Analysis

  • max time kernel
    207s
  • max time network
    208s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 20:55

General

  • Target

    https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Executes dropped EXE 16 IoCs
  • Loads dropped DLL 54 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 44 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 54 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3e149758,0x7ffa3e149768,0x7ffa3e149778
      2⤵
        PID:1244
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:2
        2⤵
          PID:3776
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
          2⤵
            PID:2704
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
            2⤵
              PID:1028
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
              2⤵
                PID:2848
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                2⤵
                  PID:2176
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4752 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                  2⤵
                    PID:2248
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                    2⤵
                      PID:2968
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                      2⤵
                        PID:1988
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4000 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                        2⤵
                          PID:1360
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                          2⤵
                            PID:868
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=928 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                            2⤵
                              PID:5004
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5844 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                              2⤵
                                PID:3388
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5980 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                2⤵
                                  PID:4432
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2144 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                  2⤵
                                    PID:5028
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6092 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                    2⤵
                                      PID:772
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2204 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                      2⤵
                                        PID:2576
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5176 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                        2⤵
                                          PID:3320
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6028 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                          2⤵
                                            PID:3548
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                            2⤵
                                              PID:3060
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                              2⤵
                                                PID:1880
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                                2⤵
                                                  PID:2756
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  PID:4720
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                                  2⤵
                                                    PID:3396
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                                    2⤵
                                                      PID:2104
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8
                                                      2⤵
                                                        PID:1764
                                                      • C:\Users\Admin\Downloads\MentalMentor.exe
                                                        "C:\Users\Admin\Downloads\MentalMentor.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:2808
                                                        • C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp
                                                          "C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp" /SL5="$15022E,2483341,845312,C:\Users\Admin\Downloads\MentalMentor.exe"
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of FindShellTrayWindow
                                                          PID:944
                                                          • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3080
                                                          • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:2408
                                                          • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3000
                                                          • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:4336
                                                          • C:\Windows\SysWOW64\netsh.exe
                                                            "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
                                                            4⤵
                                                            • Modifies Windows Firewall
                                                            PID:2632
                                                          • C:\Windows\SysWOW64\netsh.exe
                                                            "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
                                                            4⤵
                                                            • Modifies Windows Firewall
                                                            PID:2708
                                                          • C:\Users\Admin\mentalmentor\mentalmentor.exe
                                                            "C:\Users\Admin\mentalmentor\mentalmentor.exe" install
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Adds Run key to start application
                                                            • Modifies registry class
                                                            • Suspicious behavior: AddClipboardFormatListener
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:404
                                                            • C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
                                                              C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-breadcrumb2 --initial-client-data=0x574,0x578,0x57c,0x55c,0x580,0x72a27b7c,0x72a27b90,0x72a27ba0
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              PID:1108
                                                            • C:\Users\Admin\mentalmentor\luminati\luminati.exe
                                                              "C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • NTFS ADS
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:736
                                                              • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
                                                                C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
                                                                6⤵
                                                                • Executes dropped EXE
                                                                PID:4276
                                                              • C:\Users\Admin\mentalmentor\luminati\net_updater32.exe
                                                                "C:\Users\Admin\mentalmentor\luminati\net_updater32.exe" --install win_global_microtrading.mental_mentor --no-cleanup
                                                                6⤵
                                                                • Executes dropped EXE
                                                                PID:3896
                                                            • C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
                                                              "C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=3776 /prefetch:1
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:4912
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5684 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                                        2⤵
                                                          PID:3736
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3196 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                                          2⤵
                                                            PID:2892
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6172 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                                            2⤵
                                                              PID:948
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5416 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1
                                                              2⤵
                                                                PID:3460
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:652
                                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                              1⤵
                                                                PID:5016
                                                              • C:\Users\Admin\mentalmentor\luminati\net_updater32.exe
                                                                "C:/Users/Admin/mentalmentor/luminati/net_updater32.exe" --updater win_global_microtrading.mental_mentor
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Drops file in System32 directory
                                                                • Checks processor information in registry
                                                                • Modifies data under HKEY_USERS
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:800
                                                                • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
                                                                  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Drops file in System32 directory
                                                                  PID:1304
                                                                • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe
                                                                  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 32300 --screen
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Drops file in System32 directory
                                                                  PID:1480
                                                                • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe
                                                                  C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe --appid win_global_microtrading.mental_mentor
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of FindShellTrayWindow
                                                                  • Suspicious use of SendNotifyMessage
                                                                  PID:804
                                                              • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                C:\Windows\system32\wbem\WmiApSrv.exe
                                                                1⤵
                                                                  PID:1252
                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                  1⤵
                                                                  • Modifies registry class
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:3520

                                                                Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\20240222_205841_once_07_service_stop_1.429.308.log

                                                                        Filesize

                                                                        1B

                                                                        MD5

                                                                        68b329da9893e34099c7d8ad5cb9c940

                                                                        SHA1

                                                                        adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                                                                        SHA256

                                                                        01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                                                                        SHA512

                                                                        be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

                                                                      • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll

                                                                        Filesize

                                                                        4.4MB

                                                                        MD5

                                                                        5d9299cba510d80d033bea87295ffb14

                                                                        SHA1

                                                                        d422a5f80da5d6ef253d60a886045043d153f438

                                                                        SHA256

                                                                        4975db58feedf38b0010b33d4370d3f0a19474891f3de625f0b5f65427bdcefc

                                                                        SHA512

                                                                        fe07eab604d229d4cde004df41619900be008fba57bff6fd46b0035dc649c1533ec1ba409042e66e02b1e61eda526fff4c5ea77d1ecd5eaee13a3019ce7508dd

