5857625a715d90a09c59ec4e0ad54295ad50eda008da58bcaa9b0b40a0c94ee0

Resubmissions

27/06/2024, 22:03

240627-1yeg1stbqd 1

27/06/2024, 22:02

240627-1xvgvatbmf 1

27/06/2024, 21:45

240627-1l5hnsvfmj 8

27/06/2024, 21:42

240627-1kj6caselb 6

Analysis

max time kernel
2702s
max time network
2697s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

335435111_763762744951249_4159534093409765383_n.jpg
Size

17KB
MD5

c196e68774b1a06aec7fef484ffc0d1b
SHA1

a58cc2a9847c87d67adcb9ace4d73dc381d86736
SHA256

5857625a715d90a09c59ec4e0ad54295ad50eda008da58bcaa9b0b40a0c94ee0
SHA512

cf9f2cb85d3fe887a2dc2d1a7693b92767000db14d65a76871272ddb0ede8aa2365810517d59090c53666b34f176157d1c6d6c27d4e0a219ef1039dbe4b47c9c
SSDEEP

384:rfO7IixiLQn2sH0E/muXEEpJyjDVOjUJfoiGCk1ojX0UH13:rfoZx6suuX9g9ZhoiJFjEUH13

Score

8^/10

discovery evasion persistence privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1392	netsh.exe
7524	netsh.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	luminati.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	luminati.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	luminati.exe

Executes dropped EXE 53 IoCs

pid	Process
1796	MentalMentor.exe
7320	MentalMentor.tmp
7432	7z.exe
2900	7z.exe
5088	7z.exe
4268	7z.exe
2912	luminati.exe
4404	test_wpf.exe
5628	net_updater32.exe
384	net_updater32.exe
7872	test_wpf.exe
5964	mentalmentor.exe
7504	mentalmentor_crashpad_handler.exe
6436	idle_report.exe
5464	brightdata.exe
8080	luminati.exe
6608	QtWebEngineProcess.exe
2732	test_wpf.exe
1936	QtWebEngineProcess.exe
6100	QtWebEngineProcess.exe
3484	luminati.exe
6948	test_wpf.exe
2912	idle_report.exe
5000	idle_report.exe
5708	idle_report.exe
3484	idle_report.exe
6288	idle_report.exe
4348	idle_report.exe
3808	idle_report.exe
4108	idle_report.exe
7176	idle_report.exe
6512	idle_report.exe
4668	idle_report.exe
3892	idle_report.exe
6516	idle_report.exe
3280	idle_report.exe
6260	idle_report.exe
3476	idle_report.exe
7364	idle_report.exe
6696	idle_report.exe
6488	idle_report.exe
8048	idle_report.exe
7528	idle_report.exe
6976	idle_report.exe
7760	idle_report.exe
7824	idle_report.exe
8072	idle_report.exe
1648	idle_report.exe
4560	idle_report.exe
2932	idle_report.exe
5252	idle_report.exe
5196	idle_report.exe
5432	idle_report.exe

Loads dropped DLL 64 IoCs

pid	Process
7320	MentalMentor.tmp
7320	MentalMentor.tmp
7432	7z.exe
2900	7z.exe
5088	7z.exe
4268	7z.exe
2912	luminati.exe
2912	luminati.exe
2912	luminati.exe
2912	luminati.exe
2912	luminati.exe
384	net_updater32.exe
384	net_updater32.exe
384	net_updater32.exe
384	net_updater32.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
7504	mentalmentor_crashpad_handler.exe
7504	mentalmentor_crashpad_handler.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
8080	luminati.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
6608	QtWebEngineProcess.exe
8080	luminati.exe
8080	luminati.exe
8080	luminati.exe
8080	luminati.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent"	mentalmentor.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 44 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrightData	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log	test_wpf.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_488E097E1A6B1768143D54114E281A12	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_488E097E1A6B1768143D54114E281A12	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log	idle_report.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	net_updater32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	net_updater32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 44 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	net_updater32.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639986799043256"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	net_updater32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{CE9D2C86-50FF-4F87-AF61-0F4C4B11A5C5}	mentalmentor.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA	luminati.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	996	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5964	mentalmentor.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
6856	chrome.exe
6856	chrome.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
7320	MentalMentor.tmp
7320	MentalMentor.tmp
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
7320	MentalMentor.tmp
7320	MentalMentor.tmp
5892	taskmgr.exe
5892	taskmgr.exe
7320	MentalMentor.tmp
7320	MentalMentor.tmp
5892	taskmgr.exe
7320	MentalMentor.tmp
7320	MentalMentor.tmp
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
7320	MentalMentor.tmp
7320	MentalMentor.tmp
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
8132	OpenWith.exe
5892	taskmgr.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe
5892	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
8132	OpenWith.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe
5964	mentalmentor.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 2796	736	chrome.exe	104
PID 736 wrote to memory of 2796	736	chrome.exe	104
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 2088	736	chrome.exe	106
PID 736 wrote to memory of 4544	736	chrome.exe	107
PID 736 wrote to memory of 4544	736	chrome.exe	107
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108
PID 736 wrote to memory of 2000	736	chrome.exe	108

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\335435111_763762744951249_4159534093409765383_n.jpg
1⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffaee4a9758,0x7ffaee4a9768,0x7ffaee4a9778
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3664 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2732 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3472 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5476 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5868 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6092 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3460 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4928 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5420 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6232 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5528 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5684 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6880 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6912 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6924 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7036 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7044 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7540 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7672 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7872 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7896 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7912 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7928 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7948 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7980 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8000 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8012 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7400 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9424 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7296 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9392 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6908 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9868 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10088 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10148 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10312 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6756 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8368 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:8120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8616 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8612 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9000 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9080 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9052 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9040 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9084 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=1604 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10072 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5280 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6232 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8000 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4848 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8672 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8576 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=3292 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=3260 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8696 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8604 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=4480 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8716 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8008 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9048 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9200 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:8080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=1784 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6500 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8728 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=5884 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:8148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10852 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10420 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10180 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8356 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=1812 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=5824 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=3464 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=5812 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=10924 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5748 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=9780 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=4460 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=4836 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=5684 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=9332 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=10212 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=8984 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=10172 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=11128 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=11052 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=7612 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=6676 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=6616 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=7204 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=11064 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=10992 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=7128 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=10724 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=7212 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=9820 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=2664 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=8316 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=3516 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=8252 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=10332 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=11152 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=9512 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=3740 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=8336 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10624 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:7716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9352 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9352 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=9720 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=9684 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10564 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:6376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5996 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:6188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=8532 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=7880 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=7044 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=10376 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:7496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1104 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10924 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8844 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7112 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:7772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8072 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8072 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Users\Admin\Downloads\MentalMentor.exe
  "C:\Users\Admin\Downloads\MentalMentor.exe"
  2⤵
  - Executes dropped EXE
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\is-UE8V4.tmp\MentalMentor.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-UE8V4.tmp\MentalMentor.tmp" /SL5="$60242,2483849,845312,C:\Users\Admin\Downloads\MentalMentor.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-NSOSL.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4268
  - - C:\Windows\SysWOW64\netsh.exe
      "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:7524
  - - C:\Windows\SysWOW64\netsh.exe
      "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:1392
  - - C:\Users\Admin\mentalmentor\luminati\luminati.exe
      "C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      NTFS ADS
      PID:2912
    - - C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
        
        C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
        5⤵
        Executes dropped EXE
        
        PID:4404
    - - C:\Users\Admin\mentalmentor\luminati\net_updater32.exe
        
        "C:\Users\Admin\mentalmentor\luminati\net_updater32.exe" --install win_global_microtrading.mental_mentor --no-cleanup
        5⤵
        Executes dropped EXE
        
        PID:5628
  - - C:\Users\Admin\mentalmentor\mentalmentor.exe
      "C:\Users\Admin\mentalmentor\mentalmentor.exe" install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious behavior: AddClipboardFormatListener
      Suspicious use of SetWindowsHookEx
      PID:5964
    - - C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
        
