Malware Analysis Report

2024-11-30 04:05

Sample ID 240408-a4b1zabf93
Target MentalMentor.exe
SHA256 4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec
Tags
discovery evasion persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec

Threat Level: Shows suspicious behavior

The file MentalMentor.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence spyware stealer

Reads user/profile data of web browsers

Adds Run key to start application

Modifies Windows Firewall

Checks computer location settings

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

NTFS ADS

Script User-Agent

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:45

Reported

2024-04-08 00:50

Platform

win7-20240221-en

Max time kernel

119s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2208 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
PID 2724 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
PID 2724 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 2724 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 2724 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 2724 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 2724 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 2636 wrote to memory of 240 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 2636 wrote to memory of 240 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 2636 wrote to memory of 240 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 2636 wrote to memory of 240 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 240 wrote to memory of 704 N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 240 wrote to memory of 704 N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 240 wrote to memory of 704 N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 240 wrote to memory of 704 N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe C:\Users\Admin\mentalmentor\mentalmentor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp

"C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp" /SL5="$40016,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe" install

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-breadcrumb2 --initial-client-data=0x358,0x35c,0x360,0x32c,0x364,0x73cc7b7c,0x73cc7b90,0x73cc7ba0

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe"

C:\Users\Admin\mentalmentor\mentalmentor.exe

--crashpad

Network

Country Destination Domain Proto
US 8.8.8.8:53 web.mymentalmentor.net udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49211 tcp
N/A 127.0.0.1:49217 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49222 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49227 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49230 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49234 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49243 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49247 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49253 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49673 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
N/A 127.0.0.1:49694 tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 o4505329939513344.ingest.sentry.io udp
US 34.120.195.249:443 o4505329939513344.ingest.sentry.io tcp
US 34.120.195.249:443 o4505329939513344.ingest.sentry.io tcp
NL 51.158.210.166:443 web.mymentalmentor.net tcp

Files

memory/2208-0-0x0000000000400000-0x00000000004DC000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp

MD5 0d041f22d598f3a63bdf0e66c448bdab
SHA1 591fc72ec32e7efe2e641dba38c3cd7b6d415450
SHA256 e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563
SHA512 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

memory/2724-7-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\idp.dll

MD5 59fd376f6e67cf49bfb0ac6724140e72
SHA1 e02a4185b9272ae6a3b5eaa4333905fc989698e2
SHA256 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5
SHA512 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb

memory/2724-14-0x0000000002050000-0x0000000002190000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\mentor-inno-lib.dll

MD5 8e8f2104c9a175fb576cdb208a08e6a3
SHA1 77f937b7ca2450c71db6075bfe71df266fd1854d
SHA256 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be
SHA512 e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6

memory/2724-15-0x0000000002050000-0x0000000002190000-memory.dmp

memory/2208-21-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/2724-22-0x0000000000400000-0x0000000000717000-memory.dmp

memory/2724-25-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2724-30-0x0000000000400000-0x0000000000717000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe

MD5 a51d90f2f9394f5ea0a3acae3bd2b219
SHA1 20fea1314dbed552d5fedee096e2050369172ee1
SHA256 ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f
SHA512 c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.dll

MD5 04ad4b80880b32c94be8d0886482c774
SHA1 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
SHA256 a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
SHA512 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_libs.7z

MD5 bce933e77a7cc5811406c2b289388304
SHA1 5326ed50ef6791f07421658f93cd0c8a0b9767c1
SHA256 0caed92104cf6c38085081338a3f38b7568adc5d51f4ef923277e0ca7802305a
SHA512 fda5a2327b8d67cfeb97a6cab9ac34d943c01baff4ccfdb6149b4b36c2b519f8d695363d9be7b20c6ae679eff78d45c969887bbea9f7a65562bcf3558888f490

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_bin.7z

MD5 17d7c4803b008681d8cc0f8d334eceb9
SHA1 58e8ec3c1f4c7273e1e9a563ee0bf8fb80b23c5e
SHA256 9f6020ff2cab2cce6d15fdf7495fbf8494a474ba5a7eaf04918296ffb039b1c8
SHA512 0499306ccaac2ff0fbd4d1e1e7928434f06c922e492fbe03ffece28d5e69ef22207e2d1be58b90fc9b8246c2efbdb1f55e62fdf99748b1f4d9f4b83a91ea6b42

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_lum.7z

MD5 aae7bd94dd15b8dfdcc9538d2005b86d
SHA1 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73
SHA256 e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15
SHA512 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41

