Malware Analysis Report

2025-08-10 12:06

Sample ID 240222-zqmb8afe24
Target https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/
Tags
discovery evasion persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/ was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence spyware stealer

Downloads MZ/PE file

Modifies Windows Firewall

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:55

Reported

2024-02-22 20:59

Platform

win11-20240221-en

Max time kernel

207s

Max time network

208s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/

Signatures

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_488E097E1A6B1768143D54114E281A12 C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrightData C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_488E097E1A6B1768143D54114E281A12 C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531089400406082" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\net_updater32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp N/A
N/A N/A C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe N/A
N/A N/A C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe N/A
N/A N/A C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4256 wrote to memory of 1244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 1244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 3776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4256 wrote to memory of 2704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3e149758,0x7ffa3e149768,0x7ffa3e149778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4752 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4000 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=928 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5844 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5980 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2144 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6092 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2204 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5176 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6028 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:8

C:\Users\Admin\Downloads\MentalMentor.exe

"C:\Users\Admin\Downloads\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp" /SL5="$15022E,2483341,845312,C:\Users\Admin\Downloads\MentalMentor.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5684 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3196 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6172 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5416 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe" install

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-breadcrumb2 --initial-client-data=0x574,0x578,0x57c,0x55c,0x580,0x72a27b7c,0x72a27b90,0x72a27ba0

C:\Users\Admin\mentalmentor\luminati\luminati.exe

"C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\Users\Admin\mentalmentor\luminati\net_updater32.exe

"C:\Users\Admin\mentalmentor\luminati\net_updater32.exe" --install win_global_microtrading.mental_mentor --no-cleanup

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=3776 /prefetch:1

C:\Users\Admin\mentalmentor\luminati\net_updater32.exe

"C:/Users/Admin/mentalmentor/luminati/net_updater32.exe" --updater win_global_microtrading.mental_mentor

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 32300 --screen

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe --appid win_global_microtrading.mental_mentor