        C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\9b4db56e-edba-4c36-2b8a-4ea634a1ab01.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\9b4db56e-edba-4c36-2b8a-4ea634a1ab01.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\9b4db56e-edba-4c36-2b8a-4ea634a1ab01.run\__sentry-breadcrumb2 --initial-client-data=0x53c,0x540,0x544,0x508,0x548,0x6c337b7c,0x6c337b90,0x6c337ba0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7504
    - - C:\Users\Admin\mentalmentor\luminati\luminati.exe
        
        C:\Users\Admin\mentalmentor\luminati\luminati.exe is_switch_on
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:8080
      - C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
        
        C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
        6⤵
        Executes dropped EXE
        
        PID:2732
    - - C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
        
        "C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3172 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6608
    - - C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
        
        "C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1936
    - - C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
        
        "C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=audio --use-gl=angle --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=4432 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:6100
    - - C:\Users\Admin\mentalmentor\luminati\luminati.exe
        
        C:\Users\Admin\mentalmentor\luminati\luminati.exe is_switch_on
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3484
      - C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
        
        C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
        6⤵
        Executes dropped EXE
        
        PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=9664 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=6916 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9504 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:7092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6900 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:8
  2⤵
  PID:7700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=5136 --field-trial-handle=1908,i,5600474110633610502,16784723884760830047,131072 /prefetch:1
  2⤵
  PID:2220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3896 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:5732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:8132

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5892

C:\Users\Admin\mentalmentor\luminati\net_updater32.exe
"C:/Users/Admin/mentalmentor/luminati/net_updater32.exe" --updater win_global_microtrading.mental_mentor
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:384
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7872
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 61093 --screen
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6436
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe --appid win_global_microtrading.mental_mentor
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 25356
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2912
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 23171
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:5000
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 61729
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:5708
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 13121
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3484
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 34105
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6288
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 24370
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:4348
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 95213
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3808
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 43764
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:4108
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 82315
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7176
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 30866
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6512
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 86983
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:4668
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 53101
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3892
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 83803
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6516
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 72495
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3280
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 21047
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6260
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 94730
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3476
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 70566
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7364
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 51410
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6696
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 59538
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6488
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 83363
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:8048
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 24066
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7528
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 80183
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:6976
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 28735
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7760
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 34993
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7824
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 73544
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:8072
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 36821
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:1648
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 70364
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:4560
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 23626
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2932
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 44610
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:5252
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 10728
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:5196
- C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 49278
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:5432

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\20240627_215825_once_07_service_stop_1.429.308.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\20240627_215842_perr_windows_event_log.jslog

Filesize
1KB

MD5
986f7cbfe248ca9c98311e1be6019877

SHA1
f3bad38354199d0f446ca97f8d775072a4539bdd

SHA256
146df3fb081e0fca899c419eddbf0d6cb9057dd994e8623ab98fab72f3f286f2

SHA512
aa192955b195a2a6f0796ef8380c48584080fd28999bd7f9f009802320984c03f42de6c9678d8a3090f933a4be62006b473ea0e072eb65f70554c420f24aac32

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll

Filesize
7.1MB

MD5
c6030e74a4597da324a77da97cb33ada

SHA1
d015867cf7aca7a93f0912e1dccbafb1b2f4e04f

SHA256
44147c861e95842b7cf885afdd84935e28566514b3dccf6a1f8fb97df21aa21c

SHA512
25484367903290a2daa7d847a4db6ee72dba137ca4ee5410824d9d84618a0aa41bd33ae55475efe4f9034409b8e8c97daacbc82dd56c75ad29aaeed478be28db

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe

Filesize
3.2MB

MD5
ad027044465902bc8a6e85056d3e2011

SHA1
d7ae22a4988b2453c123953e03d0f44a4f2eb9c1

SHA256
e7bc43667b3573755abbacb09e1b47168bff77b10387803b6f867d44645ed659

SHA512
1a34d2a32b5146c9034d1cd08ddf6f250d1c81d3dd567094a138d8ff46ba18fcaa395f284e11ea565c24d48354ee125d231425ed870d2e848836a2d31ab80bf5

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe

Filesize
30KB

MD5
ddb7556b90d6b912cbc5b96ade855ba1

SHA1
1a6cd4dfb4549e94d2381827de64d58f4a49991c

SHA256
db1b3dc9925acce3d02b620f1110a4ca8fc78813ac5079b3d40c95c56e686508

SHA512
1bd48c043bc2aeb21d1937f92f4ffb3f02866ed74186b401c23af693b7c03ae3590c6ce8a5d1f3c597af36b00175ac9a88505295771e8ea98c4bb10516ed5b46

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id

Filesize
33B

MD5
0741194ce7f2408d747fe3f5b1cbb3ec

SHA1
01f41d2afe7f0c92876daf53c2fe4d4cab1522f1

SHA256
5ecbc7dd8414975fd950d4c716f63d00ac7f92d7b552bb136d88c25bb8b20aaa

SHA512
23b83bbff10baf49144c0cf732429c8b8a32c147a2eaa9099fc1631f18d80c03655af4745ba3cc0530be75856cf7dcf709e906780563a6d112ae395c4f61c1a7

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id

Filesize
131B

MD5
5e52c428cbfc6e4ceba89fad5d7185f0

SHA1
2a843c1ffb013a683c4c460620e406f2cb68578b

SHA256
cef59e77021e908cc1a9d005e42374071159963342c5c01437737a0ff4094ef8

SHA512
27b892e302a03262f6cf8667c806461ebc18f80fd12674c994f7ee93fa8ef54b36794242b9dcc7cc0f4ca91bf128257828d8c91e88cd9068dacce531b08c15c2

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM

Filesize
216B

MD5
04d96521e8725176fe9d698c5664087a

SHA1
e194d5293c6ba27feb80de9b6b4648c77d2176be

SHA256
486c6d8c6320da9983e5a4d2f8be134343ff7840b65eec8e8c96e185044426ce

SHA512
ac63bdf11b2f17013c42405ac06d5bfa6be261eee41588e0cc26b5089fa8d425d150e3824148558f48bae8ec1fe47990560095ac4af9549c052b65d7cf68c8f1

Download Submit
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

Filesize
29KB

MD5
0bbfcd9d525ec710b386e2efb3669b4e

SHA1
5aaa4f7a33f79e6fa71f44b58380229b80f6239f

SHA256
1b67b0bc187bf45a43c28b768b39e6ea5b657afd5433db0661f49ce7a3061d1a

SHA512
e4a654923926a6b81a15335e0165a0e39b721a1e8aa25343d553bcd32667b8edb0ab7a0627da8b9ee4a4e091232e61e30db0fd70595d38568dddda4d52abc0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\13443cfa-9490-42bc-af52-75ed9337a7af.tmp

Filesize
6KB

MD5
a75200dbeaaf79cb26856b45d934b990

SHA1
bade9248d07718eca0cc066e2742c0f2e620216e

SHA256
1426cdb1bc4b39de325a516c5e91a7bb1c713d9417096a6a20ae032087a07b95

SHA512
737292f50e2e3ba7ae81f8e30235e481e18323aa326cf46488cb29c5dfb97941c08d7b8cce4844047cfd3c72a0a4f3629bfdad7457d4142a230c72a00d8976c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
59KB

MD5
1d5f57b36984d3bc13513937212f7c85

SHA1
6962d480bc6216080b90505c9f25c8a3ed4c8df0

SHA256
7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30

SHA512
dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
19KB

MD5
e7789186ec22ea8caf2d9978b893baea

SHA1
ed0f94668dd8e43e8bc4f3c2e50654ec3029255b

SHA256
4ff5155985f6257327889a66f2974aba80fa396dd9d6245bf5cc92fe48343eaa

SHA512
d1c798badfa37be51ad621d7b2b34bffc041dbbeb38631f00765310689fca14e1a37831b209ac7332d537d4ce8893ec02ea2990de255400d843f4402564ef93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
31KB