                                                                      • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe

                                                                        Filesize

                                                                        3.2MB

                                                                        MD5

                                                                        ad027044465902bc8a6e85056d3e2011

                                                                        SHA1

                                                                        d7ae22a4988b2453c123953e03d0f44a4f2eb9c1

                                                                        SHA256

                                                                        e7bc43667b3573755abbacb09e1b47168bff77b10387803b6f867d44645ed659

                                                                        SHA512

                                                                        1a34d2a32b5146c9034d1cd08ddf6f250d1c81d3dd567094a138d8ff46ba18fcaa395f284e11ea565c24d48354ee125d231425ed870d2e848836a2d31ab80bf5

                                                                      • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe

                                                                        Filesize

                                                                        30KB

                                                                        MD5

                                                                        ddb7556b90d6b912cbc5b96ade855ba1

                                                                        SHA1

                                                                        1a6cd4dfb4549e94d2381827de64d58f4a49991c

                                                                        SHA256

                                                                        db1b3dc9925acce3d02b620f1110a4ca8fc78813ac5079b3d40c95c56e686508

                                                                        SHA512

                                                                        1bd48c043bc2aeb21d1937f92f4ffb3f02866ed74186b401c23af693b7c03ae3590c6ce8a5d1f3c597af36b00175ac9a88505295771e8ea98c4bb10516ed5b46

                                                                      • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id

                                                                        Filesize

                                                                        33B

                                                                        MD5

                                                                        e51908c75e6a66ae55b608aa362ee67f

                                                                        SHA1

                                                                        d6b2aea050b5d2f3db6308a1ec7f54dbe4160ae1

                                                                        SHA256

                                                                        9819bf9677c3b7ceb122c4bcd9e7066831f99fdece2c55830d9f6d855859f71f

                                                                        SHA512

                                                                        0b534c62c53a23ce5d8283c6739c29e63eb0079396fa8666ba5a98555aeecde04143b07630bb416bd32c21393e908bc352ad11a98d49697bfab76b803ea61b63

                                                                      • C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM

                                                                        Filesize

                                                                        216B

                                                                        MD5

                                                                        7091aada970baa247262836084a5d170

                                                                        SHA1

                                                                        24c5f093850fcd35cd6792adbd9d3a3f366777d5

                                                                        SHA256

                                                                        624c0b5f4b56328a3b7861a17f460d8e77a78c4329fa5e4c8ab9780b5a47401b

                                                                        SHA512

                                                                        33d0fa9296248e01784730675a81ecc9bc1165e7a78b6132add6d53c1cd01b103d1f4b0751890f54509a54086968a25f0625d93d2e02785cf62c1d7afe48596a

                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

                                                                        Filesize

                                                                        717B

                                                                        MD5

                                                                        822467b728b7a66b081c91795373789a

                                                                        SHA1

                                                                        d8f2f02e1eef62485a9feffd59ce837511749865

                                                                        SHA256

                                                                        af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

                                                                        SHA512

                                                                        bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

                                                                        Filesize

                                                                        192B

                                                                        MD5

                                                                        d84c3d03d5349eb444b1b2fe779ef736

                                                                        SHA1

                                                                        a8b386d08eda1ff87554b7e9ad6216907e666858

                                                                        SHA256

                                                                        ffa6f45cf9a0d20c9c02b30d8f00183ea48fba8d5697c5b5c4b80138fc1ae3e3

                                                                        SHA512

                                                                        e0fed90bfc28a487a5a3dce324fcdba35215a24810cae47e1362f48efdda444bfcc93233aff34a3d5f1405b955af5e300ec82d63f45ee8517d7c2d1cd60d32ec

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        672B

                                                                        MD5

                                                                        05a6a066040c85236c3985313fe590fd

                                                                        SHA1

                                                                        2a341b0dcf22646f0677b5c4fac8be11991a2b86

                                                                        SHA256

                                                                        984a948e7450607a73b5afe958f6b59a1781e67159d31325245d2c8de32c4944

                                                                        SHA512

                                                                        db46d1412875f842bcf0af2155f3784fc2dc5a81532c6812b9b99b09835761d8c81d92493217812da1a36edc153047d032d9dc238f19966eaaf6e58476303298

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                        Filesize

                                                                        744B

                                                                        MD5

                                                                        e112cad92e15c61cf23fdaa51a5ab053

                                                                        SHA1

                                                                        96c0fca24e2cfee9221d1e2a18e8cc54bff244a1

                                                                        SHA256

                                                                        4cba6aebec88804f781931db3674397874d282ae78ce4c4759072594360d631d

                                                                        SHA512

                                                                        1dd5268308ee6c0763b997c354a877418486a2659741fe2aabb05aa9c5be5912926b5b9ff8212c005dade57050acf922ca648c4c5cae5595c1500b87bf6fc05a

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

                                                                        Filesize

                                                                        41B

                                                                        MD5

                                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                                        SHA1

                                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                        SHA256

                                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                        SHA512

                                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_yourfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                        Filesize

                                                                        23B

                                                                        MD5

                                                                        3fd11ff447c1ee23538dc4d9724427a3

                                                                        SHA1

                                                                        1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                        SHA256

                                                                        720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                        SHA512

                                                                        10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        20df97bfd7d89e42539f6cd2706fd6cc

                                                                        SHA1

                                                                        037dc64e41961a085720b8f6ef31091ede129aa1

                                                                        SHA256

                                                                        4d3440fa308a8574b62fb2e3769182d0c0c3c3c170e107cbb982930eed0ac41a

                                                                        SHA512

                                                                        524d1ce5915ed7d8637fcebda51cf6cfef9557a71e6e80405f0d4924c2d21eac493ed5a22210fc922b33ab34c089ac327f82aa838927cfa564525a6b8f92a811

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        1dfaafa2c016b19d8fb6ebcab6c5f9f3

