6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8

max time kernel
1799s
max time network
1691s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-10-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

12KB
MD5

0b12663e5ae87a93a8726d938ef5bbf8
SHA1

b53628d0d6db63fc3628146e901fa2ddca94b46d
SHA256

6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8
SHA512

9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70
SSDEEP

192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1844	netsh.exe
4676	netsh.exe

Executes dropped EXE 6 IoCs

pid	Process
3732	MentalMentor.exe
4500	MentalMentor.tmp
4076	7z.exe
2124	7z.exe
1264	7z.exe
4144	7z.exe

Loads dropped DLL 6 IoCs

pid	Process
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4076	7z.exe
2124	7z.exe
1264	7z.exe
4144	7z.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MentalMentor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MentalMentor.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{CFBA0D51-B93A-4452-A2D7-F9BAA93489DF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 945620.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
3556	msedge.exe
3556	msedge.exe
840	msedge.exe
840	msedge.exe
4264	msedge.exe
4264	msedge.exe
1424	msedge.exe
1424	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
2904	msedge.exe
2904	msedge.exe
3256	msedge.exe
3256	msedge.exe
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4500	MentalMentor.tmp
4500	MentalMentor.tmp
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
4500	MentalMentor.tmp
4500	MentalMentor.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 2876	3556	msedge.exe	80
PID 3556 wrote to memory of 2876	3556	msedge.exe	80
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 1776	3556	msedge.exe	82
PID 3556 wrote to memory of 4420	3556	msedge.exe	83
PID 3556 wrote to memory of 4420	3556	msedge.exe	83
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84
PID 3556 wrote to memory of 2444	3556	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb797b3cb8,0x7ffb797b3cc8,0x7ffb797b3cd8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,530990599815448800,7176524111920897759,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,530990599815448800,7176524111920897759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,530990599815448800,7176524111920897759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,530990599815448800,7176524111920897759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,530990599815448800,7176524111920897759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb797b3cb8,0x7ffb797b3cc8,0x7ffb797b3cd8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6988 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,8542588554097291313,8725787069434159514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1364

C:\Users\Admin\Downloads\MentalMentor.exe
"C:\Users\Admin\Downloads\MentalMentor.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3732
- C:\Users\Admin\AppData\Local\Temp\is-A1QF2.tmp\MentalMentor.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-A1QF2.tmp\MentalMentor.tmp" /SL5="$302EC,2487297,845312,C:\Users\Admin\Downloads\MentalMentor.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- - C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4076
- - C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4144
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:1844
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f8c0a0ea1c23904b16b9b1bd952e1a03

SHA1
0ef5b231ab21cedd792688d4af4b717966cf200b

SHA256
e2ce016c5102e782aec23e7edca4c82945238250b96cb59a64bbce25db65512e

SHA512
3d4a903dd72a3a74108f2c2c319fe3ee11958e27ef07703dd30b281036a765ba46eb66ee29906c92cd79f8db1a1a7e05a5ba3a58c07bf530e2b83f3ebc3f5da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96ff0d698ba1e05a4b81020aad421704

SHA1
ea21ae35e7b12c2c5a57a6e6dd94c7a3aa2268e2

SHA256
b160f105ba77c0cb82a2ecf8615510ba1226ae9084a872613ff0fdb665884448

SHA512
d381104c4e9f25be2dd8e111510b63ba2ec21dc166926262ff647e88ca80023a2310146cb2cc015a81f1d9f6c13e9c152838b654bd7ac174a3ded30efab8cac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9d75e52d28357d68565f64fc349d44c0

SHA1
ed8dd1b05d22d45b3dab53ea50fc1527a0ee772e

SHA256
c66a12db57f764f48f78cdd160bc4ac13c7864e3d10d6d27a6167db48ed27e54

SHA512
778fde70d701e2ce635c6f874e7a3dc71d66cba21b0486f4473dc994e0009334c85738562c30d5986b4b477df07f1b7987437055df3ae69ac5847d47f9c9edfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9bf2555228eaf626593637821afbca76