C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_html.7z

MD5 aafa3fff44ab926b8906d63d49a7e98d
SHA1 40c45db5a011f121193a790663d79e2c925b263a
SHA256 4d0d4599417351498bd59cc89a7f41862fe83c957833d8628254cacc00ad6656
SHA512 7ca8bd19cbd8cabd1e55873ac7b642a982536d9eb7684c79eff6e329db336780e395ecdb3fa2f4030151d0ffa45a85f069aa1ca340a356b637f4e020b14e7855

memory/2724-445-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\mentalmentor\mentalmentor.exe

MD5 bb5bf8b01739c87245173b7c6ec5d7c4
SHA1 71df2b7b87eef61b70c8b8ad05f6ff52885c88f5
SHA256 50803a232bbfee632d529406b1f7e2cab54232f18c84b13bc4f21f4e8efe3638
SHA512 b3c8534e58594e07f78a280524338a6d7873a9881c36e4ae3195f8b08f1839489af344f40e5dd281dd594b5285ad0c376c12f697203983a8600d07e8f6ca542f

C:\Users\Admin\mentalmentor\sentry.dll

MD5 231c11192fa58f32794dc7fa6fec9f8c
SHA1 7bf5f9364a4251b91a274188f504d839e9b4c428
SHA256 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d
SHA512 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867

\Users\Admin\mentalmentor\msvcp140.dll

MD5 1fb93933fd087215a3c7b0800e6bb703
SHA1 a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb
SHA256 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01
SHA512 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

C:\Users\Admin\mentalmentor\VCRUNTIME140.dll

MD5 1b171f9a428c44acf85f89989007c328
SHA1 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
SHA256 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
SHA512 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

\Users\Admin\mentalmentor\api-ms-win-crt-runtime-l1-1-0.dll

MD5 ae3fa6bf777b0429b825fb6b028f8a48
SHA1 b53dbfdb7c8deaa9a05381f5ac2e596830039838
SHA256 66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb
SHA512 1339e7ce01916573e7fdd71e331eeee5e27b1ddd968cadfa6cbc73d58070b9c9f8d9515384af004e5e015bd743c7a629eb0c62a6c0fa420d75b069096c5d1ece

C:\Users\Admin\mentalmentor\ucrtbase.DLL

MD5 3e0303f978818e5c944f5485792696fd
SHA1 3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d
SHA256 7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1
SHA512 c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc

C:\Users\Admin\mentalmentor\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 ab8734c2328a46e7e9583befeb7085a2
SHA1 b4686f07d1217c77eb013153e6ff55b34be0af65
SHA256 921b7cf74744c4336f976db6750921b2a0960e8aa11268457f5ed27c0e13b2c8
SHA512 fd7e828f842deabf2dcdcea3e947dc3aa909c0b6a35c75fd64edc63c359ab97020876e6c59ad335a2a166437fa65f57433f86c1c2fe10a34b90d15d8592fe911

\Users\Admin\mentalmentor\api-ms-win-crt-math-l1-1-0.dll

MD5 d0d380af839124368a96d6aa82c7c8ae
SHA1 e2ac42f829085e0e5beea29fcff09e467810a777
SHA256 06985d00bf4985024e95442702bbdb53c2127e99f16440424f3380a88883f1a5
SHA512 daf3997922e18c0be088a15209c9f01cc1dda90972a6aadcf76de867b85d34483ad5e138e3fa321c7140bf8e455c2b908d0a4db6a9e35011786398656b886479

\Users\Admin\mentalmentor\api-ms-win-crt-locale-l1-1-0.dll

MD5 e70d8fe9d21841202b4fd1cf55d37ac5
SHA1 fa62fb609d15c8ad3b5a12618bcc50f0d95cdea3
SHA256 e087f611b3659151dfb674728202944a7c0fe71710f280840e00a5c4b640632d
SHA512 bd38bdf80defd4548580e7973d89ed29e1edd401f202c367a3ba0020678206da3acc9b4436c9a122e4efc32e80dbb39eb9bf08587e4febc8f14ec86a8993bcc8

\Users\Admin\mentalmentor\api-ms-win-crt-convert-l1-1-0.dll

MD5 5245f303e96166b8e625dd0a97e2d66a
SHA1 1c9ed748763f1ff5b14b8c791a4c29de753a96ab
SHA256 90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5
SHA512 af51f341670f925449e69c4b5f0a82f4fc4eb32913943272c32e3f3f18ee43b4afb78c0d7d2f965c1abe6a0f3a368616dd7a4fb74d83d22d1b69b405aef1e043