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 steamunlocked.net udp
US 104.23.133.10:443 steamunlocked.net tcp
US 104.23.133.10:443 steamunlocked.net tcp
US 104.23.133.10:443 steamunlocked.net udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 api.hcaptcha.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.19.219.90:443 api.hcaptcha.com udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 104.19.219.90:443 imgs3.hcaptcha.com tcp
US 104.19.219.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
N/A 224.0.0.251:5353 udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 199.232.192.134:443 steamunlocked-com.disqus.com tcp
DE 52.85.92.42:443 c.disquscdn.com tcp
US 151.101.128.134:443 disqus.com tcp
DE 52.85.92.42:443 c.disquscdn.com tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 169.197.82.18:443 uploadhaven.com tcp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 199.232.194.49:443 a.disquscdn.com tcp
US 199.232.192.134:443 steamunlocked-com.disqus.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 jecromaha.info udp
DE 108.138.7.68:443 ukworlowedonh.com tcp
DE 108.138.7.68:443 ukworlowedonh.com tcp
US 188.114.97.2:443 pogothere.xyz tcp
US 188.114.97.2:443 pogothere.xyz tcp
US 104.21.22.186:443 ameoutofthe.info tcp
GB 18.244.140.110:443 ghabovethec.info tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 103.224.212.215:443 jecromaha.info tcp
NL 173.194.69.84:443 accounts.google.com udp
US 104.21.22.186:443 ameoutofthe.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 104.21.22.186:443 ameoutofthe.info tcp
US 104.21.22.186:443 ameoutofthe.info tcp
GB 96.17.179.184:80 apps.identrust.com tcp
DE 18.155.152.67:443 ddzswov1e84sp.cloudfront.net tcp
GB 96.17.179.184:80 apps.identrust.com tcp
DE 18.155.152.67:443 ddzswov1e84sp.cloudfront.net tcp
US 8.8.8.8:53 67.152.155.18.in-addr.arpa udp
US 104.21.22.186:443 ameoutofthe.info udp
US 54.225.185.110:443 xlmbc.wedonhisdhiltew.info tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
DE 116.202.16.124:443 file.myfontastic.com tcp
GB 163.70.151.35:443 www.facebook.com udp
DE 116.202.16.124:443 file.myfontastic.com tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
DE 116.202.16.124:443 file.myfontastic.com tcp
US 54.225.185.110:443 xlmbc.wedonhisdhiltew.info tcp
US 103.224.212.215:443 jecromaha.info tcp
GB 18.165.201.121:443 ecentalsindus.com tcp
GB 18.165.201.121:443 ecentalsindus.com tcp
US 8.8.8.8:53 121.201.165.18.in-addr.arpa udp
US 54.225.185.110:443 xlmbc.wedonhisdhiltew.info tcp
NL 139.45.197.239:443 dukirliaon.com tcp
NL 139.45.197.240:443 propeller-tracking.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 172.64.132.4:443 yourfreshjournal.com tcp
US 172.64.132.4:443 yourfreshjournal.com tcp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
US 8.8.8.8:53 4.132.64.172.in-addr.arpa udp
US 172.64.132.4:443 yourfreshjournal.com udp
US 172.67.10.98:443 littlecdn.com tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
NL 139.45.197.251:443 jouteetu.net tcp
GB 18.244.155.103:443 askdomainad.com tcp
US 8.8.8.8:53 mmentorapp.com udp
US 8.8.8.8:53 i.cdnfimgs.com udp
US 8.8.8.8:53 s.viibkthk.com udp
US 104.21.68.128:443 mmentorapp.com tcp
US 104.21.68.128:443 mmentorapp.com tcp
NL 45.133.44.37:443 i.cdnfimgs.com tcp
NL 185.98.54.153:443 s.viibkthk.com tcp
NL 45.133.44.37:443 i.cdnfimgs.com tcp
NL 139.45.197.226:443 coogoanu.net tcp
US 104.21.68.128:443 mmentorapp.com udp
DE 168.119.9.23:443 nnipth.xyz tcp
DE 168.119.9.23:443 nnipth.xyz tcp
NL 139.45.197.226:443 coogoanu.net tcp
NL 139.45.197.151:443 static.ptoahaistais.com tcp
NL 139.45.197.151:443 static.ptoahaistais.com tcp
NL 77.245.57.64:443 click-eu.pclk.name tcp
NL 77.245.57.64:443 click-eu.pclk.name tcp
DE 144.76.199.80:443 cdn4image.com tcp
DE 178.63.248.54:443 wnt-some-push.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 54.248.63.178.in-addr.arpa udp
US 8.8.8.8:53 166.210.158.51.in-addr.arpa udp
DE 168.119.9.23:443 nnipth.xyz tcp
DE 178.63.248.54:443 wnt-some-push.net tcp
US 54.225.185.110:443 xlmbc.wedonhisdhiltew.info tcp
US 54.225.185.110:443 xlmbc.wedonhisdhiltew.info tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 52.111.227.13:443 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 198.134.116.29:443 xml.cow-timerbudder.org tcp
US 198.134.116.29:443 xml.cow-timerbudder.org tcp
GB 88.221.135.114:443 static.servingserved.com tcp
GB 88.221.135.114:443 static.servingserved.com tcp
NL 185.98.54.153:443 s.viibkthk.com tcp
US 103.224.212.215:443 jecromaha.info tcp
US 104.21.22.186:443 ameoutofthe.info udp
US 216.239.34.36:443 region1.google-analytics.com udp
NL 139.45.197.239:443 dukirliaon.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 172.64.132.4:443 yourfreshjournal.com udp
NL 139.45.197.226:443 coogoanu.net tcp
NL 139.45.197.251:443 phicmune.net tcp
NL 139.45.197.250:443 amunfezanttor.com tcp
NL 139.45.197.250:443 amunfezanttor.com tcp
NL 139.45.197.240:443 propeller-tracking.com tcp
NL 139.45.197.169:443 fortyphlosiona.com tcp
NL 139.45.197.169:443 fortyphlosiona.com tcp
NL 139.45.197.251:443 phicmune.net tcp
NL 139.45.197.251:443 phicmune.net tcp
DE 64.190.63.222:443 confirm.95urbehxy2dh.top tcp
DE 178.63.83.79:443 img.cdn.house tcp
DE 178.63.83.79:443 img.cdn.house tcp
US 54.225.185.110:443 xlmbc.wedonhisdhiltew.info tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 3.228.177.90:443 clientsdk.bright-sdk.com tcp
US 206.189.231.23:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 192.81.214.145:443 perr.l-err.biz tcp
FR 195.154.71.230:443 web.mentor-staging.mymentalmentor.net tcp
US 159.223.133.120:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
N/A 127.0.0.1:51055 tcp
N/A 127.0.0.1:51103 tcp
N/A 127.0.0.1:51120 tcp
N/A 127.0.0.1:51125 tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
N/A 127.0.0.1:51132 tcp
N/A 127.0.0.1:51137 tcp
US 3.228.36.186:443 clientsdk.bright-sdk.com tcp
US 159.223.133.120:443 perr.l-err.biz tcp
US 8.8.8.8:53 www.dropbox.com udp
US 8.8.8.8:53 brdtest.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 3.94.72.89:443 brdtest.com tcp
US 161.35.48.195:443 perr.l-err.biz tcp
N/A 127.0.0.1:51160 tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
GB 162.125.64.15:443 ucfe52f76c80c37820b08f3eb283.dl.dropboxusercontent.com tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 3.33.193.183:443 3.33.193.183 tcp
US 161.35.48.195:443 perr.l-err.biz tcp
N/A 127.0.0.1:51215 tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 192.81.214.145:443 perr.l-err.biz tcp
N/A 127.0.0.1:51239 tcp
N/A 127.0.0.1:51243 tcp
N/A 127.0.0.1:51260 tcp
N/A 127.0.0.1:51271 tcp
US 206.189.231.23:443 perr.l-err.biz tcp