SHA1
4f52cae919549a8e255111af220881eadf0f44e3

SHA256
f7013a2b158b05f6a1ebf985e19d50360393c6520fde8ecd9c4f594e42d30ca9

SHA512
9e6fbd48ac0a02672fe4c979a8775c0cd3e18bb6e6290b1da00be31dc29c796f06abcec92c47d338b4642c9cee0e0000f7992cb6ae20dd0230032f9885ccff8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
984332c82319e7d68aae7f647069ba22

SHA1
7de3a5c1ef1655601ba53d226f4bcc8dcfa5e2a6

SHA256
34c8815074d9ef0ffff2607848237baee0866894eb32c0e264f24dc32f06490d

SHA512
4126d35677fe2036195ef6381bafaf99fe904dc4f0b56badf4c520a345f31aa1d3ad691b261bfe311a0de2cb82961669139e4bc94140c6991643e5740a674679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f7daecdefdf0fb2f1e239185644279c

SHA1
85fca1ebde1494fda478fb93e6af0f7c6ce2945b

SHA256
f703fa3d9b4927c7fdf95bfd1014dc2ba1298310933050f43976bcc03168b821

SHA512
97b860f19ca6c9cab45843a466f989cdbe540b181a0410935f32b0265169df8859afc0a576b79b652fa79c36e9083f887181f07e413027027271fca0c491f0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
e4af7a3b4387f9ef07d0e9c48270b790

SHA1
a32281931e40aec27691552fe4555eeec5e3cf93

SHA256
654e0e098579a5e3b0acb1aab62b13392afff7139f7e1657806c4fde907d571f

SHA512
0a19cb556de7fecd3187fe12216ce91620e6368d015ed0efe7f0527c05ce8049aa3998af22b512b0ee7734ad225fca622a61e420394934f40a01f5e289c3e459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
725B

MD5
5187a72a19664f5bd7450d98be972af1

SHA1
cb7b090e7c843296dc9c15ff9a63473994731976

SHA256
9f38fe0a2189ea5ccb969178bd5d87b74fe31afdd820c0744b822dca8ccb8976

SHA512
5ad7bb0f67471135e88300362a32adb8abbfdc9157ae15531d0a4397d0f9df3ee354d2735b7bd266f8e4115f52de7d0562cdd575f9734407bcf56784d907e379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
1fe9552782cfe33334f20f388087e313

SHA1
8bd0384e2214f0e6fe91cacf88870d507d27f17f

SHA256
6195ba5a96447e372fd4e502d1c6587f4bd389d8bccab12e34adefa634685e3f

SHA512
925aea1f23de13de87b0f71d938ab44d449c4845ab7349f5f38a0679ccb064f896f506c53a1b522f752dfbacb3f5e8a4c7897d724a2bef892a7de499c71444ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
c81d76172e3a375cadb2f610615c2317

SHA1
633309409976de69fdc792e3f061d3f9a8843c00

SHA256
11fe9a81a052dfd26e102dbe635820f842e33c8c14bdd9227f38b705e8296a67

SHA512
399ca336fde371a0a194142ffac9851f4153cc0c6c8015b850140e3242412a6b5db41adec2dd4d965025b836378d1b0ee33f3d0a121dc40a3e2c89504ec6e69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
b27a27280d613af6258fcf15b2ab99ae

SHA1
0918b7aee4808c41746ddf7938a47186fea818c9

SHA256
89fea0c853ab7b9fd7b0d2785efe47a3f6b657c13590e5fe28df857105d2b131

SHA512
054080d2c90675cf47b6df22fef445e2aa3aa09b5b2f7e7862b83416048c6d5270b9658a9df6b517acb4214326c6d75524aa76c67b2cc362d303d2153b8e2017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b772aa12dd750ed3120a05cedbc5705c

SHA1
da57ace6a733971ea0e23ce08c1343236270014a

SHA256
5daa43289955c03345ef940a11f14529b6be1c75f34027d1157be3171a3ee24c

SHA512
c546de3479a097fccd6f78c04caa29a9af65108a8e696a17348045a659e28ed23a743ec17fce938121128b46c9fc33173d0eef40febfb58268d1e5a38ab8d652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4da97be28fcd389cd30a5e9e3a321bbe