\Users\Admin\mentalmentor\api-ms-win-crt-stdio-l1-1-0.dll

MD5 32d7b95b1bce23db9fbd0578053ba87f
SHA1 7e14a34ac667a087f66d576c65cd6fe6c1dfdd34
SHA256 104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728
SHA512 7dad74a0e3820a8237bab48f4962fe43e5b60b00f003a5de563b4cf61ee206353c9689a639566dc009f41585b54b915ff04f014230f0f38416020e08c8a44cb4

\Users\Admin\mentalmentor\api-ms-win-crt-string-l1-1-0.dll

MD5 5e72659b38a2977984bbc23ed274f007
SHA1 ea622d608cc942bdb0fad118c8060b60b2e985c9
SHA256 44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea
SHA512 ed3cb656a5f5aee2cc04dd1f25b1390d52f3e85f0c7742ed0d473a117d2ac49e225a0cb324c31747d221617abcd6a9200c16dd840284bb29155726a3aa749bb1

\Users\Admin\mentalmentor\api-ms-win-crt-heap-l1-1-0.dll

MD5 39d81596a7308e978d67ad6fdccdd331
SHA1 a0b2d43dd1c27d8244d11495e16d9f4f889e34c4
SHA256 3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7
SHA512 0ef6578de4e6ba55eda64691892d114e154d288c419d05d6cff0ef4240118c20a4ce7f4174eec1a33397c6cd0135d13798dc91cc97416351775f9abf60fcae76

\Users\Admin\mentalmentor\api-ms-win-core-file-l1-2-0.dll

MD5 f6d1216e974fb76585fd350ebdc30648
SHA1 f8f73aa038e49d9fcf3bd05a30dc2e8cbbe54a7c
SHA256 348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271
SHA512 756ee21ba895179a5b6836b75aeefb75389b0fe4ae2aaff9ed84f33075094663117133c810ab2e697ec04eaffd54ff03efa3b9344e467a847acea9f732935843

\Users\Admin\mentalmentor\api-ms-win-core-processthreads-l1-1-1.dll

MD5 c2ead5fcce95a04d31810768a3d44d57
SHA1 96e791b4d217b3612b0263e8df2f00009d5af8d8
SHA256 42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62
SHA512 c90048481d8f0a5eda2eb6e7703b5a064f481bb7d8c78970408b374cb82e89febc2e36633f1f3e28323fb633d6a95aa1050a626cb0cb5ec62e9010491aae91f4

\Users\Admin\mentalmentor\api-ms-win-core-synch-l1-2-0.dll

MD5 f6b4d8d403d22eb87a60bf6e4a3e7041
SHA1 b51a63f258b57527549d5331c405eacc77969433
SHA256 25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270
SHA512 1acd8f7bc5d3ae1db46824b3a5548b33e56c9bac81dcd2e7d90fdbd1d3dd76f93cdf4d52a5f316728f92e623f73bc2ccd0bc505a259dff20c1a5a2eb2f12e41b

\Users\Admin\mentalmentor\api-ms-win-core-localization-l1-2-0.dll

MD5 3b9d034ca8a0345bc8f248927a86bf22
SHA1 95faf5007daf8ba712a5d17f865f0e7938da662b
SHA256 a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d
SHA512 04f0830878e0166ffd1220536592d0d7ec8aacd3f04340a8d91df24d728f34fbbd559432e5c35f256d231afe0ae926139d7503107cea09bfd720ad65e19d1cdc

\Users\Admin\mentalmentor\api-ms-win-core-file-l2-1-0.dll

MD5 bfb08fb09e8d68673f2f0213c59e2b97
SHA1 e1e5ff4e7dd1c902afbe195d3e9fd2a7d4a539f2
SHA256 6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e
SHA512 e4f33306f3d06ea5c8e539ebdb6926d5f818234f481ff4605a9d5698ae8f2afdf79f194acd0e55ac963383b78bb4c9311ee97f3a188e12fbf2ee13b35d409900

\Users\Admin\mentalmentor\api-ms-win-core-timezone-l1-1-0.dll

MD5 a20084f41b3f1c549d6625c790b72268
SHA1 e3669b8d89402a047bfbf9775d18438b0d95437e
SHA256 0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1
SHA512 ddf294a47dd80b3abfb3a0d82bc5f2b510d3734439f5a25da609edbbd9241ed78045114d011925d61c3d80b1ccd0283471b1dad4cf16e2194e9bc22e8abf278f