Files

\??\pipe\crashpad_4256_CVMBAPCLVISGGVDU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df32490278ee02a0c7d22fe55c4b1cd1
SHA1 d4bdadc156eeec025d152f826153e3a69cd94a6d
SHA256 1e11b001fe96d2c4494ed8f65813faffcea0304547519ce6684db3a87b84dfbc
SHA512 51793da74c096437c90e5317d439933ca4e0f45becfddf4f940d9d2eb32a6993c192f1aee96a0c95d04c5e5e0cc0d44a628cd3abc14862d44ff61189f1fba751

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8da1f8b7b6409e08fb0fba43fd76f79
SHA1 47dfe8df57e0ed6ca193a3770c6b239e3189c374
SHA256 216687b12a25c54876f6d02eb323f72c15a4bf1e4b8de079195ce9969d1ab9ac
SHA512 eff1e46d2e22d3a26b6d6eaa4b15d06d4afb491875a0eeac52587ff7de14cdb17d8f8290d8b33460c566157be72a66a0fb82cf27fdef4575fa797c5ea2f28cb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9186855f23c388d71ae4bbbd5c5b46f8
SHA1 209275297b032bc1279d0735432f750f65fd0d27
SHA256 914873f1aba88761a96010e947aed62bd4cd682977d470c1ff967ca0ce1c5d8e
SHA512 dadba2a458d7f552d0dff0522860ca672fd77a66b1c8d661bc7d23938ebe79e322ee42bd4eabb0024dd4d21cd659766940e9876e3038b9869cd58da6ee522446

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3ff817366106b066aec0d57569a09b35
SHA1 1b9bcd9bb564a28e0c900d00bab509139ac18644
SHA256 c0a6a5eac348d1efc15b1af7c4d6d4d3999e6be2b5c9a68d61560cf60c1b7bee
SHA512 f866804c8aa754347542088883becddbd9f80d4d1538867d177426c81ec75415853042e8c26656c4ce8074e27359da9cf292fbf66806be77f00f8ce69ecd163e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 910859670c3c0080baf46221263cd357
SHA1 42a6e7ce12cca28e162607ff627547520ec41529
SHA256 869f64e593f0fae2cfde4bedac61e16877ae63a22694281aa329466b219ccf20
SHA512 1702538cf19a659c066642b24b9ff3cca3c75ed9735be44ec71a1364e3dccff9616997405cc6ae3dfda1e6c0c8e263ad4fc78d25dbc1aa293cf70cfae218bd08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b92079d71222733490c451e2c3ab3f67
SHA1 377d6cfeac9670d684bb84876a3c9bdd0f0dfcf4
SHA256 7a779240c5b71753cbc97ec18934111027db2bf32112e1c44b7c2079a6c495f4
SHA512 918826b64ddf79ef1771681fcb53ae1c8c2d32df042ee2fc771ebb01932c30b15d091c0e1fde573d7c6c1d404956bc1cad4f7d451561579293cd5f082eea8005

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580f2e.TMP

MD5 8b06d372a6e6760fac8d17a107b62e21
SHA1 29fec1c84e65d0a4736331cfcf6f0cab0869886b
SHA256 8f27173f120f6b81a11ee5f6bb1553f69db00c9f453abfa92904fb52348c6aa6
SHA512 f23414260caca148c13d0660291175621274091902343eb63f21837e09bd4f36f4bae3874da9dadfd0f9c54c694fd39c51808b9bc5bd4eb7aa3ee3141abe6647

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6828a3a25fad8ed3d7cb46660f8fe4f
SHA1 ae55281dd0f79795629c82c7f524db305a249895
SHA256 718ea8f8c8654df3f5323a036fce04157dcaddaeace1ec243bcf5d7ef91ba170
SHA512 40abbf6039ad3b19f14550578766c84939e15249fc438ebf4b7556fc465003cb9fce5434130867b5c8d39816f1de09f335c8e10938c7358bdb57ef5bb30e8a7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1b6bcdf9157d548d4a8c521a01735c40
SHA1 20defc826b3b81dd2c42b0aceddd6699801c0d32
SHA256 360645f729d683fcd708422af9fc40fe0455e69fc47dca1a8f22cd86b61bb5b9
SHA512 57d4a324aedc702a5b41273f22bde92cd77086798158a1c077d62e5cf090ee264d4d0432288ba9ea92ac09eadff930706a26f699bd0164afb3df37f4c5c7bdc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e0b5a25232baacd3fad294fb18a887f
SHA1 4aac3b1e7ea1fd47deb52efcb12f64e075fceed3
SHA256 ba24eb803d0b1c69f08906239ecea63e5bb0b5c1861896f970ef10670beefa5a
SHA512 cfaff714c6d3f6e560af80067fe2639c178be868f64f8a50a0045c0b1b9700d302aa61f6baf64c826cf2fb785148934c4149d4cb678ca54a50b7fcc3e30bd49a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_yourfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0653d0369621f3b77dcd7e2d458e987
SHA1 baa81ebf82508ea2467e0f206d8b2b19fd1c0671
SHA256 9d88ad0716c00d2f879ad708a98f2c7f99ea50159d99d355324154b5919d8668
SHA512 9f7b36c24135cb744d7f710b1dcb05e89ed3d0ac6e94b92f1ef9a80b10fb40b9b4e51ec9ead3220008c1fc530dcf9de013f85ff6db474fce21407f4c0d2f4372