SHA1
d44309b27bdbf247babf7604cf870bae775a9642

SHA256
4051b7d1e82d59182d383b4cc7ceab08f9017f3b833037f1e9eb794e0dafa190

SHA512
0738cdb9b72e7e086018c342a433e7a4659fb9ae2caae541f92ae19495fecadcb1ab9a40aebfeb283f880189cf7bc67371d37347ee0ecde054e5db04c2c2d17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8da0dc16823f26936ffe71b43e72c24

SHA1
48474ac41f196ca94c742e3f6faef95a7bd88521

SHA256
56ec369f485e80fbba10f98277eb94d067f890d53287a33d35c2e562ccd9e10f

SHA512
e4ea742f588b3dc21073f498a9a99b1d488ff46e0d8bb0087b0b4326f856eabde2044bf507e350e80378e978703f02f2f30a5a83cc7bffbde460658c5653e2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
57bd51c2f00e6c5e34240ca53f433eb0

SHA1
7c1ca2fe9bd534d4bbf6c15a9887c4c7dd9179fa

SHA256
7ed9db91d23acaaf6db85257e0989174522c72bb2a856942e227cd1a4cff97c5

SHA512
8821b1f6f5c4656495b2469e1a0630f5cf3220989aa9325a5103634b1bdfa97dd79da5d12adea2852d5ae11147d53ea6c1ad7470d39c114af28b166dae6bc75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
803805c28736b7ac3b7052a89d15a16b

SHA1
bce9a8e29128eed0912e6c9eece774014e26b2a8

SHA256
a0d72c33327d7d517650be83effa0406a497d6a2c834ffbd5ee52c8910ac07b1

SHA512
227f5ac60c5b53899a9ec3934a01a9996aeb636be5c19905c7647ce9f35432d43dfb12ba5a9f58f0195bf09aeef98aa7c2ffeb30c835aa6e6d22e8d5a13fb885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5f39e2c36c42a8f241a9dfd76a1429ad

SHA1
1d9465cd954381f9d6ff9605be0e156bd68d291c

SHA256
926c8568807b98d08db8d4aa84a0b87dfd2f86b9a84897fe6d7ae3c645271e1d

SHA512
70ed7dd42bf1cd23b53c1791fd5b5f887259d52b9d54ce755c37a286a94d43ea8dd55ff0413a3488cf34b09ca675d3066b44d77a33d51b7c195f784ce9307f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa5268a133b975958947d05534ccf3e2

SHA1
9998d38e1618e04e0857a82fb3b357f14c9051b4

SHA256
d1cd6857268debc408b753ef6aa945b0aae4c8a2b67e364ffb1f1ceb78c6bb0b

SHA512
a3cdccdb2a365b3ccea91432731b8b7b3c809cb00da5893c6227dd34107bd24195518453f1e6f7a2ae0557bd9d3a2c8d531d4a53448d7b71f0b3df463feacd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa2560a1287ab40b00cc87f008d9485c

SHA1
3d0058c77f88c3c5996f5c408cb35d1d10712c79

SHA256
40d719ab72e86d7c5b11e9abef4e7946bbde9eb4cf26d18dee2f3cbc9cf45762

SHA512
87057ef7f0532f4acf1a10e5d52842fc113cd4a013448487e4038f592e851476ee3ddcaa309804d709b013fec668e78976e9bfa4ee5d571aae1cddc25ae1f54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
181d1970795d1d5971d85baa53dc4361

SHA1
ef3db9a483a0220cafc8c7316c915bd3d64ec203

SHA256
005a347391e5e5f733c69de801964e9668b5e1cbfabbb410e140b76632b145fc

SHA512
0ef1d51f07e8fa552ac4094f74f96c0d29bc400f661847ee364d76fd8508f9bc096af03b31d0347c425a54e52f7b9b304a8449e256f9aa6c3a4760e1bbc08cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52f22396ca4d6087fbe14779300670a6