memory/2636-513-0x00000000006D0000-0x00000000006E0000-memory.dmp

memory/2636-516-0x00000000006F0000-0x00000000006FA000-memory.dmp

memory/2636-517-0x00000000006F0000-0x00000000006FA000-memory.dmp

memory/2724-526-0x0000000000400000-0x0000000000717000-memory.dmp

memory/2208-528-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-event

MD5 ecba0f6cff93dd9df1bbdae922126af2
SHA1 455e5384efa970903f4128f6a3f54d25c7f00efb
SHA256 ece8a723d3fed42e1718a1b0a1244e0917165621094f9ae54f1a41c406693149
SHA512 c7da265be7ed778603c29110d647c9ca9d71f7b77adf7f374fa6b405c3e6ea6986d66d077565fc108f1f8c2b950211029f8e1dd189abda1ab87984665f615b31

memory/704-557-0x00000000002A0000-0x00000000002B0000-memory.dmp

C:\Users\Admin\mentalmentor\sentry\reports\683e7786-56ed-47fd-b4ad-fbce09e2c4d7.dmp

MD5 ca373072b4b68a33d4690332ad4602a3
SHA1 cda8ab9fe4d38cdc5de504417550c1a160830a52
SHA256 0a164ba6965f3d255f9f5b79f38bda2ce250c8d6bb71bf54f1df8aff62b631a1
SHA512 b87c96ae89ca784920461c6b23824f69ec1a57e078ba633d11d9453d2957978557b61d90bff93a9e39c36b1d8b68f213fc02b465b14aeb92dbb36c6dff795b2b

memory/704-559-0x0000000000750000-0x000000000075A000-memory.dmp

memory/704-558-0x0000000000750000-0x000000000075A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:45

Reported

2024-04-08 00:50

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{E388BE1C-1EFB-4638-9415-04D4C4CAAA24} C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3932 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp
PID 3932 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp
PID 3932 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp
PID 4720 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
PID 4720 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4720 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4720 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4720 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4720 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4720 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4720 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 4720 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 4720 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 532 wrote to memory of 2852 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 532 wrote to memory of 2852 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 532 wrote to memory of 2852 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 532 wrote to memory of 3212 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\luminati\luminati.exe
PID 532 wrote to memory of 3212 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\luminati\luminati.exe
PID 532 wrote to memory of 3212 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\luminati\luminati.exe
PID 3212 wrote to memory of 4056 N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
PID 3212 wrote to memory of 4056 N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
PID 3212 wrote to memory of 4056 N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
PID 532 wrote to memory of 496 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 496 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 496 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
PID 532 wrote to memory of 2416 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp

"C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp" /SL5="$4016C,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=3136,i,3192284747741020952,1225278682167953346,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe" install

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\3cee93a0-c973-4a93-16ff-a6dc9a1b7157.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\3cee93a0-c973-4a93-16ff-a6dc9a1b7157.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\3cee93a0-c973-4a93-16ff-a6dc9a1b7157.run\__sentry-breadcrumb2 --initial-client-data=0x520,0x524,0x528,0x4ec,0x52c,0x73627b7c,0x73627b90,0x73627ba0

C:\Users\Admin\mentalmentor\luminati\luminati.exe

"C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe"

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3264 /prefetch:8

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3308 /prefetch:1

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4348 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 web.mymentalmentor.net udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 166.210.158.51.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 perr.lum-sdk.io udp
US 161.35.48.195:443 perr.lum-sdk.io tcp
US 8.8.8.8:53 195.48.35.161.in-addr.arpa udp
US 3.228.36.186:443 clientsdk.bright-sdk.com tcp
US 159.223.133.120:443 perr.lum-sdk.io tcp
US 8.8.8.8:53 perr.l-err.biz udp
US 159.223.133.120:443 perr.l-err.biz tcp
US 206.189.231.23:443 perr.l-err.biz tcp
US 8.8.8.8:53 186.36.228.3.in-addr.arpa udp
US 8.8.8.8:53 120.133.223.159.in-addr.arpa udp
US 8.8.8.8:53 23.231.189.206.in-addr.arpa udp
US 8.8.8.8:53 web.mentor-staging.mymentalmentor.net udp
FR 195.154.71.230:443 web.mentor-staging.mymentalmentor.net tcp
US 8.8.8.8:53 230.71.154.195.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 238.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 web.mymentalmentor.net udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 connect.facebook.net udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
GB 163.70.151.21:443 connect.facebook.net tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 232.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 227.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 privacy-cs.mail.ru udp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 89.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 api.mymentalmentor.net udp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mradx.net udp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.41.56:443 rs.mail.ru tcp
US 8.8.8.8:53 80.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 56.41.163.95.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
DE 216.58.212.170:443 chromewebstore.googleapis.com tcp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
US 8.8.8.8:53 170.212.58.216.in-addr.arpa udp