                                                                        SHA1

                                                                        05a7867768264d772b6ba093507a8380cdb9f941

                                                                        SHA256

                                                                        6a57e5669c40328378255d52a6cccece64c85277ede2b1811a4488e7e0a4942b

                                                                        SHA512

                                                                        ff7e480568d466034d2d73b1f4883f4f565b2710ac223bfdda04c1735dcb67b64f823271a6edce5b5cee91dfa6def58be1a4b3c0c10d7915835417c136cd699c

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        3ff817366106b066aec0d57569a09b35

                                                                        SHA1

                                                                        1b9bcd9bb564a28e0c900d00bab509139ac18644

                                                                        SHA256

                                                                        c0a6a5eac348d1efc15b1af7c4d6d4d3999e6be2b5c9a68d61560cf60c1b7bee

                                                                        SHA512

                                                                        f866804c8aa754347542088883becddbd9f80d4d1538867d177426c81ec75415853042e8c26656c4ce8074e27359da9cf292fbf66806be77f00f8ce69ecd163e

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        d6828a3a25fad8ed3d7cb46660f8fe4f

                                                                        SHA1

                                                                        ae55281dd0f79795629c82c7f524db305a249895

                                                                        SHA256

                                                                        718ea8f8c8654df3f5323a036fce04157dcaddaeace1ec243bcf5d7ef91ba170

                                                                        SHA512

                                                                        40abbf6039ad3b19f14550578766c84939e15249fc438ebf4b7556fc465003cb9fce5434130867b5c8d39816f1de09f335c8e10938c7358bdb57ef5bb30e8a7a

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        c0653d0369621f3b77dcd7e2d458e987

                                                                        SHA1

                                                                        baa81ebf82508ea2467e0f206d8b2b19fd1c0671

                                                                        SHA256

                                                                        9d88ad0716c00d2f879ad708a98f2c7f99ea50159d99d355324154b5919d8668

                                                                        SHA512

                                                                        9f7b36c24135cb744d7f710b1dcb05e89ed3d0ac6e94b92f1ef9a80b10fb40b9b4e51ec9ead3220008c1fc530dcf9de013f85ff6db474fce21407f4c0d2f4372

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        2943faea6f7bca87ecb2342a58d06b38

                                                                        SHA1

                                                                        b8728048f008e7b1d17bc3aa680ddb8d38167b80

                                                                        SHA256

                                                                        3b12dfe8efecf9d5607eb6d093c979fe263698824de4dd63da58afb313885f0e

                                                                        SHA512

                                                                        7b0bcff1a9dddd1781a1070fb58d1af79f7ce2c133d6d3c940fb1c9c526203a95ca0402246da75eaa1165105bbf9aa353d4b2779a8163c13927c9ec2deb27175

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        ae5bf0309706a1ae430d3b70ca1e7823

                                                                        SHA1

                                                                        9626e0f1a7df375ce01659a5807939695dcbeac4

                                                                        SHA256

                                                                        e0b34af216b77af006dbebd68f533d877c61124d385ecc38a2adc78a2444eeb5

                                                                        SHA512

                                                                        a1f0d7280ed019147b21b08c1dc68e857b3653b0e45e62dbd18150d405b892ff71dcab20422eff8a1f724d69e96f1de123cbb1d1f25cab2375ab696d03d45002

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        84b2c5d5855a76d6cd8b0d97fe483b81

                                                                        SHA1

                                                                        39306cb0d707e958174e8831471bb20a919cee0f

                                                                        SHA256

                                                                        320dae5484214587c89412a15536cf43676550b45eb143bc83d795dc06caaf65

                                                                        SHA512

                                                                        c8bde205d6528b938e8b1660a19a6b7d1d13180d9195566ee94771c3ef49707d565205d9537b7f8a24c2fba25a4c76c96f888ff21e4f030ce732b32c5bb5786a

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        0b66cb4c14dad6b7eec5451fdb00e470

                                                                        SHA1

                                                                        a28939b1ee945fbe2efa16371acbae9a953ce089

                                                                        SHA256

                                                                        8663cddbda1c48149ce7f7adcb93d4e9ff114e029b60618324468daeab9712c9

                                                                        SHA512

                                                                        1581cffe91c562db0595b24187be4fb819795c2feedeb2651378a669672568f9fd0cedb71479f89c83ea4642f328f9dc50fa176808f5f7369963106b53a53a5c

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        1d894302ddd9ab0dd66969848a2cff8f

                                                                        SHA1

                                                                        df56157d7e163c04327d96a21b897ec63483ff4d

                                                                        SHA256

                                                                        29b48b50d9812ba7a6170f09fe1c8cab87f90701016b94a2b255bd6ce03931fb

                                                                        SHA512

                                                                        f16a699aa7457a9e37804a7cb12811ad4df0c8e28f4390b00fc16ab9f3413e05f62b5286679b7fba69caa6872460d53914e0e9dcf3fe95fd8d11daca74afb2bd

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        b7d7f04d6e1ffa569198e4301dcee465

                                                                        SHA1

                                                                        ea60460f31c6262f277228cc5a20eeda12cc6383

                                                                        SHA256

                                                                        c72064ca320563ad9df03c863d1ef9f42d96f9bc115f97412daf8be2e763d876

                                                                        SHA512

                                                                        3bcf2c1a0a4ff338ee1313ed33984a9904c903b384a82a28bbfc3e314a8f5932504e6bd72220498c2e2deb533ca2b002f26eb049e16fb85fcef3f6ccbe6b0beb

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        9f4dd5b097334b79f2296db9105b6ab7

                                                                        SHA1

                                                                        aaaff27a714267068018b1598af670541d9d9e96

                                                                        SHA256

                                                                        0d440468ced4bc0a9333250024da9e2e6349cb6fac505083fe7abcaf97ac38c1

                                                                        SHA512

                                                                        d2fc15cb9c7e1c4200e8d9e19a694da9bd18069f9a6273d7ca18ee6a392c7398dd414bc7675de5caf0203e3e885ffc505d388b300d7ba491cafe2d312164752b