SHA1
1ff929885138233af67e803598ba647739574f43

SHA256
2df6b603f71afc66fcac6c975e5ecebe3bb7042d9839fe03b918d7e6564f1075

SHA512
62801cd340001b044de44c104612bc731287a82e6de141f9ed265c52890b40482fd133f4000082e1b8d2c20cf87b7fbe61ca5d59033c5d74c46c0f49ea23aaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
31b00a9e48be81ce10020766f8c36b75

SHA1
7560e03fe30288972df23ac84aa1d0aef9c15e61

SHA256
074298043fa28e77f9703d998efdf0803b322bdf596efb21e2f3da4d85b3572b

SHA512
399dfd1d7a4afacf872a3bc228dec67a27326f493f29b7c8ee5a36e0f989ef78d7cd05fa7f48a8cbf42e6c695f11cee6a8ce0b19be4c98e23e80577053cc4038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
edaadf57d9e842b09517edf150bb662f

SHA1
f89914b2dabf2095eb674e5155ba77a8a89601a9

SHA256
d9dcabcb0bc2fded751e5fd1a349e0aeb14075321de77d8621d5fc8235d6d2ed

SHA512
b3cd28861c8556a5b623dbdf7bc378c818412cb3e8193e232182a11488904f1f0574d0dd66a8f431e7d7a6133f8d856c53db6945e74e6cf194251486ae8b9d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13373330977916521

Filesize
1KB

MD5
a54ff796bd7936f382879907a379b504

SHA1
b5bd71a1eb3e4b0473e84898930283fa34357cce

SHA256
c302c492a12628e11e28180ad28b4a94a67c350d241f7a51ffd6e5661f13c5ca

SHA512
c5df2e31b0bc57799b1a43e548770643156a05e119d8f7dffa16592ac21839f55a24a6ff41e3da10ef84321de397e29cb6d96be3b8995e4743b6be54789bb9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373330977920521

Filesize
1KB

MD5
89bf91cb122f20fc33d84ca9018439fb

SHA1
32bb5f3e9fdd7e4ac969240e867551ed03e1c531

SHA256
b90480442e18a5649981d2daa0513d82aa2969916f765ca09d64e121b51edbe6

SHA512
331f70a6869fe7daeccd2e97c0b0ab42e815d46cabfbea1f3219a7b02f698afbb9fb205ac12378ee610a075192187830ed6f263bc98cc5689c4e907d9c920886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2e73da18f710034a9db9141a06518fa1

SHA1
2e27dc3a2907643d5516921ed816bb1bb3fcd814

SHA256
0fba06c862739ca873b0dcc84d5361ffb6234ee2081cbb68d66d7f1ea4e4b865

SHA512
f2437a8909c64a020d90b6087e411bef5f97b76a0dbe61da0f78dbd27bf2177853655b7151df876d586e81748da01d8de798b35d2ed2611bc7741db25714160b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ed0d2803835e120c300d8e1026f13ab5

SHA1
5cd8082b7e085d82e416798e0dd20ab6847c1771

SHA256
480c4bf35f5f8bbc9dfaecc75efbaac4866ce5c51370dc7b45eb68c2a3153179

SHA512
13666db0e2e672aeb718566da561a3e9a98fc3db5ed42970406e9fed8c83f762a042a026d2d80bc835c7163cf05c629b330b991c9ead438df6cdddbeef6f5d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
3790fff65b6f231399fd45ce120365d8

SHA1
f3a6ffc8c46b9bd47ffe3e8504dc62ea90e00552

SHA256
2656c845651a8d9e7b8a46601321ce5307251911fa69433fdd0461a60e42ed0d

SHA512
86bbc91a2d809b07a4aa8d3c11ae0af57aa79c869c37fee187d90144e1975aed5a81baee948cad14d5e1cfa71b457baa6ed8567405d5be54a546c68bef60fe70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
788532003e877d3cc6cf3d474b5ff60b