Files

memory/3932-0-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp

MD5 0d041f22d598f3a63bdf0e66c448bdab
SHA1 591fc72ec32e7efe2e641dba38c3cd7b6d415450
SHA256 e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563
SHA512 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

memory/4720-5-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\idp.dll

MD5 59fd376f6e67cf49bfb0ac6724140e72
SHA1 e02a4185b9272ae6a3b5eaa4333905fc989698e2
SHA256 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5
SHA512 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb

memory/4720-12-0x00000000024F0000-0x0000000002630000-memory.dmp

memory/4720-13-0x00000000024F0000-0x0000000002630000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\mentor-inno-lib.dll

MD5 8e8f2104c9a175fb576cdb208a08e6a3
SHA1 77f937b7ca2450c71db6075bfe71df266fd1854d
SHA256 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be
SHA512 e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6

memory/3932-18-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4720-19-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4720-28-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4720-29-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe

MD5 a51d90f2f9394f5ea0a3acae3bd2b219
SHA1 20fea1314dbed552d5fedee096e2050369172ee1
SHA256 ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f
SHA512 c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.dll

MD5 04ad4b80880b32c94be8d0886482c774
SHA1 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
SHA256 a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
SHA512 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_libs.7z

MD5 bce933e77a7cc5811406c2b289388304
SHA1 5326ed50ef6791f07421658f93cd0c8a0b9767c1
SHA256 0caed92104cf6c38085081338a3f38b7568adc5d51f4ef923277e0ca7802305a
SHA512 fda5a2327b8d67cfeb97a6cab9ac34d943c01baff4ccfdb6149b4b36c2b519f8d695363d9be7b20c6ae679eff78d45c969887bbea9f7a65562bcf3558888f490

memory/4720-176-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_bin.7z

MD5 17d7c4803b008681d8cc0f8d334eceb9
SHA1 58e8ec3c1f4c7273e1e9a563ee0bf8fb80b23c5e
SHA256 9f6020ff2cab2cce6d15fdf7495fbf8494a474ba5a7eaf04918296ffb039b1c8
SHA512 0499306ccaac2ff0fbd4d1e1e7928434f06c922e492fbe03ffece28d5e69ef22207e2d1be58b90fc9b8246c2efbdb1f55e62fdf99748b1f4d9f4b83a91ea6b42

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_lum.7z

MD5 aae7bd94dd15b8dfdcc9538d2005b86d
SHA1 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73
SHA256 e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15
SHA512 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41

C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_html.7z

MD5 aafa3fff44ab926b8906d63d49a7e98d
SHA1 40c45db5a011f121193a790663d79e2c925b263a
SHA256 4d0d4599417351498bd59cc89a7f41862fe83c957833d8628254cacc00ad6656
SHA512 7ca8bd19cbd8cabd1e55873ac7b642a982536d9eb7684c79eff6e329db336780e395ecdb3fa2f4030151d0ffa45a85f069aa1ca340a356b637f4e020b14e7855

C:\Users\Admin\mentalmentor\mentalmentor.exe

MD5 bb5bf8b01739c87245173b7c6ec5d7c4
SHA1 71df2b7b87eef61b70c8b8ad05f6ff52885c88f5
SHA256 50803a232bbfee632d529406b1f7e2cab54232f18c84b13bc4f21f4e8efe3638
SHA512 b3c8534e58594e07f78a280524338a6d7873a9881c36e4ae3195f8b08f1839489af344f40e5dd281dd594b5285ad0c376c12f697203983a8600d07e8f6ca542f

C:\Users\Admin\mentalmentor\sentry.dll

MD5 231c11192fa58f32794dc7fa6fec9f8c
SHA1 7bf5f9364a4251b91a274188f504d839e9b4c428
SHA256 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d
SHA512 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867

C:\Users\Admin\mentalmentor\Qt5WebEngineCore.dll

MD5 d1b13b694c699e25cae33128924f8123
SHA1 9a24e859601f50cde47b29fe31b649dcaa84ef20
SHA256 de71b3d6da8162d229dc030d344561306bd7d96ae7e3ab3d922771efdd22c542
SHA512 0a6af5bf509985be60bc5aa0dba8d37f338798e7b6ab5075c6948026207c6be48114c7960c08ef7edc3315f697122394e79750451883778d1f214e3222aa8a6c

C:\Users\Admin\mentalmentor\Qt5Core.dll

MD5 7d180286e9c071c7bc3a6bc2ace792ac
SHA1 f5947d69aeaacc8a378721f3750b049cc41dddef
SHA256 4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4
SHA512 9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167