MD5
65e6bc434f5f0d1d5e5ea838d6d6dfcb

SHA1
1be2002e8c888a5a701b546a998decbe38729afc

SHA256
273defa49b72dcd9971595acc8c68d0e2a646e201f9b1c75866ec230c2933e0e

SHA512
4876ac1dc5ddced01c9482d6a83a695ef906de62fd28e560cad42ce133399b0aa6cdde958a4c737d9608d1047d08267b6858bdf64c4c154c3e5a9cbe5fdf92c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
95KB

MD5
34e89c956182d17333c955c0c99f450b

SHA1
fbf3f070180472e021f02fb68b1875dba293ef0f

SHA256
571ef87b9fa22e7a4376eda16e8fa0064c4a2d4049f2670456234caa68b7f1a7

SHA512
437566fdd47996540f941d2f0bcdeb57e25b670aea9ed615a889156f18c7e600a122f78623382c5065a3ec50eda0e6c6b3f8117764696fef17dd2b12c4145cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
104KB

MD5
7651b1187bb58ac4c7be625337b35e5b

SHA1
307d969ef4137a66fe2793737dc1c546587c7f43

SHA256
0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968

SHA512
a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
133KB

MD5
3d51ff7b7b433c18ea605a2d2b8c4953

SHA1
3a1301a1f525e1c8f247de6a5e6b6a2aaea7b954

SHA256
88b25de5a95a64023244bd200b80cf73e1b74701684fae59456736cfc7ba3d97

SHA512
164e4d4316bbd386a615727c85b9df2ee7a724aed6195b59b47de5aacb1f3a01bc213cfd95092e8955d55689a7e88cfab1f847f032b82710d63cb0d0083455ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
20KB

MD5
efbe7b6d187dea0d7f803276c6bcf37c

SHA1
de5905dea9fdb2ba98cace82fe80eaf4385f233f

SHA256
a04d2b858190dccad1f3bf431b96d150a10a87d0e436249347f9ebe8721a85a9

SHA512
3f627e3b4b59fc9b2f8a787b2095e71c0fbfbc43c61c60b19eae084186bef531b05043d65a47d60daf60bcf805078870335585df388eb631bb6d983fdafdaf0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
144KB

MD5
06f6cadeb72f21fea2b6baafa80a7d3f

SHA1
6e702f40092ff9bb667015a5afa8d202c64fa107

SHA256
3930cb4778d56b24816847402cae4926ee8cd9a4a413d7113960f10f9731266c

SHA512
b68d09fcd7fbbac65983a0709fb570973837552c3e2579a2c1fb3ab3f2bcf4d58a60912a13a686806ddbd0dcea989905c547c3771f0efd239b0143f95e3df489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
47KB

MD5
778d84405eac4446f2918497488baa88

SHA1
458998edbbe7ad2d2a26a440d445016cbcbcd8c4

SHA256
eac75a569538aacdaa808a05cb10fd1dafd1c09a7b0fcb37c1cc6e43f8f6f691

SHA512
639989eb08e9e7909fcc7dee9d15035ff1016e7665725a8ac6f10bc3cabb213ecf9e7ad0e19317adbe9ec0c15bfdde5e587ce0ad972ba2ae67e8c5dab00bdd1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
76KB

MD5
a99376dc155a964465c548b30fe10cf6

SHA1
f6eb6d0ca97e822ea9fa177d8f73faa1e5ae256e

SHA256
d5c781780b0450040e1853b766bc70fba1914f710525f1c7677fe4b5dce438de

SHA512
d5f1a44c947ffe3e802cf56d87192a23046d0b176079378da51b5576facdab1e830c07fe526ee24cde078574ee6cafdec6729c541f70761e86730f89ebe103a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
88KB

MD5
be1b1da91c160c38b423ef2406da6a86

SHA1
1242600ef264a5067461348b339208d8d9c3bd9a

SHA256
29e6f055c969ef9a936aea6cdabdeae6c0776511901f6164c31c7b10e8a1679f

SHA512
44f1c088b95888b0f07bfcf795ccb02695f23ebd9f83ef6d184359cb8b89b6a038cbcc192121a35272e3ba9d21df8145f47b3e4b9ad06b16870275f1d462546a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
18KB

MD5
b7a2ad9645afa7b6047557956d9540e2

SHA1
afe9d2f2c53149890784506e97057536dc39bd8f

SHA256
127539d026f851bef3cb66520c714050802898d52a93504114b74da81e197454

SHA512
612416421dffab66c38e80bb3b26884384e5029f906f1d7ef8b3f9a38948b52dc3c0e31dcd9a704f76416c8b8119addc1783d0bb229b229dcf539f0361c05a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
81KB

MD5
158531ffccd5cfd51af7ac4b53f0e6d3

SHA1
3f4ad6f196298e9a75c8c70d87f29eaa92a4e526

SHA256
75f56735781afc557aee3e417b08dbc5bbe1e2ca0272d0ccf6108bc75b362cb1

SHA512
682a28d79e9c91e9f1d06807545adcb3fefa87f62112ed9928eb64dcaf42eff6d5a7b3cf2b6b3975da3979b2a2d0d1895d34d815f3c3f0c94d099c8776e4b087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
81KB

MD5
e9cf8bb3c6409a0a8d38f1d19505bad1

SHA1
3ebf7ca6ca6bbeeed692abbec606c15b24c5999b

SHA256
2e4109fec9e1c61ae7d713fe6eccd68b6341e39571683cf5e0ec097c533cba68

SHA512
d71fd28cc38bc2bec8e7be9b4d2672893ba52dd62666cea5f66c38b04cbe87b459214eb5e95adf1d4d3fa4f410153430916a31c7bd53395e6ebb1c4e83135f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
63KB

MD5
a91c8acf084daefe905c538075d9e3ff

SHA1
398a0d67e3e87fb1f01a644a5b9820ab5d5d69b6

SHA256
9901aba2e46fcf181f9b641590df7bba839243151e8747c1e6798703798bf4af

SHA512
2c0aaa2bd478af9cd3424bb483260dfe174f1c02ee1638565c6dfe43f7181e12e0788dfcd19316c6a884dbb02144ffb35fb886caedcf29f8a2c65ba70079fc0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
56KB

MD5
9cc74dab45e360d90c7f3f189e18b9a8

SHA1
aca1940329422b99516d4b48a30700c8cdc2d042

SHA256
fa9471b70365a74dfa7d7ba7fa80ca30dd332c9e6fdb91726e005680d10acb3c

SHA512
6216a5236c4ac47aa3ebafb4e8ba04930f96b4ea5934a30771b197dde0f4225c08372e8394fd93b6ace14ba6867345cef41930806cdb49e56ef9fc8571d77eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
174c720a2670a3a28a7cc3a659a1c2d3

SHA1
e0d526c772636fd780dc45548e00d0627bcdada7

SHA256
c2a4a7ce7bec016e1621faf2bbcf06241e1414b97b5c0701c07043548f081fc7

SHA512
080244e1cd3acbe5fcceb841b1637ead558780b56f5d69a708a4d03f50e59050f823630a0533662daed66a2fb3516e20be8038639208075228dbac4cf30c1bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
276B

MD5
ae1c2c32bb3649cf1c62b5f545b04995

SHA1
1b6543a26fddb2910926ac651a155bdb19ce93ec

SHA256
c0620d8c5abac870a9d6002d336c67e192deb6abcb9345c6b944ff64667d0d0e

SHA512
83d06c29562bc102d4cd9d679f0a65a0fffa07c3ae27f6dec135c94a621e7a49cf9178cf30747ba403a39ebab2c1a338c6c6adecb0e384e49a212f316d95c44e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\698f0cb5e696c620_0

Filesize
26KB

MD5
e99ce0d5a43d2e8e8cbe26b3eafe8b6a

SHA1
e5522c302cc592e106057ebd795468983c9c377b

SHA256
8c39f22f6fa0f6b18440d03d25bd4efae4d61a9c36d64f398f490d87a980f69a

SHA512
63810bc8ba495685086cdfee85fb94beaf24c5c1e0e601325c830fb687423cd7510f7638af4262d0595513a378c8d02651bd898add002212836a84d89a129228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8746b52685e30f7c_0