SHA1
23d10e7b1629f4068f622d890be0b49c10effeeb

SHA256
c6ffe793daaafed931fc1da144bbe4ec8c3be06cb00a81ad2a63e1d8fe10c27d

SHA512
72f47ae74cc9ff7ac1ef43cfca9a9a17264c5dc52d7cbf687aab51d503962217e4ef6d62b90f3bf8f41f6ad78f02f8dc96a2615d7d2d42c3cbb61d0eedb54be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587f6c.TMP

Filesize
536B

MD5
b076b6084e695cb10a2b71174ecc2926

SHA1
a43dabcf5744f5bb2b27cf720e2fb1a4160e3773

SHA256
6e5219c1144cedaf002405f2152b37d22031a4e6486e12cc4492d6c28cf066c0

SHA512
923c04a0fdab50f718b52a5071f00fe6b4458030cd785bf1d2e29fd684a260a7d9e7e807b4a30739afc2a4becb372bb5c1b343a7e7529f057fa1d5b2ab9a4bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3dbf201d0ae5e7d35d0f38687cfada17

SHA1
b7b0df12987760e7c1e88e9640f6b9e0f50e88ff

SHA256
c412ad81eae7fe13a20f9c61ef8f8491101852ccf5089ced28062872f285a6f0

SHA512
afcf75f1ee56697e6e3a590c2d3a6a241ab496a8e25c35329c943c5ffe36476b233a8c7704d607b576248e39de686c8bf6ad894c910b0b9370db45193694a4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
32KB

MD5
d8fe65c30abbee1527e1494a1d8087ff

SHA1
4a2047dedfece8b849c38bb7db51c053b81d32a7

SHA256
df5749f16fc1a67f96e6fb9e80a09677c5ed65fbfe45841187a2718be1dbe7ea

SHA512
298db0f627558b4ceac5b5e55a9db930247d25d1f51a675dca6ff0be07ae4696272eef19e25bdf3a4dc8c59668c472e8b310bad4b986557f2685c84bfbba3655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
cd7f0dec0cade343c8ebe9bd6fa960ba

SHA1
3eb0f27ac4477c01cb30c057a36258b5222d5205

SHA256
ef19c4971c41e3383f82b06eaa2d9bf38232f779b7d9028af03e741475f0384d

SHA512
84434cd5185ee1f895f538fa045628dc573c3606caca4a1104935fdf9225df03f5e6759a4ac6b7aacf498e5a33821a97603135e1956e3080730b8ec2fba339ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
e358c968c8f886c10f2884dc10e1256f

SHA1
2f831b4b356fef32281a4fe2da5a24c919f58559

SHA256
babe8b96cdf579b66378184a142e3a1304f7b225aa1dcd7ef5b9f3ffc25e9162

SHA512
26630ba78374040cd7f79854fedc492a5f7fa63b20e1a7633350440d821a503b38f91c66e84f18e95f9ef65c4c3b3b969209a8fe04525555ca7c09257a257b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
58057efa7c02402a437835d01d495d8e

SHA1
513e335474839f07998cd882796f75d49c72cfeb

SHA256
3b346dd7d8d78a003e5843378421f963c14121da6641a357b3d1a0ffb2b8c3c2

SHA512
dd8f7dbb2342c6e554b13ef8a211d9280c20ff65adcdaf458e4d612a185bbfd89d42b3080c4a5d6bf415d779035b61f93ac4a95eb4bb7de9165f06ad38d06fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e68172a279e2793b55563bbbe1ee3012

SHA1
ae363ef7293c21d66f55fea1f4d488b8930df481

SHA256
851218123acdac684f4ea5de296c6fa8dbc68cb01286b08b9eb6ca9d53af9b66

SHA512
3cff6755e9a73f101c5389c39ee567df97f26e64b80ba9b59682ef5a4eb7f42e49847e71f9e7bbb5958fc7e2f6bdecdb418428753dc853dcef2370a612cb1adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
de2cadb8e062702217721a466d9cacb1