C:\Users\Admin\mentalmentor\Qt5Quick.dll

MD5 07266e7d049ac4499f34ce281f3a50d7
SHA1 257968090b95fae67f92f82db9cab1f7613d75e3
SHA256 5f246016691ff883243ee9b3c9215eb16b859b12aefc5f4bbd2fbda3911883de
SHA512 d7f9ce2fb11de178d6d38a5580c503c21fed6777067b8a8259f9fe35b44047040b705903db4ed3fbac821806cbd5ca1db0f5fcbec68cdc49282dc0e63a3257c3

C:\Users\Admin\mentalmentor\Qt5QmlModels.dll

MD5 78e8091feb2e6ce5646459db0ea9e465
SHA1 1731d2d47cfe21394f208f7baff7ea1f2e702546
SHA256 065c8d687dc74964123f4bb06319565b163b164ab09dadc1eb6929ee19755735
SHA512 b3fdf745336c7473b9afa57432379ff32ca5105eb956779da16de3cd55453af54e1420e5f514a1bd9f78107dad4ef719089640cfd0f144d8b7a36e3e39e319d5

C:\Users\Admin\mentalmentor\Qt5Qml.dll

MD5 7cda5037206a57cadd50b5f032876a8e
SHA1 314b671b27e9602a66396ec37bdd6e70bb180d92
SHA256 e45f26ebbc2b0499e0e90f1666fd13f1bb2bed1073e828d30b6a3a70599d4bc9
SHA512 1450a79b017b4809c83c2fc4ef53df926e3a725959b6e378c5a55c853d2151a2ba70272848962931c58596fb4174601e3defedb120fd0a211d57be9d1908ee3e

C:\Users\Admin\mentalmentor\Qt5Positioning.dll

MD5 7564b2125d2554c98d92d20295d0515a
SHA1 1604d1ab6e424cab14e1f985f288b4197023f548
SHA256 1225b627e5267a9a758af530e7fc842e3ac1c054647ae061a524f8a059a87879
SHA512 cae8d731ee8cc5be31403bd32a7118075f0b708bca667a7c41eb876f15d60570b61626fecc1fe61b69313d7305ffaae80209c35bd68e02a48229692621633922

C:\Users\Admin\mentalmentor\platforms\qwindows.dll

MD5 b2af81698f607061986109b4a9004819
SHA1 36a789f49738de6a10bfe82a282ee7e5fefd396b
SHA256 4d1eaf41136ac3faefb76f5cf2efe8e7f8a11fd6a943a8b11f2f2a8be5cfe19b
SHA512 1786885032c3a7f4b4d6624dc0f1365322619f6ed92417a8671fe0a36e20016e677f254da0909395a5b4d0f4c3403072eed8c1471dc3b729cb2d687c4f78b6c4

C:\Users\Admin\mentalmentor\libGLESv2.dll

MD5 7ff6836c626bbc7f0833a66aa77a7a7f
SHA1 9ad21c1a5df940999ba9f884d21868d3b69e7155
SHA256 8cfc024d09a6784486da7dc0ebfd90c0c8136b27c08ec1c3f352cd4fa43b9273
SHA512 8ff378b9d2a1058396ff5e9795f7bd25fc3092f94b9274447c849c19294569197f6920bda448a3e2c06b012ba1468d75f2b26ed1bd4e54191f28ca209bf41697

C:\Users\Admin\mentalmentor\styles\qwindowsvistastyle.dll

MD5 53af56ea898bb82775fdd0f940c429d2
SHA1 5675fd1243ea87e59256b05e5a7c6c64298312ea
SHA256 547606fc8a6b20a2616a4f390c6cf0e7aa713f6ad53bae23c8d1b021885aab0e
SHA512 401f9b346a3da18e750cf26cc05e1013ec8446955344d0e353012abdcb4af4e836515531b1bef4c2fa5a07ec5b41a9cd74c68e39b977e43f9ad1a06ac32fa27e

C:\Users\Admin\mentalmentor\libEGL.dll

MD5 371aeb50f7816108b346b67ef2b11e1a
SHA1 5de780b46d7663d1615727edaba32b5709286d38
SHA256 12903d93a7f57b479401602a533849e6f813ff5c2c92f3a02d468fc98e7ac1d5
SHA512 4aff94adbd97948766c7839220e15000a4defb7d46b5502872b16225e8c5b85b6b674b632455afbb3db729d5f2e9666b32b8db282ea3499ebd84fe4ce11d9631

memory/4720-468-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\mentalmentor\msvcp140_1.dll