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0d5a86b8567419483a3c8b73842219f
SHA1 861b1b86bfd460517e5c83445d0335da9d1cefc7
SHA256 f50fb764d87b3738c5216f493b5e3c9b044fc4e78426595023cf422daa6573dc
SHA512 a20070330b608524e681bfdb9abb7356b240eb7c1b320ae6f713c5bbd1ad9fe495e6e293c89fb58b30837c096292febdeb1d5ab454e9acbc61528d7b77d92d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2943faea6f7bca87ecb2342a58d06b38
SHA1 b8728048f008e7b1d17bc3aa680ddb8d38167b80
SHA256 3b12dfe8efecf9d5607eb6d093c979fe263698824de4dd63da58afb313885f0e
SHA512 7b0bcff1a9dddd1781a1070fb58d1af79f7ce2c133d6d3c940fb1c9c526203a95ca0402246da75eaa1165105bbf9aa353d4b2779a8163c13927c9ec2deb27175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28b19f4d8f16beaf95edb577691e6d34
SHA1 4f9e2e62ae7b6b9bfbf1df33ad9af7ee3b7ab55f
SHA256 e23453485c350f57ac50665e941c2b8e364af9bdd000c583fe3198aedeb296eb
SHA512 3c349bf5f6401848e2f142eb0295632be71b210d2e368bf59521def70cd47cd0f30ebeca1bfb60a428db593caca48c5d72fb98cf935ceaa0df1c34ce8c3a9204

C:\Users\Admin\Downloads\Unconfirmed 699078.crdownload

MD5 a069ee7b342973e07c28045e30e674cf
SHA1 0895e0e90beee9479839203e2475e6a08c725573
SHA256 8445cc5aac6a306220789b46c6a5d3c9e9296edef13db36127007a7bbaf4bb5d
SHA512 d4ac2f8d34f39d350f70ed3e709bc4721780679debda79b23ac5078486bd77c48928cfb7ef39d4948ab97ba3c01f65dec967618e30ac660d1071b24312c80e01

C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 20df97bfd7d89e42539f6cd2706fd6cc
SHA1 037dc64e41961a085720b8f6ef31091ede129aa1
SHA256 4d3440fa308a8574b62fb2e3769182d0c0c3c3c170e107cbb982930eed0ac41a
SHA512 524d1ce5915ed7d8637fcebda51cf6cfef9557a71e6e80405f0d4924c2d21eac493ed5a22210fc922b33ab34c089ac327f82aa838927cfa564525a6b8f92a811

C:\Users\Admin\Downloads\MentalMentor.exe

MD5 fc60d120aad87a071d7953fff7f003bd
SHA1 1b4c7dac191dc8c3ad7fa9df2622be3266df2c14
SHA256 e85be484849c18dd6d89cf235a0327ba251b5c7a1ae53ec30ac92951819580a7
SHA512 c1dab948e7c89fa29714c563d229e6cfce72036a2c175825b0c40047a70555e89b3a2ebdf55bb68d158bd9633c51786e909333cfd8794764a10897f30607bb47

memory/2808-362-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp

MD5 0d041f22d598f3a63bdf0e66c448bdab
SHA1 591fc72ec32e7efe2e641dba38c3cd7b6d415450
SHA256 e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563
SHA512 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

memory/944-368-0x00000000026F0000-0x00000000026F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\idp.dll

MD5 59fd376f6e67cf49bfb0ac6724140e72
SHA1 e02a4185b9272ae6a3b5eaa4333905fc989698e2
SHA256 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5
SHA512 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb

memory/944-376-0x0000000002590000-0x00000000026D0000-memory.dmp

memory/944-377-0x0000000002590000-0x00000000026D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\mentor-inno-lib.dll

MD5 7d992de7a01b53b3e243241d4a6df978
SHA1 5cbabf55b43201ecdbeb0350a8a29989c4b8847d
SHA256 2f647a8dc42804459d6aca834e532d407fd69f93a7fcd908e3bfda5faafcd665
SHA512 0919937fc42b5a1c383fbce76e3627107b242d5394f20ab8204b2651f01bfaf1c94cbe4fbc950f192eae7949637dd6b7aab661b47e999f6f8625ea49f5a67b2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 833fe66cd05e2dac98139e660e0ab9e1
SHA1 3d146dea30c73988fc65ca57c638fbe39bde88ad
SHA256 5afc2b5b429541076c122dd6c390d328c0344ab0618717e585c4672769c9ce57
SHA512 117aa5323e4cca1a4d81621937b7f8db4092c6318d6f1e3e076d8f47c72d95852e74723898dee77bea08c629efbb780907e16ecec696441ecfaa5ca75613fb8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5895a4.TMP