SHA1
6229c24f24c3eddd9cc6b911cbdc5339ef362632

SHA256
9763e80d68960746d5686a8ba772b6a3ab24df26c659c9f3517aeeaace459bb4

SHA512
8f9def2f34fd3d454fa96461e262072ddd9977471ac51d5625074887b7369cea82c2a31daebea79da9cdf969cf243a2765a3f0746681bb2a2116aba2a04e7ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11bd88e4b2ad58ee4ba3fe2b5e905fef

SHA1
0d266d6d5b5d49124cdb03e3542800298256f2ea

SHA256
ff54c407780e11903c13f3b0a2a47621fd7963a88840faa7fa9b37bdab366057

SHA512
ec73310f3167ed3ff63978d6714ff8ed389056c06ecb81299ffa9874390ebd5efcd8eab4a1dc03290c6d55071edaba585f1da3a5b73454ad7a1e0e8c8ad60445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b8b55ca170290970630809321ce5712

SHA1
cbb916096d171b06884e4f3f646c2013e5720cad

SHA256
90319fa929b20c754dd623fbe04dc7623e72a5049ba51668dbefb23555160c1f

SHA512
ad743ba31926993cd9686c50878410903545eaf045e4252a20ae7b6e8876bc6614fd8618d9ce5dd2115d7705fafc181a2db2e57d857508e0a07ec5691f4468d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b388be6fbdff58db1d9d2b0dac9360a7

SHA1
3947411b366ac3207615c64c2563ac285b581784

SHA256
53e6d751986de92c769937cb7c3a2f80697d57243e93001ae18ee391081231de

SHA512
0877fb71470bbfca2553d3dd21aef98ca5fd29aaeb9cf415f1fea36490a471731a5388afb6c702f5d4b6382b2dfb823a94b44439b0ecf2103e158f9f5b8613e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
3c4d01c50d8d8350b6c522daec677398

SHA1
1d59c1625300aa90e4c6434dbaabc7f4a7d2f441

SHA256
e8171f72e7e78c1ce6a5c6e14afaeb2e08c9328b6d1c536d8452a223d47740ff

SHA512
97b66a7d44eb85b482f0e61f04216e1e67a2514500c515f7f96bfa92e9545cbdb6b9b2111e02ec34837edc42cc61355d20c243978338abe7f98c737b553cbe59

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-90NF9.tmp\idp.dll

Filesize
2.6MB

MD5
347530853fd2439ce98bd9a4faf643a0

SHA1
5becda68c81b692a7352840a8d8841023cba7e93

SHA256
6280e78986521f8662e1408d7cfe3bab343aa043e4fa15c8fe9b424306b194d9

SHA512
d9be9bfe254d4c7297034d481ce6144d85a0a5c9cdf20c7d6906ea2091239ab39d26b9d7b651a750a16cbb7d984a0ffdf69027d97a6dc8bcca1a2fa162b88dfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A1QF2.tmp\MentalMentor.tmp

Filesize
3.0MB

MD5
0d041f22d598f3a63bdf0e66c448bdab

SHA1
591fc72ec32e7efe2e641dba38c3cd7b6d415450

SHA256
e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563

SHA512
5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

Download Submit
C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 945620.crdownload

Filesize
3.2MB

MD5
aee4dd798da9f13ac44fcd2eb5b6b296

SHA1
7079918f2ae966e78f7f234c088ce1feb7db00b9

SHA256
2952264b226a7f252a4195087e104e326cb2d70ae0ffb526c5051006059b0166

SHA512
95b6d31aa2ce2e9a58a23568f9e4cfd5fd13fe4e23bd71fb1218a45c17b0a273d8ac546414beb022f4386ffaacc34591d8a0b12c0e287197a5b52fbeea345a5b

Download Submit
memory/3732-562-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/3732-608-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/4500-575-0x0000000002540000-0x0000000002680000-memory.dmp

Filesize
1.2MB

Download
memory/4500-576-0x0000000002540000-0x0000000002680000-memory.dmp

Filesize
1.2MB

Download
memory/4500-609-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/4500-783-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download