbca006e40c67e0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\results\1_info_0.txt

Filesize
2KB

MD5
34836c1505f3526a1a0014b0c06f864c

SHA1
0e1131546861658ac70602461c4cc1b1d3445627

SHA256
8a768637ef310b8e898777a42872af9d59d310b632ce0be298fbe959eaea8adf

SHA512
ef61d29d639d104ce67bc32643c893a7b869db89ea0b581ddc136e7e4f7c1ce471ce2772b7d10c3e9851352b141382fdc88b9f3890aba4735d275cf3b71cb8e9

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\results\1_info_0.txt

Filesize
639B

MD5
d373a4bb0ff6a7206463910a5437b0ed

SHA1
52fb6761593839cb3edc2350351310bf6c9153bc

SHA256
5aca0f5e1e2433ab953d4721b8fc6e4d6aa4eadf0f6eb8eb9a17f1a39c4b9520

SHA512
6e207891552033d2939ab2b80acc32b6687cd04b769ee2f734344f9ed4105aed56dade1a7a1fbc0f0e58b1add9ccb45d99a660d3162580c7d06a41322ddee17e

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\screen\screenshot.jpg

Filesize
115KB

MD5
c83020c095cd123d5289ed65b1dc2ed3

SHA1
1a60e9fc3df70aeacb8c8325b426782313e2727d

SHA256
5d9376e6975985ee4393a3202ae54c211173ca49f3454e9d292ae0ca9065e2af

SHA512
4838a3f7a60e042be601646bed2f68b468e1858c1b9318466f1cd9d276fbf72f220d023b995b21ed1f3f37577bd7e482e2649b5d14237edfd89ad0c2283596fb

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\screen\screenshot.jpg

Filesize
119KB

MD5
cbc9c38333e5b163ea6da63087cf8c4a

SHA1
b0a7283fe48aabeb17bf867c30714fec3f39d2d8

SHA256
83ae5074822e0c2ee36873e5b10cdb556f148a655e19949068276e22b7daa0ae

SHA512
e6969b227ab22448eb0a8e9f031def7e287cd373bb4a30d6a30ff6be89804f807128ee1e914643702f263277fd013befb3056b2a0181c3ee0193f822deebb4ec

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\screen\screenshot.png

Filesize
43KB

MD5
25da3c6a270dea481f72ee63378217f9

SHA1
82f32c47b33d84851b1880af1a600c57f18403ea

SHA256
c21361de3580359d53e6a6a23bb2ae57df89afd819e7877dbf614258fc05ba6a

SHA512
675fca04a3258c3a94a6fad1590e12490e5d34f0704b04e707a022f23618e4e31c7a0230ab0fc20a5ae0eda60a63c311d33662cc3cf2ee70e68a57dab7bf7410

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\screen\screenshot.png

Filesize
1024B

MD5
22f773623bb0020b8e92b88b74c9d2d8

SHA1
a168b965190a5d2ac2dd458adea182749897224f

SHA256
4705d07dd8c1d48ee6b4d6384de10169dacbb3fc757d732e31dd858044433b4c

SHA512
6f7205bebc48b3f84fe61cf3e6e8ec6199f05bf15b64eb6566ff7eb6ae26bfa85ebb74142a6672ddb41e3655e05443395483da0ebbf179cee2d8617fd7c185f7

Download Submit
C:\Users\Admin\AppData\Roaming\Pinball\v8_context_snapshot.bin

Filesize
616KB

MD5
0794df29df8dfc3ece5c443f864f5aeb

SHA1
bfd4a9a34beb9751bc4203fb9a9172f1f05e5b16

SHA256
3ee2237e9b14871165b051ccf892c8375e45b5f12841e02f4b9d37f5d5a03283

SHA512
0d34e36f7455b977f086f04840fba679284a619a7164a56b5c7fc2adcb23a231b67a62101540eb07cf5c8192790266b08d2cc232d291621c331fe77c1f5e52c0