MD5 6cdbd0ca12649a1f706f88a8de16834c
SHA1 0ba5d9a63647ee1c9da89e8aa34298bf53c74d5a
SHA256 28ac27e0b6eff241bd939d792d1baafeaf60562645e16d109b858ae2ef7d1512
SHA512 e557f540697e2bc1a4ec2514c9c73566a11cc38ce79df371c6c9be492deee25f7e3295fd89e346547fec9bfc36dfe17905417ecbb8f06932315e90b345330031

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05a6a066040c85236c3985313fe590fd
SHA1 2a341b0dcf22646f0677b5c4fac8be11991a2b86
SHA256 984a948e7450607a73b5afe958f6b59a1781e67159d31325245d2c8de32c4944
SHA512 db46d1412875f842bcf0af2155f3784fc2dc5a81532c6812b9b99b09835761d8c81d92493217812da1a36edc153047d032d9dc238f19966eaaf6e58476303298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 45afdb6b030126280ae23fb562e17ad7
SHA1 5c51d16abd1ad798ac3eb036d61c921fe892feb7
SHA256 77c154cb779b7a52d8887737d930f2e82f9599f4bc1b2b8fe788d3b74b2b83df
SHA512 6da10a01d7ea413d92d92a91b167b61a3c45421109eb4575f578f2ba07f62d56e85cf641149ce7aafabef282dc8c1b2de7f3f5c7a9b5837f969f58d945cc6e19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2f1460494065aac45520c3066670c297
SHA1 31e06e6c3a4bbba93c2faeef770e23c19677d50b
SHA256 1c7f8abc6f56d3a54cb983b3fd4e92b08e60f28257b34dfb2d63470dfe036ba4
SHA512 2e579bfba09c5599ff28010c9eada085de2d877519b1b781c26454918c4849ae555c45f16abb01a21429e16f384f3c3e9054174111a933dbf4463cae4800200c

memory/2808-424-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/944-425-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 d84c3d03d5349eb444b1b2fe779ef736
SHA1 a8b386d08eda1ff87554b7e9ad6216907e666858
SHA256 ffa6f45cf9a0d20c9c02b30d8f00183ea48fba8d5697c5b5c4b80138fc1ae3e3
SHA512 e0fed90bfc28a487a5a3dce324fcdba35215a24810cae47e1362f48efdda444bfcc93233aff34a3d5f1405b955af5e300ec82d63f45ee8517d7c2d1cd60d32ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7176aeef878706fd5b5eb80bc1f8462
SHA1 87ed7a025a7efbd298e6c975bccf8c62fdc22d15
SHA256 9d3baa19240996d6f53cf21ff2dc38e1d98fe32f6362edd44b4b28c2c52eda95
SHA512 bc555d4e75f473870423cff47dcc995bf69f692fc5d4e1782274a166efce5bb05c52356139ef6dc6b2d058917575d82f004850f85f9392137986985c166cee5d

memory/944-451-0x00000000026F0000-0x00000000026F1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cba454b7f4070f27069ccb90e13f46f6
SHA1 0f2be00a744dcbe6798fbae2664c13b490d9076a
SHA256 e10617a233253373eedea117f2175871064a7cbb84eeb29ff54b8d916e23a677
SHA512 99b9d4605d69c9bbb7686b00c33cac1f0da7c7320aedb76710d3e979c633b0e2d9183115c081135777059da19f3e1a9c96858fc567dad646ce15a73fd471c320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5ec0cc3f3bced3cd0df3e706cb1fc88
SHA1 11328cbf4ef89be7f76ee861e912da42619e9c0e
SHA256 e07f48fc60801d56f71a70a178158e95f0feb1a71ebdac4c817b559e0d2c6aa2
SHA512 07b176e2dabf5f6e0dd0c46343535e3f4003062c76a2e6820d788a9be98c0718015aba9e6d80325ca57ad3f4142de73c11fe9b82d53feb63888bd2e95b2091d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae5bf0309706a1ae430d3b70ca1e7823
SHA1 9626e0f1a7df375ce01659a5807939695dcbeac4
SHA256 e0b34af216b77af006dbebd68f533d877c61124d385ecc38a2adc78a2444eeb5
SHA512 a1f0d7280ed019147b21b08c1dc68e857b3653b0e45e62dbd18150d405b892ff71dcab20422eff8a1f724d69e96f1de123cbb1d1f25cab2375ab696d03d45002

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e112cad92e15c61cf23fdaa51a5ab053
SHA1 96c0fca24e2cfee9221d1e2a18e8cc54bff244a1
SHA256 4cba6aebec88804f781931db3674397874d282ae78ce4c4759072594360d631d
SHA512 1dd5268308ee6c0763b997c354a877418486a2659741fe2aabb05aa9c5be5912926b5b9ff8212c005dade57050acf922ca648c4c5cae5595c1500b87bf6fc05a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1d894302ddd9ab0dd66969848a2cff8f
SHA1 df56157d7e163c04327d96a21b897ec63483ff4d
SHA256 29b48b50d9812ba7a6170f09fe1c8cab87f90701016b94a2b255bd6ce03931fb
SHA512 f16a699aa7457a9e37804a7cb12811ad4df0c8e28f4390b00fc16ab9f3413e05f62b5286679b7fba69caa6872460d53914e0e9dcf3fe95fd8d11daca74afb2bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7b4a589c9ae4699c587947a3c6054fa7
SHA1 0a6625f621f2125b0501cf44fc8a9cf78305e65e
SHA256 4e5b71af2c7510d9d99c383c299852eea0d6a9d514f8d664b6e96a39e05388b4
SHA512 634903463178f3d02f9aee4d5ad5177bae370338503622e8f776fe209d43463090019aeac19b21b266da4ea29ed70e350ad4ec4193b80564d3d2e6725b023587