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        9186855f23c388d71ae4bbbd5c5b46f8

                                                                        SHA1

                                                                        209275297b032bc1279d0735432f750f65fd0d27

                                                                        SHA256

                                                                        914873f1aba88761a96010e947aed62bd4cd682977d470c1ff967ca0ce1c5d8e

                                                                        SHA512

                                                                        dadba2a458d7f552d0dff0522860ca672fd77a66b1c8d661bc7d23938ebe79e322ee42bd4eabb0024dd4d21cd659766940e9876e3038b9869cd58da6ee522446

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        910859670c3c0080baf46221263cd357

                                                                        SHA1

                                                                        42a6e7ce12cca28e162607ff627547520ec41529

                                                                        SHA256

                                                                        869f64e593f0fae2cfde4bedac61e16877ae63a22694281aa329466b219ccf20

                                                                        SHA512

                                                                        1702538cf19a659c066642b24b9ff3cca3c75ed9735be44ec71a1364e3dccff9616997405cc6ae3dfda1e6c0c8e263ad4fc78d25dbc1aa293cf70cfae218bd08

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        0e0b5a25232baacd3fad294fb18a887f

                                                                        SHA1

                                                                        4aac3b1e7ea1fd47deb52efcb12f64e075fceed3

                                                                        SHA256

                                                                        ba24eb803d0b1c69f08906239ecea63e5bb0b5c1861896f970ef10670beefa5a

                                                                        SHA512

                                                                        cfaff714c6d3f6e560af80067fe2639c178be868f64f8a50a0045c0b1b9700d302aa61f6baf64c826cf2fb785148934c4149d4cb678ca54a50b7fcc3e30bd49a

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        7KB

                                                                        MD5

                                                                        c0d5a86b8567419483a3c8b73842219f

                                                                        SHA1

                                                                        861b1b86bfd460517e5c83445d0335da9d1cefc7

                                                                        SHA256

                                                                        f50fb764d87b3738c5216f493b5e3c9b044fc4e78426595023cf422daa6573dc

                                                                        SHA512

                                                                        a20070330b608524e681bfdb9abb7356b240eb7c1b320ae6f713c5bbd1ad9fe495e6e293c89fb58b30837c096292febdeb1d5ab454e9acbc61528d7b77d92d14

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        b7176aeef878706fd5b5eb80bc1f8462

                                                                        SHA1

                                                                        87ed7a025a7efbd298e6c975bccf8c62fdc22d15

                                                                        SHA256

                                                                        9d3baa19240996d6f53cf21ff2dc38e1d98fe32f6362edd44b4b28c2c52eda95

                                                                        SHA512

                                                                        bc555d4e75f473870423cff47dcc995bf69f692fc5d4e1782274a166efce5bb05c52356139ef6dc6b2d058917575d82f004850f85f9392137986985c166cee5d

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        f5ec0cc3f3bced3cd0df3e706cb1fc88

                                                                        SHA1

                                                                        11328cbf4ef89be7f76ee861e912da42619e9c0e

                                                                        SHA256

                                                                        e07f48fc60801d56f71a70a178158e95f0feb1a71ebdac4c817b559e0d2c6aa2

                                                                        SHA512

                                                                        07b176e2dabf5f6e0dd0c46343535e3f4003062c76a2e6820d788a9be98c0718015aba9e6d80325ca57ad3f4142de73c11fe9b82d53feb63888bd2e95b2091d4

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        45afdb6b030126280ae23fb562e17ad7

                                                                        SHA1

                                                                        5c51d16abd1ad798ac3eb036d61c921fe892feb7

                                                                        SHA256

                                                                        77c154cb779b7a52d8887737d930f2e82f9599f4bc1b2b8fe788d3b74b2b83df

                                                                        SHA512

                                                                        6da10a01d7ea413d92d92a91b167b61a3c45421109eb4575f578f2ba07f62d56e85cf641149ce7aafabef282dc8c1b2de7f3f5c7a9b5837f969f58d945cc6e19

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        28b19f4d8f16beaf95edb577691e6d34

                                                                        SHA1

                                                                        4f9e2e62ae7b6b9bfbf1df33ad9af7ee3b7ab55f

                                                                        SHA256

                                                                        e23453485c350f57ac50665e941c2b8e364af9bdd000c583fe3198aedeb296eb

                                                                        SHA512

                                                                        3c349bf5f6401848e2f142eb0295632be71b210d2e368bf59521def70cd47cd0f30ebeca1bfb60a428db593caca48c5d72fb98cf935ceaa0df1c34ce8c3a9204

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        f8da1f8b7b6409e08fb0fba43fd76f79

                                                                        SHA1

                                                                        47dfe8df57e0ed6ca193a3770c6b239e3189c374

                                                                        SHA256

                                                                        216687b12a25c54876f6d02eb323f72c15a4bf1e4b8de079195ce9969d1ab9ac

                                                                        SHA512

                                                                        eff1e46d2e22d3a26b6d6eaa4b15d06d4afb491875a0eeac52587ff7de14cdb17d8f8290d8b33460c566157be72a66a0fb82cf27fdef4575fa797c5ea2f28cb9

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        46295cac801e5d4857d09837238a6394

                                                                        SHA1

                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                        SHA256

                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                        SHA512

                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                        Filesize

                                                                        144B

                                                                        MD5

                                                                        833fe66cd05e2dac98139e660e0ab9e1

                                                                        SHA1

                                                                        3d146dea30c73988fc65ca57c638fbe39bde88ad

                                                                        SHA256

                                                                        5afc2b5b429541076c122dd6c390d328c0344ab0618717e585c4672769c9ce57

                                                                        SHA512

                                                                        117aa5323e4cca1a4d81621937b7f8db4092c6318d6f1e3e076d8f47c72d95852e74723898dee77bea08c629efbb780907e16ecec696441ecfaa5ca75613fb8a