MD5 cb8e791faf8a711f9863f759f37fd316
SHA1 ab7a1a33574364d8bfbeace46bda3c8192faf379
SHA256 f1efc4a0f0aef50477fc979642a51b1cdcd23c689f98afa9f5a039f5f05904f0
SHA512 30a30ffcb3514649d2aa747d4036eef50dbfd986d1bf8e5e855f74a5c55db61c4d77444378eddcb73a251cb22fe4f8658a0aa7989a78552b36a7fed5bfcc1a2c

memory/3932-492-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/532-490-0x0000000002910000-0x0000000002920000-memory.dmp

C:\Users\Admin\mentalmentor\Qt5QuickWidgets.dll

MD5 0c1210b83e965e391ec725811f4c233f
SHA1 156b414ee4d78df6efc37717434dd4428cc5f9d0
SHA256 ee8ecdb086359fefc14f82cc2aac7b572a471264ff756e848615cafce72c98b0
SHA512 b82e5f871cf4b57b7bfd34d6413b070adbb63872ef12e2a1bcede47a59721d210f843e2eb6d15ccfd66578bfb71afd1e57b61815a0951919245a5499066140df

C:\Users\Admin\mentalmentor\Qt5PrintSupport.dll

MD5 83fb40d5ab3108f18832b78574404b62
SHA1 0f6ae59ca205ca75a8ecf02d0e0ed5203f894685
SHA256 74e737dda4f666c28f9543bde9cee526a18d0088a780b497ad7c1772b3cadd4e
SHA512 8b9763c3ae94178a350e355f436bcc8b1802064eb2e968327afa423688035c2aa3ae7989cb4d0f61231e1a7aee86a2635626ccdcfceeca3058d99520f4e38d1a

C:\Users\Admin\mentalmentor\Qt5Network.dll

MD5 2e3db1cd1ec59d08706438258e86ea30
SHA1 bc20b1e40049386e6bea3f448a6852bc879a8821
SHA256 37275f3ea79d15a2792bf21f71f1df825f201cf8b33aa1f94ca93d62d76b216c
SHA512 0c0e0e02ccadc3f2b3f6c8cbf2c162fb73734b0b244c80048968a6fe268450a270a3f92b155daf6268fef246d26ad417e6cec224133fd66e6ffb3a5394b04358

C:\Users\Admin\mentalmentor\vcruntime140.dll

MD5 1b171f9a428c44acf85f89989007c328
SHA1 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
SHA256 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
SHA512 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

C:\Users\Admin\mentalmentor\msvcp140.dll

MD5 1fb93933fd087215a3c7b0800e6bb703
SHA1 a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb
SHA256 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01
SHA512 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

C:\Users\Admin\mentalmentor\Qt5WebChannel.dll

MD5 3a180dcd023884b1cfc2ce66b57f4931
SHA1 1a8d719ffa5bfe24d7addbf480772a4b256c49c2
SHA256 34e5cf82808bba7dd544fd83ab0a88ec6c336d7e00319a4b8389f8c4d4d2ebab
SHA512 e4b0234dbdd09d5da8817621d25f10ccb3666e95c002d7cbecb3735ff1a111703792fecbd80871f3559d403107f55c1b02932f3a4351262a4c6db3c271d7d84f

C:\Users\Admin\mentalmentor\Qt5Gui.dll

MD5 5b0f3d5b1b29b5e650375093c7afa243
SHA1 1920cbc98bd46a3a72bcfb45caefcfa2649a92e6
SHA256 80016776efea2b2a838c3ffa4c82e5f146baff68c36073c0c34668809d1c4297
SHA512 9db9a90ab5a1a768e079cf9b10f1da868ac7dae774e90e139ee047c9c8fb43cc5b3e01ae3724ea74efd64409eeeafbcda4f04da3e86265575a3831a4fc69cc8c

C:\Users\Admin\mentalmentor\Qt5Widgets.dll

MD5 da70580648a398ab1c5336ee9ec631ca
SHA1 fa67a8a2d7f7930a45974dcb7a12e56914bf0a57
SHA256 600285754e7eee7239b9d252dbed5c9d2c9c4c432751b8953dcb2e8b45e0408a
SHA512 83d85df1717a5b1dd5b31f5ab33e73d1442027a719af7fdcd20d578598f436d63e7cf58287cbe34dbee8d5b0464a68dfd471d8ec6a95a3168eb8639864a7adfc

C:\Users\Admin\mentalmentor\Qt5WebEngineWidgets.dll

MD5 41a53eae6b03d8521b34b12ed71da21d
SHA1 d4697400d43d2fba849cbe009bc7f26b0212df60
SHA256 c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c
SHA512 0254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65