Filesize
33KB

MD5
451e05ff8e3d202ab3e501e565003161

SHA1
0ab992c88ae857d47e0045564cdc73fc8092cecd

SHA256
4d6c30694b08d8dabc60d9cc759a15c3c71bcc46629c6a8cfe4e1e7be37c16fc

SHA512
b156fdf9175ee8ea1cb7123473977f10f674cb417eb5053075fd31404393d8fb7651a9915b458d83f10f37db60176706f64aca51bffed504febbb816af29eabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8a7e9fb17dfff003_0

Filesize
298B

MD5
bbd24c1afc8dc2113efa89aeda7ae240

SHA1
0750f35169c0368a947d6162ef9b948914a83a56

SHA256
df42a83fe1c3624d8d021d2ded94dc255fb36696c54cd9259f7d45af6a846a52

SHA512
1424b33249cb7fb83d34dce5b2d2ba90539b20c18503863897e1294a80063e808fdebffb59f9467dc93f77eaa7ad3aaef709b7a8c0a831ceb2c20005b77875ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ad65f8cc700f771e_0

Filesize
3KB

MD5
4a107f27c2be8aa21002cca6505b1f76

SHA1
295c668cda29d4f4ceb9c756aad869a65fb1741d

SHA256
b2e95676ebf68b72342d4345c9e745f49d1cccdcdbe2602a84104120e783d93c

SHA512
4a1bf040dd3dac88544822e66a5968653f1480da1beb41823d684523523e58724aa1a546ba863bdf2d76e866ca7e90a63fa3189d4e165c5eab6390b578990be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b790255023c92137_0

Filesize
376KB

MD5
23d18a53df388ad77914a87249aec191

SHA1
184fefd5d83b153487ce3a760f365518556d4489

SHA256
b8038ef06ea10d1f162e21a0acfa414ceba2163200fbcd6e21584dc9c65975a7

SHA512
07392e0856fcf4e5111bb7fa928f336f1c976fda66ea54963a948cc336108f673abe1e55fa1c9976c3691023337aa26ecd47e3c0cd239cc0e3f0e9140cda0728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d1eed51fd30a293c_0

Filesize
289B

MD5
daca4e6c73b97551dc68932a55dbd035

SHA1
e11d6f9ffd8f2c6b3e2fb7f1a7aa9671e97b1f73

SHA256
b799b8c3efa08bd69f5a30a158e6f0668ebfb26c4c8eeec576de453f1c67b4b4

SHA512
bc403d329affacf91ab32e3736621786247c80513e6924e1c8a9945a86165ec959788355c550181d8d51f3e25748b0292f7a3ff7424ea704335a54bfeec9f1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e5650ecfd826a958_0

Filesize
33KB

MD5
3cbec2c641956b49dfd370d65e553c2a

SHA1
f243f5b55efa6b6dcb496c564673b09d29e7bcf4

SHA256
6b1a8d644d018decebeac808da67939fd4895dc33a39507cf58c46ca9ccc7520

SHA512
16074b412a12b5aa7103035e7ce77da45325e248b9901b8f4d62f806849c7b951d985e4b9ebc603523a03b5fa09fb024c73a86e7529ed9b95881932d9b737c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3b3da3992ccfa358b737c910ed996a5f

SHA1
f831e36d78567ff7843080b5004b30dc18ef055d

SHA256
6286cb65d0d284900d641ff66f0ac10f72e71a3ad3f70a5d3369ca919ecabe1f

SHA512
f7615e79cec029497dceb857b17277b805cc54c481983fbbc05cf426abd7c25bd7162efc5a45bb0edbe3728169dde073f2b57753bf18326bc7db02d6c58a97e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f839afb183a0898ff42744a8401429e0

SHA1
7bd8764963ca4266bea726b11fea240ccd618de1

SHA256
91f4637dfa66d2a2a42870a0a7b136273ce8e8679143fbae1b6cdee677b62b2e

SHA512
4f18b4be4973b1aedce84b466dd03bf32db8b8fc40abb170bcfbd3b546f22d4d207c4b7d0b75ff1f200ef1775525cd34bb04fd5a0d507cbdaabf79067b7fda41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d8c6ed96a90353a07c09e27373e816e5

SHA1
1678bd7531c46f944471dc81e7c9ad182bce361d

SHA256
60ea2a47bfd61e632f3e926f3dcc7a1c21a362cb8231f3b8745c1ac372879fcb

SHA512
69b861f343a58027e05707f3b11006e45563b56a1fe9a9fb5fcb777b5444857b520d0eacebda3fa7a315c90ed1dee25e58d7208687c7a15a874251c72bc7212d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e7d60944bebcc7121ad0995d942a8ddd

SHA1
9aca788918bdc731e34bf1df8946420eb6d45b6b

SHA256
7754cb634bca8a227be3cc64dd05ae7b6106d101a65dbead0e64a718abeef617

SHA512
1f91b0d4589c4c3e003c875ab54493ee26e3c906ac47ec3f2a7b51e01cd655c387e67b2fa1c055eee445d322e34e5eaaaba690e2788ac546f47e1edbd34db781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
64f774537e40d5c70f100e455f512adc

SHA1
41b3e52cb8723493c492c185099c732f97713042

SHA256
2af7d4886e0f80cfc439f0d758be2beb9e32f376c49399121058225d045001e1

SHA512
7c0a298babcfd0a414332d87b5d4274a996f32f3fbb33163f1734e8e1f9ac51a3035d4d0e13bcca25da35422b2934a5fb1cbea7043ad66826c9868b3689bf094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
8381af775ba21e03c826c37188e561d4

SHA1
ade705fa3ac0cf953ac955f2747afdb8a971760a

SHA256
020ab9a765a59829beda0f7c5fc29ab8c4c8aee177094889a356398877994516

SHA512
3ca77055d7ea18ee6791ed4988051aa59d347cf355424c693ebbfb76671cec003ac72b99b1a73205613eb3688837f3d3dbb6c11368af71522049680d7b0fe026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a70c133460b7553ad3652ed6855982b6

SHA1
8234f93658da7aeb02ee8dc8edefd298b80589dd

SHA256
d3a79039149c56f7b588399c395e7235847cecf5b661b59d060d3053e1a72853

SHA512
2954c0826a8fb8f12e23a3e612722277b5f568da8ec25dadf9bfa7d13f47ad91a8a5a8a1b67021eafa15bd672ddf8b331c15b4226e9c2088116d5c1f213d07a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
3b441e27fa520febb9bcac882ab9abd7

SHA1
06f16c30181cb5e7ac2f629868bf3fd9725290a1

SHA256
24939fa81267df2af976ea9cdcfdaf4254b44c50d70467ac5a53e91d2a8ae89d

SHA512
e1bf3b3bb8a73c79e07f8c0e29ced2aa016f21df7970002ccd377023c37171c4f030eea95423ed48b159de344c10204a983268f3735fb4e2092292c5d8d39191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
830b2c32c243804bbb61411830372d22

SHA1
708cf4fce5c64f8b5fa364dac8d8c8b5dabde70c

SHA256
41f77f64c3867042864dc79d71ef31ca465c94dc477eb93787a81e71a48fb386

SHA512
516dd1f0ae1f7ac04b7c949103a7a95a9eed6a8ef9d4ce1f54e94a74462eee26462715c3ef88290e8b595aa09cdc7fe0f96ffc01f8468f51635588e5ed1855f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
57a3679fbae5ac3d8e57c2adcb275024

SHA1
580b8173de6ab48f78bef1946659381627fe3148

SHA256
7335bd726ddf988c3bbaca35eb0137ae818ef4fd7261142fcaf04dab6744f97c

SHA512
c5a924adb1fbb5e687566faa03d3acf1992bfe490f6a0286eddba63dd5e9d3cb26c6168b0280c440ba9d51999e840ce82da49c7adda5d77c9699d3f57286b170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
9b72436d26176fc226cf3f6454fdd5d1