Download Submit
memory/344-236-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/344-178-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/344-246-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/344-205-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/1760-282-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/1760-279-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2172-217-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/2172-275-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/2172-185-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/2172-190-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2172-243-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2172-242-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/2176-233-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/2176-244-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/2176-126-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2176-125-0x0000000000250000-0x0000000000284000-memory.dmp

Filesize
208KB

Download
memory/2176-232-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/2176-127-0x0000000004D00000-0x0000000004D92000-memory.dmp

Filesize
584KB

Download
memory/2176-128-0x0000000005350000-0x00000000058F4000-memory.dmp

Filesize
5.6MB

Download
memory/2176-132-0x0000000004C50000-0x0000000004C9A000-memory.dmp

Filesize
296KB

Download
memory/2176-222-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2176-191-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/2176-285-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2176-150-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/2176-133-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/2176-145-0x00000000062D0000-0x0000000006624000-memory.dmp

Filesize
3.3MB

Download
memory/2176-137-0x00000000051D0000-0x00000000052AC000-memory.dmp

Filesize
880KB

Download
memory/2176-144-0x00000000062A0000-0x00000000062C2000-memory.dmp

Filesize
136KB

Download
memory/2176-143-0x0000000005ED0000-0x0000000005F60000-memory.dmp

Filesize
576KB

Download
memory/2176-138-0x00000000052B0000-0x0000000005316000-memory.dmp

Filesize
408KB

Download
memory/2176-139-0x0000000005AA0000-0x0000000005B3C000-memory.dmp

Filesize
624KB

Download
memory/2224-260-0x000000000A530000-0x000000000AA5C000-memory.dmp

Filesize
5.2MB

Download
memory/2224-214-0x0000000005AA0000-0x0000000005AB0000-memory.dmp

Filesize
64KB

Download
memory/2224-235-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2224-247-0x0000000005AA0000-0x0000000005AB0000-memory.dmp

Filesize
64KB

Download
memory/2224-284-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2224-171-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/2224-259-0x0000000001730000-0x00000000017A8000-memory.dmp

Filesize
480KB

Download
memory/2224-213-0x0000000005AA0000-0x0000000005AB0000-memory.dmp

Filesize
64KB

Download
memory/2772-281-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/3256-3054-0x000000000A4D0000-0x000000000A4D1000-memory.dmp

Filesize
4KB

Download
memory/3256-3052-0x000000000A4D0000-0x000000000A4D1000-memory.dmp

Filesize
4KB

Download
memory/3256-3056-0x000000000A4D0000-0x000000000A4D1000-memory.dmp

Filesize
4KB

Download
memory/3256-3051-0x000000000A4D0000-0x000000000A4D1000-memory.dmp

Filesize
4KB

Download
memory/3256-3055-0x000000000A4D0000-0x000000000A4D1000-memory.dmp

Filesize
4KB

Download
memory/3256-3053-0x000000000A4D0000-0x000000000A4D1000-memory.dmp

Filesize
4KB

Download
memory/3884-169-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/3884-245-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3884-234-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/3884-274-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3884-197-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3884-216-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/4356-286-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4356-287-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/4456-291-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4456-277-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4456-278-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/4536-215-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4536-212-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/4536-261-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/4536-276-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/4536-218-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/4652-293-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4652-288-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4652-294-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4944-292-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/4944-290-0x00000000049C0000-0x00000000049D0000-memory.dmp

Filesize
64KB

Download
memory/4944-289-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/5116-283-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/5116-280-0x0000000073B60000-0x0000000074310000-memory.dmp

Filesize
7.7MB

Download
memory/5392-3037-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3024-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/5392-3035-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3036-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3034-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3032-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3028-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3027-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3026-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3033-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3022-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/5392-3021-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/5392-3038-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3040-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3039-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3042-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3041-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3044-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3043-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/5392-3045-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download