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1dfaafa2c016b19d8fb6ebcab6c5f9f3
SHA1 05a7867768264d772b6ba093507a8380cdb9f941
SHA256 6a57e5669c40328378255d52a6cccece64c85277ede2b1811a4488e7e0a4942b
SHA512 ff7e480568d466034d2d73b1f4883f4f565b2710ac223bfdda04c1735dcb67b64f823271a6edce5b5cee91dfa6def58be1a4b3c0c10d7915835417c136cd699c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f4dd5b097334b79f2296db9105b6ab7
SHA1 aaaff27a714267068018b1598af670541d9d9e96
SHA256 0d440468ced4bc0a9333250024da9e2e6349cb6fac505083fe7abcaf97ac38c1
SHA512 d2fc15cb9c7e1c4200e8d9e19a694da9bd18069f9a6273d7ca18ee6a392c7398dd414bc7675de5caf0203e3e885ffc505d388b300d7ba491cafe2d312164752b

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe

MD5 a51d90f2f9394f5ea0a3acae3bd2b219
SHA1 20fea1314dbed552d5fedee096e2050369172ee1
SHA256 ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f
SHA512 c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.dll

MD5 04ad4b80880b32c94be8d0886482c774
SHA1 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
SHA256 a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
SHA512 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_libs.7z

MD5 b4d9d066b511b841e0697a421904a261
SHA1 36390477fa043baa19b5c345e626ff57f823b420
SHA256 10ffc5bd3add651a6e84fbfaabd9d430b66f8484931f722ac54d91adf538a69a
SHA512 daf115bc7bbf4eba0b7124bd13409d2ea8edfac55dd004eb3f1efe51de4a7ba010ecb01bacaf927674b00d0581d3beccfe116f88ab68ddf1de93aaec9c45b0d2

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_bin.7z

MD5 38e6b4e9710bd68a5d6708e89e96cf0a
SHA1 bf1ec92fef909965d22b7a0c36a412018cb4051f
SHA256 9019570b0e815f10077fe42c1f807cbf29afb26e38123453d80a457501f74467
SHA512 0d8e2c491513c9c2f09880c8ca57ae283a98baf53832702612fc5d5bd34fc2201d88eedce66984d4ec185fbf8521dd0ea3b2151d4cc9d5f724bed2cffe04e889

memory/944-927-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_lum.7z

MD5 aae7bd94dd15b8dfdcc9538d2005b86d
SHA1 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73
SHA256 e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15
SHA512 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41

C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_html.7z

MD5 6a348b9bbde447ab1a829f9e07bf3abb
SHA1 3bf9cde74b081044649b2a0d46c4fef72770c478
SHA256 94ec3aa4d0485c049963817449f07a9d1c6675536dfd0d54a05edbf89c471c68
SHA512 fc362bc07bf170ee7f06ff20d35709ffcf1537736c11feaf39ee113b7aa760cc41fa97f41e6cf1871387af324ecd14f10b4a883821662e716599d984f2c5c931

C:\Users\Admin\mentalmentor\mentalmentor.exe

MD5 44199ffc2941e2d27937f21932c73115
SHA1 f34f09dc56038835191dc06e6d65681629c8814b
SHA256 0a414f10d5bc7aefb6e32840da572eead21e758bf6c014549894f4061f46e37b
SHA512 462001bb8decfed8351e04a85e656af00c07911dd65b9d00f6cdef2321a7bb643392c0e79f5d076a6966132b1ded451012f78475bce338d5e5d552025d196e05

C:\Users\Admin\mentalmentor\sentry.dll

MD5 231c11192fa58f32794dc7fa6fec9f8c
SHA1 7bf5f9364a4251b91a274188f504d839e9b4c428
SHA256 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d
SHA512 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867

C:\Users\Admin\mentalmentor\libcrypto-1_1.dll

MD5 d5a5e2b8e937e31c881dafd4179f5536
SHA1 8e2fa5c30b71da58196c2033be847937b3d0ff0a
SHA256 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3
SHA512 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268

C:\Users\Admin\mentalmentor\Qt5WebEngineWidgets.dll

MD5 41a53eae6b03d8521b34b12ed71da21d
SHA1 d4697400d43d2fba849cbe009bc7f26b0212df60
SHA256 c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c
SHA512 0254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65