SHA1
77f1b897ff3ec601cb67040060e11c3fa98213e1

SHA256
95017b8ad470ce9815731f9ca5eea28224102935a8f24d5abfb46d4cf120401b

SHA512
e89d5da5e78be2d3978ade769f7aaf49a21f88fa27c651837d1e6bb2d4a0a3960a5a365ef82f9f6db3a8c5e859c32bf97cd64f99fa765d31314c3e8e8c3337a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
22234ac8a8b48b068d4ac04bc081a02e

SHA1
ae102d1282a4824ed09c621c301033e243b7d077

SHA256
72e1c08dc5b480f4e993252a57e9b2773c3cdb3aad82ff7eba8e85c3fe93c978

SHA512
e46c1068fa03da1bebd9a0d54126db74923065ac96857b12e2868b39b5ed5ec20db0aaa6940b6c3fe84d9dd6c94e3b59d6edb0f8ce6245e93cd6bf91f974c414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
8f455a20afb5be6adbab278e9cc77f88

SHA1
64bccb20dd0677fd39c4f92090a5bdd0251b2880

SHA256
87d66011a1aff7eedd9c31ab8ae6d7efc4ac4fe9ad7d2f4ab72e9d859973996d

SHA512
888d7dc1d25eb0e145c4f64d97c015ff3565ad9d92f348b7ab29472c834350bed6d25407945d10977f145ee8c0ca7756f83b741880a0307b3fec4d63dc37f2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
b92bb632c4f909969f783da3294c072c

SHA1
2634bce552af7865bd5e6f1fbb9e9895416a7305

SHA256
41dd797abcbfba2d2c0a5fcd0547988464da027181e14f75f909fb0ea1c1a9dd

SHA512
8fcdf037918f02338c63c8c7f919b341eec0abbaa7698c44ac4941c72c311d9bb84e11ac75c3d8255f5d882598e64e30a5bad8bffb2a08399de9b81f851473cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
de478a28da1fd0b3e856b25eeced6135

SHA1
2ac2a65aac267862a87764c3e60e32357c661eeb

SHA256
6a4eebc8a429a58e2d23bb4d3c22ffef8cd722d0d766b6c52e902f16ebcf5004

SHA512
5d5a10e9a0fdb94791430829f26dcf624b3352eb67620671cfce81a581ece16ffb58a5f4dabfae0b48ba2a0e67d9f8f6ff51b8aeabc7b9b0fb3e6a58e9ffe200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
da8875181360b69d8bd3c878c80ae247

SHA1
80169ef0ecc60b5550ec88e3e81e2d92dfe1e491

SHA256
90f12f4d3f8bc8e1fc5a69885fbf5271f1ee56e49b0f8f5f5c833b536bd31a4b

SHA512
92d9c12f5e6ee183dfd3168bd4384eec51b5f590e700c08cc1b07523d5145de54c05ed80c2003312861e24aa56a5417b70f39888fcdecdf6af95f732330ea13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
447cd5b98ea34450858aa336526fb05c

SHA1
38aff74b665d5d9d60337d68554c9d95ebdbd05b

SHA256
916e9fbcc7620b59b9015fc2fc379486359a0f0949a1ef2bc8849ae8de505081

SHA512
1c484dc78a17d768853eebd9500b1e4ea45771bad524044590553ecc653709dac9907e415bfc9469b2109a4cb373e06264645a6eb061249fcb5daf831e52ee78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
ebfb634adf80a1f353fc5f4c90bfd9b8

SHA1
ba0e6aeee0dc70f5acdc2c87fb14a8794fd198f1

SHA256
4519888965da51858be5d4ee08f22092993d821563257855f2b10994d3adeac2

SHA512
93cd78cf3da96604e0c8c67e856aa168041a874be631cd8e7a6ba59c3f45400d4313a906cab79f189321196aefa663e5f9c8124f64c39ed95b13c0441bd0710a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
1e370695fbfa90e89e9ec0067ad0a2ba

SHA1
f9ac545fae595a925dfe00096ef3898e5a410dfe

SHA256
b73e80a256e27bb74d3b984dd5f13b87d176932595959fc15a6dada2c87984b0

SHA512
41a5aa01b1ff8bf8d909c1b794f6694192be20c8dd97118a187e15c6d762246e66f43bfc8c9188d3654c7d1820fb333a2f8ebc24331c241d593c7d4b2ef49c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8abfd1bcc5bfc9d972b8a58a12ebb32

SHA1
93fb3557361439f09919acf22b9624c89fe87daf

SHA256
1d07b081d203ffffe59b08086b690b162b133f26bb20027ab02b44705b8aa08d

SHA512
d9e4383b8c2a670c2a1a416d3dcafc56ed18ea4d34f3044d08afe0f259deaa981a112b03e8f6bf34f56546180022ed00e3422e44b647d7e3f9ec2b5984fa0b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a662ec257847ccc5de375611adfd015f

SHA1
2064c78a9d113edf43223d339a39fea51effa29b

SHA256
a32b9e8286ab000fb4aa3dee44596e953f93ba319147ea969f1cde7a8930f105

SHA512
1ba22837485279690d525d621043144b2d97c52db82fda5b002b5900ffd76e841f720fc52da66e92ac35dc2892b24afeef98292ad750ac299a53194bb42ee223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2e960d0f7d9d487f19a7d6d35a8c5308

SHA1
47a9fda8f49b6ccf857bbad2aa4e34601a0df2a4

SHA256
b09bcf64e8a5ff3e75d5552d04cf9927647f40611d37e7bc53789a4dc9896d18

SHA512
5cf8cadbeafc836294eb0f1e3ab56f985f95b67a5c390cc6bcebd38878331f2b0d0155088e0de5d83767c57b1bc81ad54879c1551f26acca09b5ac5a6820910b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
cbcc436c19d6baffd55e96493bbaeff4

SHA1
6dc1c4260a34e07cc7b785100d8249fbba305210

SHA256
520cb359c6d93afaa8a47a16aa67018ee08da0bf2add9eb5abf51ef1a6d1e61b

SHA512
947abdd1f241e290e4126d8957cf5321d885593f0b99f5037f91507993c7258cdb58ccb04e81c243b336a3406e28ccd8a2b8ead8e1741af23d212ae80ff37fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
cfd6d514bd4592f56f3d9cdc973c5ce6

SHA1
c61578d9c608e50bb0bf532e729e27dbb86b0567

SHA256
c259f24dfbde11b4963e021e423d9ba627207171a2af2f62a45f541c2376cd1f

SHA512
7e91d63bef9815ea6ebb63ec9cdb795eda711de319edab9f34339a8ce72dad5f4f62bed011f56d3498a487f3ac944450873fa1bf11d7af59edcc4217fb83e82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a8e89e4b-3d03-45ac-878b-d813c8b975ee.tmp

Filesize
8KB

MD5
3ed327f5e67cfb91accc76e1cecbbfbd

SHA1
dde34d75038421b13075a0ae55932f274f3ff988

SHA256
406ec8f93442d9adb214e80738031565c0fb4b20af2847f81f92208f94a76b32

SHA512
d90b7b73c5ef084c6a2c66de6e6d189a98978cc42f75f7f03570ed91633db5a5276fe5bac0d99d3ac25d1391d8a3a472774e1d2034dc50d8b570bf1fe6a4211a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d9c61808ef1e26f3f1421737a694eb78

SHA1
f04315a0b3f16a8d4c8c455591fd17134a453cf8

SHA256
085479022a6d38cd2771208f8ff525b4cd5b009d8644b4fc8d7dce5e3672a7e5

SHA512
b753336ec961275dee65a43f36f37a428a536caf869dd8db9f887de52ca50425d20a3460cb58b79f5c813aa5a1dff9457e818698aef661083e72e566de432dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f81b87b14cf1e25f0784466bba1d9df2

