Analysis Overview
SHA256
4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec
Threat Level: Shows suspicious behavior
The file MentalMentor.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Adds Run key to start application
Modifies Windows Firewall
Checks computer location settings
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
NTFS ADS
Script User-Agent
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:45
Reported
2024-04-08 00:50
Platform
win7-20240221-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe
"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"
C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp" /SL5="$40016,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
C:\Windows\SysWOW64\netsh.exe
"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
C:\Windows\SysWOW64\netsh.exe
"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
C:\Users\Admin\mentalmentor\mentalmentor.exe
"C:\Users\Admin\mentalmentor\mentalmentor.exe" install
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-breadcrumb2 --initial-client-data=0x358,0x35c,0x360,0x32c,0x364,0x73cc7b7c,0x73cc7b90,0x73cc7ba0
C:\Users\Admin\mentalmentor\mentalmentor.exe
"C:\Users\Admin\mentalmentor\mentalmentor.exe"
C:\Users\Admin\mentalmentor\mentalmentor.exe
--crashpad
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.mymentalmentor.net | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49211 | tcp | |
| N/A | 127.0.0.1:49217 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49222 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49227 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49230 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49234 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49243 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49247 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49253 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49673 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| N/A | 127.0.0.1:49694 | tcp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | o4505329939513344.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o4505329939513344.ingest.sentry.io | tcp |
| US | 34.120.195.249:443 | o4505329939513344.ingest.sentry.io | tcp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
Files
memory/2208-0-0x0000000000400000-0x00000000004DC000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-TJ95K.tmp\MentalMentor.tmp
| MD5 | 0d041f22d598f3a63bdf0e66c448bdab |
| SHA1 | 591fc72ec32e7efe2e641dba38c3cd7b6d415450 |
| SHA256 | e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563 |
| SHA512 | 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210 |
memory/2724-7-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\idp.dll
| MD5 | 59fd376f6e67cf49bfb0ac6724140e72 |
| SHA1 | e02a4185b9272ae6a3b5eaa4333905fc989698e2 |
| SHA256 | 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5 |
| SHA512 | 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb |
memory/2724-14-0x0000000002050000-0x0000000002190000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\mentor-inno-lib.dll
| MD5 | 8e8f2104c9a175fb576cdb208a08e6a3 |
| SHA1 | 77f937b7ca2450c71db6075bfe71df266fd1854d |
| SHA256 | 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be |
| SHA512 | e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6 |
memory/2724-15-0x0000000002050000-0x0000000002190000-memory.dmp
memory/2208-21-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/2724-22-0x0000000000400000-0x0000000000717000-memory.dmp
memory/2724-25-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2724-30-0x0000000000400000-0x0000000000717000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.exe
| MD5 | a51d90f2f9394f5ea0a3acae3bd2b219 |
| SHA1 | 20fea1314dbed552d5fedee096e2050369172ee1 |
| SHA256 | ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f |
| SHA512 | c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6 |
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\7z.dll
| MD5 | 04ad4b80880b32c94be8d0886482c774 |
| SHA1 | 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0 |
| SHA256 | a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338 |
| SHA512 | 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb |
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_libs.7z
| MD5 | bce933e77a7cc5811406c2b289388304 |
| SHA1 | 5326ed50ef6791f07421658f93cd0c8a0b9767c1 |
| SHA256 | 0caed92104cf6c38085081338a3f38b7568adc5d51f4ef923277e0ca7802305a |
| SHA512 | fda5a2327b8d67cfeb97a6cab9ac34d943c01baff4ccfdb6149b4b36c2b519f8d695363d9be7b20c6ae679eff78d45c969887bbea9f7a65562bcf3558888f490 |
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_bin.7z
| MD5 | 17d7c4803b008681d8cc0f8d334eceb9 |
| SHA1 | 58e8ec3c1f4c7273e1e9a563ee0bf8fb80b23c5e |
| SHA256 | 9f6020ff2cab2cce6d15fdf7495fbf8494a474ba5a7eaf04918296ffb039b1c8 |
| SHA512 | 0499306ccaac2ff0fbd4d1e1e7928434f06c922e492fbe03ffece28d5e69ef22207e2d1be58b90fc9b8246c2efbdb1f55e62fdf99748b1f4d9f4b83a91ea6b42 |