C:\Users\Admin\mentalmentor\Qt5Widgets.dll

MD5 52f04479d290b5c2b4b17969f4c36b71
SHA1 53b0758f5bf13283c4938bd17de7abfebe14c5ff
SHA256 b424be233ae4ebacf3f51872e06645c4a04b7f5bf04aa73e3d3c4a60f57a0f7c
SHA512 8767a6a0938f72d75612bde89c1c1838e4fa17ab9ec65fb001d103f8894cadc0f5afd8d884e9dd32eb0c70444afc02be526c1fe949dd3b36d9e7bf10c433b8d8

C:\Users\Admin\mentalmentor\Qt5Widgets.dll

MD5 7366cf9b69527d0d908d28d1644f9e17
SHA1 200c0c8e566224a06d92f8b81ecb9ae1231b4405
SHA256 67ab12aa1abcc696d4057a47807582fdd4be8728bbba1a3eebec2aa8e593c705
SHA512 ab560cd665860a40370fa434b84f291b3d5a91c34b38217f49e0daa27b9649e1b0fddb91da0383bf040d9cb7d9153a6253e035201164d48a63d19f5804f95dfb

C:\Users\Admin\mentalmentor\Qt5WebEngineCore.dll

MD5 6a5d4149d895edc5241e89dc3e87859e
SHA1 902fdfdec9b373edda7911e989f15f354d2b6bdd
SHA256 5cc194af116a265b703f36d43a94f3035b12661e36f611ee1f236aa11e9d193c
SHA512 2b54a144334f40385b14e7daabdc6f3cd71ae03776577d965a0916db37d3136bfa1f340500d4b9b1a07455e0743acaf80f98986c9b6d9f0b01c1709392743c4b

memory/944-984-0x0000000000400000-0x0000000000717000-memory.dmp

memory/404-985-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

memory/2808-986-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84b2c5d5855a76d6cd8b0d97fe483b81
SHA1 39306cb0d707e958174e8831471bb20a919cee0f
SHA256 320dae5484214587c89412a15536cf43676550b45eb143bc83d795dc06caaf65
SHA512 c8bde205d6528b938e8b1660a19a6b7d1d13180d9195566ee94771c3ef49707d565205d9537b7f8a24c2fba25a4c76c96f888ff21e4f030ce732b32c5bb5786a

memory/4276-1011-0x0000000000AD0000-0x0000000000AD8000-memory.dmp

memory/4276-1012-0x0000000069760000-0x0000000069F11000-memory.dmp

memory/4276-1014-0x00000000056A0000-0x00000000056B0000-memory.dmp

memory/4276-1013-0x00000000054B0000-0x00000000054D2000-memory.dmp

memory/4276-1015-0x00000000056B0000-0x00000000056E8000-memory.dmp

memory/4276-1016-0x0000000005520000-0x000000000552E000-memory.dmp

memory/4276-1018-0x0000000069760000-0x0000000069F11000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll

MD5 5d9299cba510d80d033bea87295ffb14
SHA1 d422a5f80da5d6ef253d60a886045043d153f438
SHA256 4975db58feedf38b0010b33d4370d3f0a19474891f3de625f0b5f65427bdcefc
SHA512 fe07eab604d229d4cde004df41619900be008fba57bff6fd46b0035dc649c1533ec1ba409042e66e02b1e61eda526fff4c5ea77d1ecd5eaee13a3019ce7508dd

memory/736-1048-0x0000000001180000-0x0000000001190000-memory.dmp

memory/736-1051-0x0000000069040000-0x00000000697F1000-memory.dmp

memory/736-1050-0x0000000005DC0000-0x00000000064E0000-memory.dmp

memory/736-1052-0x00000000064E0000-0x0000000006BEC000-memory.dmp

memory/736-1053-0x0000000001180000-0x0000000001190000-memory.dmp

memory/736-1054-0x0000000005B20000-0x0000000005B42000-memory.dmp

memory/736-1055-0x0000000006BF0000-0x0000000006F47000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id

MD5 e51908c75e6a66ae55b608aa362ee67f
SHA1 d6b2aea050b5d2f3db6308a1ec7f54dbe4160ae1
SHA256 9819bf9677c3b7ceb122c4bcd9e7066831f99fdece2c55830d9f6d855859f71f
SHA512 0b534c62c53a23ce5d8283c6739c29e63eb0079396fa8666ba5a98555aeecde04143b07630bb416bd32c21393e908bc352ad11a98d49697bfab76b803ea61b63

memory/736-1084-0x0000000007BF0000-0x000000000811C000-memory.dmp

memory/736-1094-0x0000000001180000-0x0000000001190000-memory.dmp

memory/736-1095-0x000000000A200000-0x000000000A208000-memory.dmp

memory/736-1096-0x000000000C550000-0x000000000C5E2000-memory.dmp

memory/736-1097-0x000000000D170000-0x000000000D2F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7d7f04d6e1ffa569198e4301dcee465
SHA1 ea60460f31c6262f277228cc5a20eeda12cc6383
SHA256 c72064ca320563ad9df03c863d1ef9f42d96f9bc115f97412daf8be2e763d876
SHA512 3bcf2c1a0a4ff338ee1313ed33984a9904c903b384a82a28bbfc3e314a8f5932504e6bd72220498c2e2deb533ca2b002f26eb049e16fb85fcef3f6ccbe6b0beb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b66cb4c14dad6b7eec5451fdb00e470
SHA1 a28939b1ee945fbe2efa16371acbae9a953ce089
SHA256 8663cddbda1c48149ce7f7adcb93d4e9ff114e029b60618324468daeab9712c9
SHA512 1581cffe91c562db0595b24187be4fb819795c2feedeb2651378a669672568f9fd0cedb71479f89c83ea4642f328f9dc50fa176808f5f7369963106b53a53a5c