SHA1
270e760ff22594bccb00253b9466988cdd1f6c11

SHA256
83b48cda3875065348bb814a5443c8b8dd89dee3161e16541c682a300215e494

SHA512
00f6ff262baa34aef1b50be027a9210221021f6856d36e685f4955dd8c91701fc6e35df6fd33dafe2918a94ed1e01a9bf5080d20c0f5af9048963efb1313be4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a478735d19b10184e8650ff223294fd

SHA1
61849067a9c33fbf831d09bf9168162e2ea5ed3c

SHA256
78260d80f6308332d367babf0777160b58d3b097d6e8494c5b814faa57114ad4

SHA512
ec75d34915d0149a2372b3bec7b5cf3b4c1e4c4d9180773382b6f9bd150c445d46389043caf59538653fd2b1c95d65cc6d9635e88de01078cebce77b99cf48a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2130eec255521d0d812449ef29bafa6c

SHA1
f0e79463c79fd739e7ca9a55b350a45c91a1f55b

SHA256
b34814969bac15efc7a2e2ef61b314cb4c38230cbea7d6e985ce3622a11e42a2

SHA512
75c0a753991b92f83663d789e87f980e3c61882768fe41a8cebfaa2294f1b9f8a1946b36031c795439bde4fad84f5120c0a7f306cc27acc43ba357f668b67555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07c0c926bbb50cbf3bb7827587359bc2

SHA1
3b7e57ad494b7dc09b2e3e24c04392cef7bf8526

SHA256
4e87cc997dbd6a608cf7146d446d610b68609d7919c9aec6a0394697ca194bbb

SHA512
8f51c1c427d1934dba4243a0597dd64d3794edddfdb1d04f7076a1a9fe70825c0bbc87e45a613fec7e9347388177170f1481e7874071026b3aef9c11aa40d635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c2e442aa8c52b27c636ddc168c933bc

SHA1
2c7704c022ebfbc9aeef9c8acceefbaed0aeec50

SHA256
05a43956583d4dc3c4e877dc983309c88fff13430213af9dd1ed7b2944a23f13

SHA512
62a5b78dda5a1b972bad5b8c7dd51f7a55fd53f8ce24728c24616e5dd7c37afb9d149e682a8c137203d12215a37392db6040aef055c5012e1846e6c38807002e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6c460fcdf097df25e2e186d1cc1f218c

SHA1
36433c4ba972d7cec385c6438c5e8ec88ccd9303

SHA256
ab39abeb13217efefada8869c89bc35590c7bc04b1e05cad2b90927053db0e79

SHA512
8b54ab7b13036ec96348e79c34f6e5f5248c85d4f6606a234567231d3b950fadb54639d377b42b6b666eac989e8db9c9cc5e8768c394f34b2d5c13f3fa847d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8b70cb0416cf5d4e6be45e1d0bccb561

SHA1
b9eadf2272ed17ba6ba14b3a9a5792ea82a8caf0

SHA256
f2847746a2fcedcb502d293fddd433763ff5fae1bf135a149429d52d9772efb9

SHA512
c3b4dcd563bd89c146f53cae6e4695271dbb010ccb14e5c4e9ba4c76ce83d0fc4a570719d3f9090760f367ef80fd8d47a922443573e745307a13adeec5d29fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2c51ad617efaee868d9c8fdd78d4ffee

SHA1
95ffbbe236c6e9a21f1b0608b5ef060ab69adcdb

SHA256
b64ff128a31a14badf462d5f3a017940d220cd19b99342d5a87cd811077d3a48

SHA512
e28cd538c25c0692b245a990ba439550e96bc5a8e1d8fbad8dfab629dad8b7dea143464b6352e741ee7e1e593b19015f9f42f12fe04f7e44151f345fc2b1dbc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f842c625be0506cbdcd2d9a89c059bf9

SHA1
7023e6b6a938b093a69f97af20f20764c4bdbc07

SHA256
e90926cffc174d0dd15ed588e653f46a79dd0f11bd5db618355309f798ff6655

SHA512
39adc2b34054f1900f3f28f6e52ff072e3d1878bfadef43a2b187ceab5e6a99b6d32b4ba2782bddc34418e2afa9c837fcac717262061b7a6c56c2dc3d6e29007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
10e44f3fadf2c6fadf5dee4a9e50a560

SHA1
1379b0eb1fb96067e90c41a0fd626f7944168f8c

SHA256
16cb93a246f812e13176d1299854abf7e72321fd685009f24a01d4a8ff624204

SHA512
4d14788f55a762a29704acb617a12594a876a7f6261f199653dbc853a0be36a6aa48d520f4eef134d6b9bfdc026ed95100edc8bb8124b3b9ab76686b17a699e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
41fb4a6a675e107a4dde8957213c1e3a

SHA1
bb5158e71da259c157f4669ae6d47ca270d2188e

SHA256
389fa2cc2e5982c4be07695305cca3f8b263a2111e2a4a97c26fc44576507808

SHA512
82a160b4622a24b8fd2f2c589a487cd596bfaa3b35c7233745b8cd92a94379b62d076c56248f76fea2200598c791471ea0bcd018ebc43575d1c60db43fcaf090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9376cfc198700a314f26741a456c359c

SHA1
3bd117806a3cb9ee239375fc23ffe130fe68c954

SHA256
c76af049a1f0b4a7b887fedaf9928321410b8987592afb585188cd6677427bb3

SHA512
7e151f9fc41e6de11f44ab504d4ac365e3e5eb1ab00f2fdeb59831eb3ca024ebc96408a174f804ad18b35e541565e1b29af840cc2ad0b8067940a0fbd31bc964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0f2bafd85a6da22d1e38ba348fb03a2b

SHA1
bd40b0567a364111f229bd96d72fd65ec00e50f9

SHA256
ad2ce6d02342e614077105242e621a7bed8b37d26b6cf1bb268ee48f77130f32

SHA512
c1896e8c46ea2fcd5b6d78ba08c952a59d94df566fb6d606ee4e3848545904a3a5a5f9198e05cff58ddbaa8edcb91c3b82974606b3a0bdfce1e266098ce60a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
aa1827288467df8604b4b94af36d680e

SHA1
704733bca8ddabda8db0f9594055846aefe572ac

SHA256
9f92d7a0a85b4dae3a04400015bfe25e57ff9eed28f37fc352f3fbefca15149b

SHA512
e6a1a6f860f31f7faea3466c72d3ead6683e9894c5ced45aa89bcf77777086cc266b24760a6715a296b0e0af21ba5a910fd94e1605b90b0fe190a4d6a521c962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
450b34444fb83039f3aa608099a8e0a1

SHA1
18d99c85ee4be5be852fdb012dc88f0831352cca

SHA256
57db7a09f11628e3c99612e76f7eaf03a43087fb5048fbcd8002ee9da6117412

SHA512
1cb79f230ceb895df375626b0503b56a5ea863c60f0f1e3a2b2df7674cd36cf1c4d5c7de6b1e54fc7849739ebff4ac8e059624bc0d4a0ce7f2d781d78aa18429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
7a623fa68a1734e1208b17fa8bf7a30d

SHA1
898700de677136b4ae595a30a28aab25b393e22d

SHA256
8d0963435e5e3a8af523bb1f37d7ee9d693090c76a12f3fb6213c7dcfcd233f6

SHA512
9bbb4af5deb8a6a155f4fffaee0c7aff60f6f268b6dd8b872ba1ba5042d6ecabf045a7b8a8c407a9e86e20d23c797499ec43ad13d11f01310656cbc736adb418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
ae43d41c6f67c4f6370522c00e5c5469

SHA1
e32bfbb998fd8ec4176fd326f830b4d0d04f0bd5

SHA256
58c80aa30c2e237ae98569e3c95e562b71e50efe0f68f529abc159ae6ce59799

SHA512
0d9a774f3dd9bf5014a47855ad1f770659845cd4a427d56709663445a4db407a4a3a058ecb7a5637d60c4a3a91cf13aca29bc73a22c6394e2a6b45338c6baa4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
85fcb3b32db590fed5247aae31b4b852