C:\Users\Admin\mentalmentor\libcrypto-1_1.dll

MD5 d5a5e2b8e937e31c881dafd4179f5536
SHA1 8e2fa5c30b71da58196c2033be847937b3d0ff0a
SHA256 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3
SHA512 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268

memory/4056-499-0x000000006A540000-0x000000006ACF0000-memory.dmp

memory/4056-500-0x0000000000740000-0x0000000000748000-memory.dmp

memory/4056-501-0x0000000004F60000-0x0000000004F82000-memory.dmp

memory/4056-502-0x0000000004FF0000-0x0000000005000000-memory.dmp

memory/4056-503-0x0000000005210000-0x0000000005248000-memory.dmp

memory/4056-504-0x0000000004FD0000-0x0000000004FDE000-memory.dmp

memory/4056-506-0x000000006A540000-0x000000006ACF0000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll

MD5 c6030e74a4597da324a77da97cb33ada
SHA1 d015867cf7aca7a93f0912e1dccbafb1b2f4e04f
SHA256 44147c861e95842b7cf885afdd84935e28566514b3dccf6a1f8fb97df21aa21c
SHA512 25484367903290a2daa7d847a4db6ee72dba137ca4ee5410824d9d84618a0aa41bd33ae55475efe4f9034409b8e8c97daacbc82dd56c75ad29aaeed478be28db

memory/3212-537-0x0000000003490000-0x00000000034A0000-memory.dmp

memory/3212-539-0x0000000006630000-0x0000000006D50000-memory.dmp

memory/3212-540-0x0000000069E20000-0x000000006A5D0000-memory.dmp

memory/3212-541-0x0000000005F10000-0x000000000661C000-memory.dmp

memory/3212-542-0x0000000003490000-0x00000000034A0000-memory.dmp

memory/3212-543-0x0000000003CB0000-0x0000000003CD2000-memory.dmp

memory/3212-544-0x0000000007050000-0x00000000073A4000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id

MD5 9e9e520b64f26fea485899d529a54375
SHA1 fceb560e0ec86c000a252c56fa92627943fc7516
SHA256 ea4a5b3d66b0d7c82602f5125257bbf0ac6ab982d0ca32ef8cd02574740794aa
SHA512 152940ef756dfd6596209e33e9b9fa6f5c75d2ce401cd41a69c956be5adacdec6f26f2b1d7830c9d27077087fcc0014bcd62ad9c4b1e814d0eeaaf3addcd96c9

memory/3212-573-0x0000000008120000-0x000000000864C000-memory.dmp

memory/3212-574-0x0000000003490000-0x00000000034A0000-memory.dmp

memory/3212-584-0x000000000A8F0000-0x000000000A8F8000-memory.dmp

memory/3212-585-0x000000000CC40000-0x000000000CCD2000-memory.dmp

memory/3212-589-0x000000000D860000-0x000000000D9E6000-memory.dmp

memory/3212-590-0x0000000003490000-0x00000000034A0000-memory.dmp

memory/3212-591-0x0000000069E20000-0x000000006A5D0000-memory.dmp

memory/3212-592-0x0000000003490000-0x00000000034A0000-memory.dmp

memory/3212-593-0x0000000003490000-0x00000000034A0000-memory.dmp

memory/3212-613-0x0000000069E20000-0x000000006A5D0000-memory.dmp

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/532-778-0x0000000000D50000-0x0000000000D60000-memory.dmp

memory/532-779-0x0000000000D50000-0x0000000000D60000-memory.dmp

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\96750768-937c-4805-93a9-a90e078349c6.tmp

MD5 eaa64d746f1d47c2d5834de590eaa274
SHA1 4b49d07251fa1bbeecc6df1cdc63073ecdc6ae37
SHA256 946cae89492308c1cd4f6a9ebb073b7e49021608da0d65ef3bb8a4ab53a5e725
SHA512 ab008af6833c724d6fc88679351cd685ed68c65df0fe12cf453a34d898ac54de012934df6624d7011a34d05b93ba1007b365b2ba34fdde00e7cd772ca710b5fb

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\TransportSecurity~RFe59a59d.TMP

MD5 b191b3d6f579ad5b113985e9cd80d02e
SHA1 84c5aa4c712ffd6f18985806961b86696ab77f8a
SHA256 886c55c819cd7f9066737b81e4c6784016e46e90f2fc87e83f36bdaaf3f86e78
SHA512 e837a52ad151c20c9bc74f421930458e777365f4eb094caa3eef2bfb741a7570b6044fb3e0cb80636e2e9337230ff8ff0d689c06b71aadda0a6bde8681bce2a6