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                        Filesize

                                                                        192B

                                                                        MD5

                                                                        7b4a589c9ae4699c587947a3c6054fa7

                                                                        SHA1

                                                                        0a6625f621f2125b0501cf44fc8a9cf78305e65e

                                                                        SHA256

                                                                        4e5b71af2c7510d9d99c383c299852eea0d6a9d514f8d664b6e96a39e05388b4

                                                                        SHA512

                                                                        634903463178f3d02f9aee4d5ad5177bae370338503622e8f776fe209d43463090019aeac19b21b266da4ea29ed70e350ad4ec4193b80564d3d2e6725b023587

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5895a4.TMP

                                                                        Filesize

                                                                        48B

                                                                        MD5

                                                                        6cdbd0ca12649a1f706f88a8de16834c

                                                                        SHA1

                                                                        0ba5d9a63647ee1c9da89e8aa34298bf53c74d5a

                                                                        SHA256

                                                                        28ac27e0b6eff241bd939d792d1baafeaf60562645e16d109b858ae2ef7d1512

                                                                        SHA512

                                                                        e557f540697e2bc1a4ec2514c9c73566a11cc38ce79df371c6c9be492deee25f7e3295fd89e346547fec9bfc36dfe17905417ecbb8f06932315e90b345330031

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                        Filesize

                                                                        130KB

                                                                        MD5

                                                                        1b6bcdf9157d548d4a8c521a01735c40

                                                                        SHA1

                                                                        20defc826b3b81dd2c42b0aceddd6699801c0d32

                                                                        SHA256

                                                                        360645f729d683fcd708422af9fc40fe0455e69fc47dca1a8f22cd86b61bb5b9

                                                                        SHA512

                                                                        57d4a324aedc702a5b41273f22bde92cd77086798158a1c077d62e5cf090ee264d4d0432288ba9ea92ac09eadff930706a26f699bd0164afb3df37f4c5c7bdc9

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                        Filesize

                                                                        130KB

                                                                        MD5

                                                                        cba454b7f4070f27069ccb90e13f46f6

                                                                        SHA1

                                                                        0f2be00a744dcbe6798fbae2664c13b490d9076a

                                                                        SHA256

                                                                        e10617a233253373eedea117f2175871064a7cbb84eeb29ff54b8d916e23a677

                                                                        SHA512

                                                                        99b9d4605d69c9bbb7686b00c33cac1f0da7c7320aedb76710d3e979c633b0e2d9183115c081135777059da19f3e1a9c96858fc567dad646ce15a73fd471c320

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                        Filesize

                                                                        130KB

                                                                        MD5

                                                                        df32490278ee02a0c7d22fe55c4b1cd1

                                                                        SHA1

                                                                        d4bdadc156eeec025d152f826153e3a69cd94a6d

                                                                        SHA256

                                                                        1e11b001fe96d2c4494ed8f65813faffcea0304547519ce6684db3a87b84dfbc

                                                                        SHA512

                                                                        51793da74c096437c90e5317d439933ca4e0f45becfddf4f940d9d2eb32a6993c192f1aee96a0c95d04c5e5e0cc0d44a628cd3abc14862d44ff61189f1fba751

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                        Filesize

                                                                        93KB

                                                                        MD5

                                                                        b92079d71222733490c451e2c3ab3f67

                                                                        SHA1

                                                                        377d6cfeac9670d684bb84876a3c9bdd0f0dfcf4

                                                                        SHA256

                                                                        7a779240c5b71753cbc97ec18934111027db2bf32112e1c44b7c2079a6c495f4

                                                                        SHA512

                                                                        918826b64ddf79ef1771681fcb53ae1c8c2d32df042ee2fc771ebb01932c30b15d091c0e1fde573d7c6c1d404956bc1cad4f7d451561579293cd5f082eea8005

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                        Filesize

                                                                        109KB

                                                                        MD5

                                                                        2f1460494065aac45520c3066670c297

                                                                        SHA1

                                                                        31e06e6c3a4bbba93c2faeef770e23c19677d50b

                                                                        SHA256

                                                                        1c7f8abc6f56d3a54cb983b3fd4e92b08e60f28257b34dfb2d63470dfe036ba4

                                                                        SHA512

                                                                        2e579bfba09c5599ff28010c9eada085de2d877519b1b781c26454918c4849ae555c45f16abb01a21429e16f384f3c3e9054174111a933dbf4463cae4800200c

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580f2e.TMP

                                                                        Filesize

                                                                        90KB

                                                                        MD5

                                                                        8b06d372a6e6760fac8d17a107b62e21

                                                                        SHA1

                                                                        29fec1c84e65d0a4736331cfcf6f0cab0869886b

                                                                        SHA256

                                                                        8f27173f120f6b81a11ee5f6bb1553f69db00c9f453abfa92904fb52348c6aa6

                                                                        SHA512

                                                                        f23414260caca148c13d0660291175621274091902343eb63f21837e09bd4f36f4bae3874da9dadfd0f9c54c694fd39c51808b9bc5bd4eb7aa3ee3141abe6647

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                        Filesize

                                                                        2B

                                                                        MD5

                                                                        99914b932bd37a50b983c5e7c90ae93b

                                                                        SHA1

                                                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                        SHA256

                                                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                        SHA512

                                                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        82678367fa4297a26727ccc84e0b2f60