memory/736-1129-0x0000000001180000-0x0000000001190000-memory.dmp

memory/736-1130-0x0000000069040000-0x00000000697F1000-memory.dmp

memory/736-1131-0x0000000001180000-0x0000000001190000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM

MD5 7091aada970baa247262836084a5d170
SHA1 24c5f093850fcd35cd6792adbd9d3a3f366777d5
SHA256 624c0b5f4b56328a3b7861a17f460d8e77a78c4329fa5e4c8ab9780b5a47401b
SHA512 33d0fa9296248e01784730675a81ecc9bc1165e7a78b6132add6d53c1cd01b103d1f4b0751890f54509a54086968a25f0625d93d2e02785cf62c1d7afe48596a

memory/736-1158-0x0000000069040000-0x00000000697F1000-memory.dmp

C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_1

MD5 ff60337a8b65ff063927e689ca6718b0
SHA1 3b645a512d39e2f522497088125754baf19d77ec
SHA256 a54331bce8745915205ea343392954445fe95c8e567835e368e19d58aad49790
SHA512 85abef184a015322e8453b02c3371423f2923d3adfe4637de816a5b9ae1cc56ffdbe2d12db6bf589c1c6c71ee196470fcb117a03ad2d95ee1ffcd05e286a112b

C:\Users\Admin\mentalmentor\settings\webengine\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\mentalmentor\settings\webengine\8d80b9b8-a37b-428d-a54e-6b57a66dcb17.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\mentalmentor\settings\webengine\Network Persistent State~RFe5a4a68.TMP

MD5 32b9dc9cc81d0682e78627c873fdd651
SHA1 46c486386d3e153c3e9b11d54cb52cf0064b71cf
SHA256 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c
SHA512 f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\20240222_205841_once_07_service_stop_1.429.308.log

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

memory/800-1242-0x0000000010000000-0x0000000010857000-memory.dmp

memory/1304-1253-0x0000000068BA0000-0x0000000069351000-memory.dmp

memory/800-1258-0x0000000068390000-0x0000000068B41000-memory.dmp

memory/800-1259-0x0000000002CF0000-0x0000000002D00000-memory.dmp

memory/800-1257-0x00000000058A0000-0x0000000005FC0000-memory.dmp

memory/800-1262-0x0000000002CF0000-0x0000000002D00000-memory.dmp

memory/800-1263-0x00000000062D0000-0x0000000006627000-memory.dmp

memory/800-1286-0x0000000008110000-0x00000000086B6000-memory.dmp

memory/800-1291-0x00000000080F0000-0x00000000080FA000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe

MD5 ddb7556b90d6b912cbc5b96ade855ba1
SHA1 1a6cd4dfb4549e94d2381827de64d58f4a49991c
SHA256 db1b3dc9925acce3d02b620f1110a4ca8fc78813ac5079b3d40c95c56e686508
SHA512 1bd48c043bc2aeb21d1937f92f4ffb3f02866ed74186b401c23af693b7c03ae3590c6ce8a5d1f3c597af36b00175ac9a88505295771e8ea98c4bb10516ed5b46

memory/1480-1305-0x0000000000890000-0x0000000000898000-memory.dmp

memory/1480-1306-0x0000000068390000-0x0000000068B41000-memory.dmp

memory/1480-1307-0x0000000005430000-0x0000000005440000-memory.dmp

memory/1480-1311-0x0000000068390000-0x0000000068B41000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe

MD5 ad027044465902bc8a6e85056d3e2011
SHA1 d7ae22a4988b2453c123953e03d0f44a4f2eb9c1
SHA256 e7bc43667b3573755abbacb09e1b47168bff77b10387803b6f867d44645ed659
SHA512 1a34d2a32b5146c9034d1cd08ddf6f250d1c81d3dd567094a138d8ff46ba18fcaa395f284e11ea565c24d48354ee125d231425ed870d2e848836a2d31ab80bf5

memory/804-1335-0x0000000000800000-0x0000000000B36000-memory.dmp

memory/804-1336-0x0000000068390000-0x0000000068B41000-memory.dmp

memory/804-1348-0x0000000005520000-0x0000000005530000-memory.dmp

memory/1304-1380-0x0000000068BA0000-0x0000000069351000-memory.dmp

memory/800-1381-0x0000000068390000-0x0000000068B41000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 82678367fa4297a26727ccc84e0b2f60
SHA1 0c65ab90390566f7d2f5b4751b9027f6bac1d22a
SHA256 fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29
SHA512 e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5