SHA1
c43ca568ec2d6aff2e4288715eb59d8f13c541ed

SHA256
faa8396e57705bf97aa9f06d5610c5bc4d0a1d14913848b76bd06a89f8befb51

SHA512
60612f87314f6e5b27c4af3a014c75d3542e88333bd6553aee28cdf6f7c63f5e63830cc145c1d6cce45992def5f8bb6b1663330cc67e080efca5d85412cfa605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
76735b6fba1461b95903f4693ee82ef1

SHA1
517c1163a4f8e06a0364ab32e34716619707b4f3

SHA256
9b6f00f8a374bb9ae41550a9404fdc8d33d03a20a7e9f52f5794250e9f70486a

SHA512
fc65a0b9b44f5deabca07be129924876f361f73df6a379a93a2db1645a2790ec29868842197257dd82abe237838234098c5cbc62ab9d4a33cfcbc3b6e014ceed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
397b4ac33055666afa3dc9e7bf83f26f

SHA1
3ca5100a8f98862c59cdb5109146e30ace2ccf0e

SHA256
65dc5500c8ce3a54570ad328cb584ed6a06f46f0ce73f93102d4ec51e36b3848

SHA512
a57a74bc6863d9625f3516483f4e3d45e06fcda956db37f8a41a77f2b7a95976907c501af6330e207de5397429816b421c98407dfecaaad8c99c7973e4470886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
8fb1a28ccfaa45b4532cea9a60db51c9

SHA1
22faedc3c20bf35e8e8f1ddf706e40dfb565983a

SHA256
44406838db1adc2b75e593f45abace15ef1c1fa185d3e63be0ce338e29b35313

SHA512
b2b83d5c440260ef017ab775aef59ac3c537d9923f474d6dfae511e88faaa13cb9bb8c2562d742a496bdba681b9a4725182a49cdad59549beb66b27e7a6f8c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5f579f.TMP

Filesize
101KB

MD5
81c250a1cb832325177ffb96c539a5e2

SHA1
a3e7b6087d0485e849be9faf280c97f20f236a65

SHA256
aa2c70e3d59cb40c7cdf6d969f970b18933da7231e0e20bc3f5e7a7ad62500bd

SHA512
319c639384bcf33b5230b8c0bbaeee318370ac7998e196a3fbd34cb042d755094f9f6df8781c1fc0030443cad0162f9456808df9eb360d0619f162acbcf8249a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c9a215cb-f359-485e-81e4-379815acec71.tmp

Filesize
282KB

MD5
95c7bd3bd96acc940b70d781f380207c

SHA1
6609efba8574b90bcd21e5bb15585e01e40a55b0

SHA256
2ece58e8cedb02a25a114fe46d57aac9b0b6b09059eb0b2abc4ccf756cf26522

SHA512
d105dfdafcd08902c6417e39901f9d29b82f6324eab85cb1ce6b2ceb14798fcdaf9e2fc60f9ca885ad9d6781f6b7d29a8e28abe2ddab36ad5602163b9a800460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 676262.crdownload

Filesize
3.2MB

MD5
4403cb3b8b299528d40a2555d8395beb

SHA1
52971b252d0e259808f158872db478eef4ed94e4

SHA256
cad92559e7848f000ca084aa6e5434a2eafedd2bc2e5ff06a13b724bfd447359

SHA512
a1bd42758a68499dbce08cf99d6da6cd526914032a8129869da40c28f6daa4006b26b24047d40d0e4e11e325c97cef603172d5029bfda4756d5b94f0454fdb18

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\25e58a22-f710-4a4c-bdf5-10f3415eace2.tmp

Filesize
1KB

MD5
ff2ffb5e3bda4e8e1b52cae4b83ac24e

SHA1
03619e815311e896f97fb86ad7540148036d329f

SHA256
fce523825c498d7aa5e590a63575041ec5f6d37d3474fa59e4e2912faeb7c562

SHA512
28a057faba0d2a3e012983c490fe3462574ad36bb6f95fab192659533a06585d9ec10311ed6207f12f12c2342f9789c84eafbfb1ade9962960c7b525e6ae5542

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\29760901-f14e-4dc2-a393-cc82d59a0f9a.tmp

Filesize
106B

MD5
2a87f92eda9bfd27a6f30e3f34e0bdc8

SHA1
3834ff460e239fbd5f123e82a6f4282e3db4acba

SHA256
72a9e1d41b797d97a1fc40edd77809633f1df4e07957ea7c0dfc2dfa31391548

SHA512
057fa646545eda44d3fc53d4c757eb1d213c19f2627b826f6f79ea971a19ddf0c65a831ab19229fc09585c6d78b81359b2d268e87c006b5a2caf9e71015e5d61

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\29e79278-5606-435c-8bd5-9120182c28c3.tmp

Filesize
1KB

MD5
ab59c0ac9c07bb207bd9ddec6307a9cc

SHA1
07aa501e73effb1527a0d3359da029ef62068d90

SHA256
94116929b7f124b1dd3e2072dacac624bb4438230dba72b2c1252839bd4dad55

SHA512
07338e135b3d6d00c344438e70b6560dd250f6c7d5fcb7d6e5e22c1b4087f30aa058df03642d103235a26cd1db451878eed4261a77f4a29b6c691809c929e29b

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\475bef49-ac01-4039-8479-a7f2eb733ef0.tmp

Filesize
1KB

MD5
b4241dcda2ce4372b6ec86131a54fa3c

SHA1
4c643f7291481409be9b44f5b7baba9a3f28f69b

SHA256
6e31d5ef82bf170f745c0e7ba743fe6d659c8686704fca7837f54a7baf1763d6

SHA512
ab0b9cd5e70cbd5a0e3e711c750a014704c7e47d9bac2f43026ec2e4e1223e1c327cb63bdffd51c692f0869da28c1a3ce4e87ea8d9d7663a85544cd079b5f3cc

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\5eac9130-e975-4c4f-9752-ae95a4df5618.tmp

Filesize
1KB

MD5
091d5f2d06d1dbd34865ded35ab095d1

SHA1
fb3ff613a2151b330ceed0a90a6ba986d2622c8e

SHA256
d3658c781046e2af62d8bc597ebbb29eb33084d571036294106bc0b474223b5a

SHA512
08b096e739fc0367f808412359be973a8d5445f3ddd5a6010b31d0a5edbc33bc94f6bd25101753ee58ea8e7436bc0ab0000eb290c44b7031414f1121d987222f

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\64499bed-8639-4fc4-a5c4-afdcfc50bace.tmp

Filesize
1KB

MD5
bbc5946e4cbf040691601624aedf53ac

SHA1
afb9499238c6a94cddbc283d2462077a4ea4b914

SHA256
049895b63de2224b07af285ff92ab57018a813dbdea13e5bbc97afc425849f38

SHA512
f1b727a22dd486a53871343fe826009bd3287842a5a51070e574ba718befcc5fe6158278d41c94aa7734def91e7fe9563a1953730cf2a96083f46fdbbc20d9a6

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\8fc8307d-5085-441d-9eb7-e8d8ed68ffa1.tmp

Filesize
1KB

MD5
e3ada1941ccd2dd4db3b38b4a82822bc

SHA1
16416121017b2f0aab0752ce34ab9cc8678cbacb

SHA256
db56410254e831d20cd53c6bdcb030a9cd15c3ddc825e2023aadd83d5cb06a32

SHA512
6460afa4ddf1aea9e8215836f752b34a1fbe6e3234e6ea5a75e6eea7619ee72fbe980a0c55aae40313081d91ec3395ef9e04b2597e00018ffd6f39fb4d00449f

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\9168936c-9717-4ee2-8e42-cb6e1b5e0485.tmp