                                                                        SHA1

                                                                        0c65ab90390566f7d2f5b4751b9027f6bac1d22a

                                                                        SHA256

                                                                        fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29

                                                                        SHA512

                                                                        e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.dll

                                                                        Filesize

                                                                        893KB

                                                                        MD5

                                                                        04ad4b80880b32c94be8d0886482c774

                                                                        SHA1

                                                                        344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

                                                                        SHA256

                                                                        a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

                                                                        SHA512

                                                                        3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe

                                                                        Filesize

                                                                        160KB

                                                                        MD5

                                                                        a51d90f2f9394f5ea0a3acae3bd2b219

                                                                        SHA1

                                                                        20fea1314dbed552d5fedee096e2050369172ee1

                                                                        SHA256

                                                                        ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

                                                                        SHA512

                                                                        c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\idp.dll

                                                                        Filesize

                                                                        2.6MB

                                                                        MD5

                                                                        59fd376f6e67cf49bfb0ac6724140e72

                                                                        SHA1

                                                                        e02a4185b9272ae6a3b5eaa4333905fc989698e2

                                                                        SHA256

                                                                        88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5

                                                                        SHA512

                                                                        9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\mentor-inno-lib.dll

                                                                        Filesize

                                                                        260KB

                                                                        MD5

                                                                        7d992de7a01b53b3e243241d4a6df978

                                                                        SHA1

                                                                        5cbabf55b43201ecdbeb0350a8a29989c4b8847d

                                                                        SHA256

                                                                        2f647a8dc42804459d6aca834e532d407fd69f93a7fcd908e3bfda5faafcd665

                                                                        SHA512

                                                                        0919937fc42b5a1c383fbce76e3627107b242d5394f20ab8204b2651f01bfaf1c94cbe4fbc950f192eae7949637dd6b7aab661b47e999f6f8625ea49f5a67b2c

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_bin.7z

                                                                        Filesize

                                                                        116KB

                                                                        MD5

                                                                        38e6b4e9710bd68a5d6708e89e96cf0a

                                                                        SHA1

                                                                        bf1ec92fef909965d22b7a0c36a412018cb4051f

                                                                        SHA256

                                                                        9019570b0e815f10077fe42c1f807cbf29afb26e38123453d80a457501f74467

                                                                        SHA512

                                                                        0d8e2c491513c9c2f09880c8ca57ae283a98baf53832702612fc5d5bd34fc2201d88eedce66984d4ec185fbf8521dd0ea3b2151d4cc9d5f724bed2cffe04e889

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_html.7z

                                                                        Filesize

                                                                        270KB

                                                                        MD5

                                                                        6a348b9bbde447ab1a829f9e07bf3abb

                                                                        SHA1

                                                                        3bf9cde74b081044649b2a0d46c4fef72770c478

                                                                        SHA256

                                                                        94ec3aa4d0485c049963817449f07a9d1c6675536dfd0d54a05edbf89c471c68

                                                                        SHA512

                                                                        fc362bc07bf170ee7f06ff20d35709ffcf1537736c11feaf39ee113b7aa760cc41fa97f41e6cf1871387af324ecd14f10b4a883821662e716599d984f2c5c931

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_libs.7z

                                                                        Filesize

                                                                        39.5MB

                                                                        MD5

                                                                        b4d9d066b511b841e0697a421904a261

                                                                        SHA1

                                                                        36390477fa043baa19b5c345e626ff57f823b420

                                                                        SHA256

                                                                        10ffc5bd3add651a6e84fbfaabd9d430b66f8484931f722ac54d91adf538a69a

                                                                        SHA512

                                                                        daf115bc7bbf4eba0b7124bd13409d2ea8edfac55dd004eb3f1efe51de4a7ba010ecb01bacaf927674b00d0581d3beccfe116f88ab68ddf1de93aaec9c45b0d2

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_lum.7z

                                                                        Filesize

                                                                        3.3MB

                                                                        MD5

                                                                        aae7bd94dd15b8dfdcc9538d2005b86d

                                                                        SHA1

                                                                        3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73

                                                                        SHA256

                                                                        e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15

                                                                        SHA512

                                                                        860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41

                                                                      • C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp

                                                                        Filesize

                                                                        3.0MB

                                                                        MD5

                                                                        0d041f22d598f3a63bdf0e66c448bdab

                                                                        SHA1

                                                                        591fc72ec32e7efe2e641dba38c3cd7b6d415450

                                                                        SHA256

                                                                        e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563

                                                                        SHA512

                                                                        5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

                                                                      • C:\Users\Admin\Downloads\MentalMentor.exe

                                                                        Filesize

                                                                        2.4MB

                                                                        MD5

                                                                        fc60d120aad87a071d7953fff7f003bd

                                                                        SHA1

                                                                        1b4c7dac191dc8c3ad7fa9df2622be3266df2c14

                                                                        SHA256

                                                                        e85be484849c18dd6d89cf235a0327ba251b5c7a1ae53ec30ac92951819580a7

                                                                        SHA512

                                                                        c1dab948e7c89fa29714c563d229e6cfce72036a2c175825b0c40047a70555e89b3a2ebdf55bb68d158bd9633c51786e909333cfd8794764a10897f30607bb47

                                                                      • C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier

                                                                        Filesize

                                                                        26B

                                                                        MD5

                                                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                        SHA1

                                                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                        SHA256

                                                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                        SHA512

                                                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                      • C:\Users\Admin\Downloads\Unconfirmed 699078.crdownload

                                                                        Filesize

                                                                        3.2MB

                                                                        MD5

                                                                        a069ee7b342973e07c28045e30e674cf

                                                                        SHA1

                                                                        0895e0e90beee9479839203e2475e6a08c725573

                                                                        SHA256

                                                                        8445cc5aac6a306220789b46c6a5d3c9e9296edef13db36127007a7bbaf4bb5d

                                                                        SHA512

                                                                        d4ac2f8d34f39d350f70ed3e709bc4721780679debda79b23ac5078486bd77c48928cfb7ef39d4948ab97ba3c01f65dec967618e30ac660d1071b24312c80e01

                                                                      • C:\Users\Admin\mentalmentor\Qt5WebEngineCore.dll

                                                                        Filesize

                                                                        3.6MB

                                                                        MD5

                                                                        6a5d4149d895edc5241e89dc3e87859e

                                                                        SHA1

                                                                        902fdfdec9b373edda7911e989f15f354d2b6bdd

                                                                        SHA256

                                                                        5cc194af116a265b703f36d43a94f3035b12661e36f611ee1f236aa11e9d193c

                                                                        SHA512

                                                                        2b54a144334f40385b14e7daabdc6f3cd71ae03776577d965a0916db37d3136bfa1f340500d4b9b1a07455e0743acaf80f98986c9b6d9f0b01c1709392743c4b

                                                                      • C:\Users\Admin\mentalmentor\Qt5WebEngineWidgets.dll

                                                                        Filesize

                                                                        198KB

                                                                        MD5

                                                                        41a53eae6b03d8521b34b12ed71da21d

                                                                        SHA1

                                                                        d4697400d43d2fba849cbe009bc7f26b0212df60

                                                                        SHA256

                                                                        c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c

                                                                        SHA512

                                                                        0254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65

                                                                      • C:\Users\Admin\mentalmentor\Qt5Widgets.dll

                                                                        Filesize

                                                                        3.1MB

                                                                        MD5

                                                                        7366cf9b69527d0d908d28d1644f9e17

                                                                        SHA1

                                                                        200c0c8e566224a06d92f8b81ecb9ae1231b4405

                                                                        SHA256

                                                                        67ab12aa1abcc696d4057a47807582fdd4be8728bbba1a3eebec2aa8e593c705

                                                                        SHA512

                                                                        ab560cd665860a40370fa434b84f291b3d5a91c34b38217f49e0daa27b9649e1b0fddb91da0383bf040d9cb7d9153a6253e035201164d48a63d19f5804f95dfb

                                                                      • C:\Users\Admin\mentalmentor\Qt5Widgets.dll

                                                                        Filesize

                                                                        2.6MB

                                                                        MD5

                                                                        52f04479d290b5c2b4b17969f4c36b71

                                                                        SHA1

                                                                        53b0758f5bf13283c4938bd17de7abfebe14c5ff

                                                                        SHA256

                                                                        b424be233ae4ebacf3f51872e06645c4a04b7f5bf04aa73e3d3c4a60f57a0f7c

                                                                        SHA512

                                                                        8767a6a0938f72d75612bde89c1c1838e4fa17ab9ec65fb001d103f8894cadc0f5afd8d884e9dd32eb0c70444afc02be526c1fe949dd3b36d9e7bf10c433b8d8

                                                                      • C:\Users\Admin\mentalmentor\libcrypto-1_1.dll

                                                                        Filesize

                                                                        2.4MB

                                                                        MD5

                                                                        d5a5e2b8e937e31c881dafd4179f5536

                                                                        SHA1

                                                                        8e2fa5c30b71da58196c2033be847937b3d0ff0a

                                                                        SHA256

                                                                        2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3

                                                                        SHA512

                                                                        1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268

                                                                      • C:\Users\Admin\mentalmentor\mentalmentor.exe

                                                                        Filesize

                                                                        429KB

                                                                        MD5

                                                                        44199ffc2941e2d27937f21932c73115

                                                                        SHA1

                                                                        f34f09dc56038835191dc06e6d65681629c8814b

                                                                        SHA256

                                                                        0a414f10d5bc7aefb6e32840da572eead21e758bf6c014549894f4061f46e37b

                                                                        SHA512

                                                                        462001bb8decfed8351e04a85e656af00c07911dd65b9d00f6cdef2321a7bb643392c0e79f5d076a6966132b1ded451012f78475bce338d5e5d552025d196e05

                                                                      • C:\Users\Admin\mentalmentor\sentry.dll

                                                                        Filesize

                                                                        375KB

                                                                        MD5

                                                                        231c11192fa58f32794dc7fa6fec9f8c

                                                                        SHA1

                                                                        7bf5f9364a4251b91a274188f504d839e9b4c428

                                                                        SHA256

                                                                        9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d

                                                                        SHA512

                                                                        6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867

                                                                      • C:\Users\Admin\mentalmentor\settings\webengine\8d80b9b8-a37b-428d-a54e-6b57a66dcb17.tmp

                                                                        Filesize

                                                                        111B

                                                                        MD5

                                                                        285252a2f6327d41eab203dc2f402c67

                                                                        SHA1

                                                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                        SHA256

                                                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                        SHA512

                                                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                      • C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_0

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        cf89d16bb9107c631daabf0c0ee58efb

                                                                        SHA1

                                                                        3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                        SHA256

                                                                        d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                        SHA512

                                                                        8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                      • C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_1

                                                                        Filesize

                                                                        264KB

                                                                        MD5

                                                                        ff60337a8b65ff063927e689ca6718b0

                                                                        SHA1

                                                                        3b645a512d39e2f522497088125754baf19d77ec

                                                                        SHA256

                                                                        a54331bce8745915205ea343392954445fe95c8e567835e368e19d58aad49790

                                                                        SHA512

                                                                        85abef184a015322e8453b02c3371423f2923d3adfe4637de816a5b9ae1cc56ffdbe2d12db6bf589c1c6c71ee196470fcb117a03ad2d95ee1ffcd05e286a112b

                                                                      • C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_2

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        0962291d6d367570bee5454721c17e11

                                                                        SHA1

                                                                        59d10a893ef321a706a9255176761366115bedcb

                                                                        SHA256

                                                                        ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                        SHA512

                                                                        f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                      • C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_3

                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        41876349cb12d6db992f1309f22df3f0

                                                                        SHA1

                                                                        5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                        SHA256

                                                                        e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                        SHA512

                                                                        e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                      • C:\Users\Admin\mentalmentor\settings\webengine\Network Persistent State~RFe5a4a68.TMP