Filesize
1KB

MD5
6518696a413603ff2d19f14a7e671248

SHA1
ed3b9b4a06897da291b34db6fbcbc2b1a315517d

SHA256
0186ba9ab88027b58696558b4e91351facc7374e7dc7778d465be7ab4e6e9e56

SHA512
83d7c4be9d6a4d4008f23a4b777fe849852bdd95d7b8eda84fc47e322353cf9176da2dc2d61017f36080ad7beba7ff137efefe1aa4a517379aaebb88b3dd6f62

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Network Persistent State~RFe656732.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\TransportSecurity~RFe64b334.TMP

Filesize
1KB

MD5
8a0c783d0409e8751b674fb1f0bc6604

SHA1
01aa310e139468d79b726b56f4d893362cbfff50

SHA256
05c9dad6e28a0bf1fbf5d0116b1f70309a042750dbf1f9ac17ff262310ca3607

SHA512
3bf00195a0d32f493c5bcd86c84d955b226d41ba492450b12189f1d7a5305ad0ac0e0217df687f5755ede0ff38ba4471ab42424eaeb1c018d5163b228adf11f3

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\a7fae9a6-8e7e-494a-bb2f-546b4fc5db71.tmp

Filesize
1KB

MD5
3a6008a9400c7dfb8b8df0d639e8483c

SHA1
ce89a99f3008289e741c3ab7d4c6bc8bddd3cb7f

SHA256
8d63bbecd53d44afcf7a894686ca434bdd5d5c13ec366cc2e72bcd20c384136e

SHA512
06fd363d7b16ccea139b704fbf71826f447f6faac5591f82b3564c2e1421035f04bc03bec4efec75b3ff0c91048b9d93537e889f153970ad8c6a3d24649d414e

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\aacefa2e-45f6-4720-afe6-1e4b2e830de7.tmp

Filesize
1KB

MD5
01c69b4b5c98e8b581f5092b3ebf6e8d

SHA1
8cafb2d1921943db601b40106cbe358524732d02

SHA256
8c261768ff65240621837ea58d4702a84df899ef4b02a512b7cc1b4cb5e12143

SHA512
ba6c127be9188f568b733103f7ebc5ba56d101cbf6181c2cd5718437761b58809080786206112beed28ba7e0e0ea4f310305e94c988c4bbdb7a9b91186113b48

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\b185a42b-9055-460d-aca5-f44fbf37bce6.tmp

Filesize
1KB

MD5
aba3616f10997fcead9ef4a204590f1f

SHA1
c77acaa722a2dba317db1ca66d2c2e656f0a1119

SHA256
5a4fb53203e055fa59b107bec0d8c0efedfee0102f0960b26984f3bedd4e4ae1

SHA512
d887ef5deb7222705681dc345bd29fe513aa6776fcf9a12e383793f17c118b5e78e32c71a348055b1080f7c58abb06134babdfcd6db67e22770bcf8d823b80ee

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\d3c666c3-8692-44b8-a9de-35fb9e357e40.tmp

Filesize
1KB

MD5
01dcbbc5439f0ba070ee0cf06ced1d5a

SHA1
92cd5bb87340789137f5ccdcf6d82244fc225220

SHA256
6cbdf3f6496029dd5f85945fbeaafc27f36321ff5622bcf855bea976edc0dd56

SHA512
32501710b67f4d1c4149c46d872cf0858a4e70341e1e1ba5797e1b4117c66c2dcfe7f1a619700e69c6192a7bfc219765aff1054808ef6ffdea540eea175c333d

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\d4a6c72e-64ec-4ce7-a4e3-bee832eea2c5.tmp

Filesize
1KB

MD5
4e580d9578f80b8a90f6278babb00683

SHA1
b1fe7cab7049b73664fa89ddba5f02db49572dca

SHA256
5c1b838b65dfe6a3fbb32f5b878c5b29c974da5c0b6f8f5959a2b7796d1004bf

SHA512
929c1c9ff1bf1aaa9faf65b1cbb9063218bfb15337c951e44dd8e0fc9027e9714414914f772ee17d67e6570d7e1cb104c60383778192b0014f8926d30696ffd5

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\eec4311e-fb47-4bf2-a7e6-7b931527f179.tmp

Filesize
729B

MD5
5948426aad7c895fa92864313cdb5de8

SHA1
209296c7f062042355bc4a3ea1e12081be6dd888

SHA256
214d50545ef7ac589204d3f51d54b59853cc474fc502fb6cc4785f9858b7276d

SHA512
786707dd020c52baad3530ef2afb98f5140df11be7c6f88e66c040ffcdb701cd84167145565ba390f84a6a590c9e470e8d0654756806f9d46a6ff49d6be978a5

Download Submit
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\user_prefs.json~RFe64d6d9.TMP

Filesize
75B

MD5
731edd0da5d544924458de0f3db5f5b4

SHA1
a375608f230cb328f887378952bba4b044ea789e

SHA256
7a63263773461ecfd018d3ed3bebe3581b2e15da19bc8edd7212e9d458ecd66a

SHA512
759ce05f22330e8fb38cca4f6b0d90f930a9da0b18f9ffb3bc0873d0b7a470ddfc429cd81775f75cbe5cc81a862ebb322eff9bbe5d5f118fc9a548bded2e5333

Download Submit
memory/384-1989-0x0000000006080000-0x00000000063D4000-memory.dmp

Filesize
3.3MB

Download
memory/384-2043-0x0000000007F30000-0x0000000007F3A000-memory.dmp

Filesize
40KB

Download
memory/384-1974-0x0000000010000000-0x0000000010857000-memory.dmp

Filesize
8.3MB

Download
memory/384-1988-0x0000000005690000-0x0000000005DB0000-memory.dmp

Filesize
7.1MB

Download
memory/384-2026-0x0000000007FE0000-0x0000000008584000-memory.dmp

Filesize
5.6MB

Download
memory/1796-1995-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1796-1627-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1796-1586-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1796-1590-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2912-1849-0x0000000006AE0000-0x00000000071EC000-memory.dmp

Filesize
7.0MB

Download
memory/2912-1848-0x00000000063C0000-0x0000000006AE0000-memory.dmp

Filesize
7.1MB

Download
memory/2912-1853-0x00000000071F0000-0x0000000007544000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1897-0x00000000094D0000-0x00000000094D8000-memory.dmp

Filesize
32KB

Download
memory/2912-1901-0x000000000DB80000-0x000000000DD06000-memory.dmp

Filesize
1.5MB

Download
memory/2912-1898-0x000000000D050000-0x000000000D0E2000-memory.dmp

Filesize
584KB

Download
memory/2912-1865-0x0000000008250000-0x000000000877C000-memory.dmp

Filesize
5.2MB

Download
memory/2912-1850-0x0000000006050000-0x0000000006072000-memory.dmp

Filesize
136KB

Download
memory/4404-1822-0x0000000002870000-0x0000000002892000-memory.dmp

Filesize
136KB

Download
memory/4404-1824-0x0000000004E20000-0x0000000004E2E000-memory.dmp

Filesize
56KB

Download
memory/4404-1821-0x0000000000390000-0x0000000000398000-memory.dmp

Filesize
32KB

Download
memory/4404-1823-0x0000000004E50000-0x0000000004E88000-memory.dmp

Filesize
224KB

Download
memory/5464-2065-0x00000000003F0000-0x0000000000726000-memory.dmp

Filesize
3.2MB

Download
memory/5892-1614-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1609-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1608-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1615-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1620-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1619-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1618-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1617-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1610-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5892-1616-0x000002506C560000-0x000002506C561000-memory.dmp

Filesize
4KB

Download
memory/5964-2256-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/5964-2436-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/5964-2423-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/6436-2060-0x0000000000850000-0x0000000000858000-memory.dmp

Filesize
32KB

Download
memory/7320-1622-0x0000000000BB0000-0x0000000000CF0000-memory.dmp

Filesize
1.2MB

Download
memory/7320-1623-0x0000000000BB0000-0x0000000000CF0000-memory.dmp

Filesize
1.2MB

Download
memory/7320-1628-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1631-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1633-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1651-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1656-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1800-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1801-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1813-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1852-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1994-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/7320-1984-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download