                                                                        Filesize

                                                                        84B

                                                                        MD5

                                                                        32b9dc9cc81d0682e78627c873fdd651

                                                                        SHA1

                                                                        46c486386d3e153c3e9b11d54cb52cf0064b71cf

                                                                        SHA256

                                                                        712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

                                                                        SHA512

                                                                        f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

                                                                      • memory/404-985-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/736-1130-0x0000000069040000-0x00000000697F1000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/736-1129-0x0000000001180000-0x0000000001190000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/736-1158-0x0000000069040000-0x00000000697F1000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/736-1048-0x0000000001180000-0x0000000001190000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/736-1051-0x0000000069040000-0x00000000697F1000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/736-1050-0x0000000005DC0000-0x00000000064E0000-memory.dmp

                                                                        Filesize

                                                                        7.1MB

                                                                      • memory/736-1052-0x00000000064E0000-0x0000000006BEC000-memory.dmp

                                                                        Filesize

                                                                        7.0MB

                                                                      • memory/736-1053-0x0000000001180000-0x0000000001190000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/736-1054-0x0000000005B20000-0x0000000005B42000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                      • memory/736-1055-0x0000000006BF0000-0x0000000006F47000-memory.dmp

                                                                        Filesize

                                                                        3.3MB

                                                                      • memory/736-1131-0x0000000001180000-0x0000000001190000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/736-1084-0x0000000007BF0000-0x000000000811C000-memory.dmp

                                                                        Filesize

                                                                        5.2MB

                                                                      • memory/736-1094-0x0000000001180000-0x0000000001190000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/736-1095-0x000000000A200000-0x000000000A208000-memory.dmp

                                                                        Filesize

                                                                        32KB

                                                                      • memory/736-1096-0x000000000C550000-0x000000000C5E2000-memory.dmp

                                                                        Filesize

                                                                        584KB

                                                                      • memory/736-1097-0x000000000D170000-0x000000000D2F8000-memory.dmp

                                                                        Filesize

                                                                        1.5MB

                                                                      • memory/800-1286-0x0000000008110000-0x00000000086B6000-memory.dmp

                                                                        Filesize

                                                                        5.6MB

                                                                      • memory/800-1242-0x0000000010000000-0x0000000010857000-memory.dmp

                                                                        Filesize

                                                                        8.3MB

                                                                      • memory/800-1263-0x00000000062D0000-0x0000000006627000-memory.dmp

                                                                        Filesize

                                                                        3.3MB

                                                                      • memory/800-1381-0x0000000068390000-0x0000000068B41000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/800-1262-0x0000000002CF0000-0x0000000002D00000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/800-1257-0x00000000058A0000-0x0000000005FC0000-memory.dmp

                                                                        Filesize

                                                                        7.1MB

                                                                      • memory/800-1291-0x00000000080F0000-0x00000000080FA000-memory.dmp

                                                                        Filesize

                                                                        40KB

                                                                      • memory/800-1259-0x0000000002CF0000-0x0000000002D00000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/800-1258-0x0000000068390000-0x0000000068B41000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/804-1348-0x0000000005520000-0x0000000005530000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/804-1335-0x0000000000800000-0x0000000000B36000-memory.dmp

                                                                        Filesize

                                                                        3.2MB

                                                                      • memory/804-1336-0x0000000068390000-0x0000000068B41000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/944-425-0x0000000000400000-0x0000000000717000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                      • memory/944-376-0x0000000002590000-0x00000000026D0000-memory.dmp

                                                                        Filesize

                                                                        1.2MB

                                                                      • memory/944-984-0x0000000000400000-0x0000000000717000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                      • memory/944-377-0x0000000002590000-0x00000000026D0000-memory.dmp

                                                                        Filesize

                                                                        1.2MB

                                                                      • memory/944-368-0x00000000026F0000-0x00000000026F1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                      • memory/944-927-0x0000000000400000-0x0000000000717000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                      • memory/944-451-0x00000000026F0000-0x00000000026F1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                      • memory/1304-1253-0x0000000068BA0000-0x0000000069351000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/1304-1380-0x0000000068BA0000-0x0000000069351000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/1480-1306-0x0000000068390000-0x0000000068B41000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/1480-1305-0x0000000000890000-0x0000000000898000-memory.dmp

                                                                        Filesize

                                                                        32KB

                                                                      • memory/1480-1307-0x0000000005430000-0x0000000005440000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/1480-1311-0x0000000068390000-0x0000000068B41000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/2808-424-0x0000000000400000-0x00000000004DC000-memory.dmp

                                                                        Filesize

                                                                        880KB

                                                                      • memory/2808-986-0x0000000000400000-0x00000000004DC000-memory.dmp

                                                                        Filesize

                                                                        880KB

                                                                      • memory/2808-362-0x0000000000400000-0x00000000004DC000-memory.dmp

                                                                        Filesize

                                                                        880KB

                                                                      • memory/4276-1012-0x0000000069760000-0x0000000069F11000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/4276-1014-0x00000000056A0000-0x00000000056B0000-memory.dmp

                                                                        Filesize

                                                                        64KB

                                                                      • memory/4276-1013-0x00000000054B0000-0x00000000054D2000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                      • memory/4276-1016-0x0000000005520000-0x000000000552E000-memory.dmp

                                                                        Filesize

                                                                        56KB

                                                                      • memory/4276-1018-0x0000000069760000-0x0000000069F11000-memory.dmp

                                                                        Filesize

                                                                        7.7MB

                                                                      • memory/4276-1015-0x00000000056B0000-0x00000000056E8000-memory.dmp

                                                                        Filesize

                                                                        224KB

                                                                      • memory/4276-1011-0x0000000000AD0000-0x0000000000AD8000-memory.dmp

                                                                        Filesize

                                                                        32KB