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_lum.7z
| MD5 | aae7bd94dd15b8dfdcc9538d2005b86d |
| SHA1 | 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73 |
| SHA256 | e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15 |
| SHA512 | 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41 |
C:\Users\Admin\AppData\Local\Temp\is-6FKI9.tmp\zip_html.7z
| MD5 | aafa3fff44ab926b8906d63d49a7e98d |
| SHA1 | 40c45db5a011f121193a790663d79e2c925b263a |
| SHA256 | 4d0d4599417351498bd59cc89a7f41862fe83c957833d8628254cacc00ad6656 |
| SHA512 | 7ca8bd19cbd8cabd1e55873ac7b642a982536d9eb7684c79eff6e329db336780e395ecdb3fa2f4030151d0ffa45a85f069aa1ca340a356b637f4e020b14e7855 |
memory/2724-445-0x0000000000400000-0x0000000000717000-memory.dmp
C:\Users\Admin\mentalmentor\mentalmentor.exe
| MD5 | bb5bf8b01739c87245173b7c6ec5d7c4 |
| SHA1 | 71df2b7b87eef61b70c8b8ad05f6ff52885c88f5 |
| SHA256 | 50803a232bbfee632d529406b1f7e2cab54232f18c84b13bc4f21f4e8efe3638 |
| SHA512 | b3c8534e58594e07f78a280524338a6d7873a9881c36e4ae3195f8b08f1839489af344f40e5dd281dd594b5285ad0c376c12f697203983a8600d07e8f6ca542f |
C:\Users\Admin\mentalmentor\sentry.dll
| MD5 | 231c11192fa58f32794dc7fa6fec9f8c |
| SHA1 | 7bf5f9364a4251b91a274188f504d839e9b4c428 |
| SHA256 | 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d |
| SHA512 | 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867 |
\Users\Admin\mentalmentor\msvcp140.dll
| MD5 | 1fb93933fd087215a3c7b0800e6bb703 |
| SHA1 | a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb |
| SHA256 | 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01 |
| SHA512 | 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e |
C:\Users\Admin\mentalmentor\VCRUNTIME140.dll
| MD5 | 1b171f9a428c44acf85f89989007c328 |
| SHA1 | 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae |
| SHA256 | 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c |
| SHA512 | 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1 |
\Users\Admin\mentalmentor\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | ae3fa6bf777b0429b825fb6b028f8a48 |
| SHA1 | b53dbfdb7c8deaa9a05381f5ac2e596830039838 |
| SHA256 | 66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb |
| SHA512 | 1339e7ce01916573e7fdd71e331eeee5e27b1ddd968cadfa6cbc73d58070b9c9f8d9515384af004e5e015bd743c7a629eb0c62a6c0fa420d75b069096c5d1ece |
C:\Users\Admin\mentalmentor\ucrtbase.DLL
| MD5 | 3e0303f978818e5c944f5485792696fd |
| SHA1 | 3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d |
| SHA256 | 7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1 |
| SHA512 | c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc |
C:\Users\Admin\mentalmentor\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | ab8734c2328a46e7e9583befeb7085a2 |
| SHA1 | b4686f07d1217c77eb013153e6ff55b34be0af65 |
| SHA256 | 921b7cf74744c4336f976db6750921b2a0960e8aa11268457f5ed27c0e13b2c8 |
| SHA512 | fd7e828f842deabf2dcdcea3e947dc3aa909c0b6a35c75fd64edc63c359ab97020876e6c59ad335a2a166437fa65f57433f86c1c2fe10a34b90d15d8592fe911 |
\Users\Admin\mentalmentor\api-ms-win-crt-math-l1-1-0.dll
| MD5 | d0d380af839124368a96d6aa82c7c8ae |
| SHA1 | e2ac42f829085e0e5beea29fcff09e467810a777 |
| SHA256 | 06985d00bf4985024e95442702bbdb53c2127e99f16440424f3380a88883f1a5 |
| SHA512 | daf3997922e18c0be088a15209c9f01cc1dda90972a6aadcf76de867b85d34483ad5e138e3fa321c7140bf8e455c2b908d0a4db6a9e35011786398656b886479 |
\Users\Admin\mentalmentor\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | e70d8fe9d21841202b4fd1cf55d37ac5 |
| SHA1 | fa62fb609d15c8ad3b5a12618bcc50f0d95cdea3 |
| SHA256 | e087f611b3659151dfb674728202944a7c0fe71710f280840e00a5c4b640632d |
| SHA512 | bd38bdf80defd4548580e7973d89ed29e1edd401f202c367a3ba0020678206da3acc9b4436c9a122e4efc32e80dbb39eb9bf08587e4febc8f14ec86a8993bcc8 |
\Users\Admin\mentalmentor\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 5245f303e96166b8e625dd0a97e2d66a |
| SHA1 | 1c9ed748763f1ff5b14b8c791a4c29de753a96ab |
| SHA256 | 90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5 |
| SHA512 | af51f341670f925449e69c4b5f0a82f4fc4eb32913943272c32e3f3f18ee43b4afb78c0d7d2f965c1abe6a0f3a368616dd7a4fb74d83d22d1b69b405aef1e043 |
\Users\Admin\mentalmentor\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 32d7b95b1bce23db9fbd0578053ba87f |
| SHA1 | 7e14a34ac667a087f66d576c65cd6fe6c1dfdd34 |
| SHA256 | 104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728 |
| SHA512 | 7dad74a0e3820a8237bab48f4962fe43e5b60b00f003a5de563b4cf61ee206353c9689a639566dc009f41585b54b915ff04f014230f0f38416020e08c8a44cb4 |
\Users\Admin\mentalmentor\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 5e72659b38a2977984bbc23ed274f007 |
| SHA1 | ea622d608cc942bdb0fad118c8060b60b2e985c9 |
| SHA256 | 44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea |
| SHA512 | ed3cb656a5f5aee2cc04dd1f25b1390d52f3e85f0c7742ed0d473a117d2ac49e225a0cb324c31747d221617abcd6a9200c16dd840284bb29155726a3aa749bb1 |
\Users\Admin\mentalmentor\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 39d81596a7308e978d67ad6fdccdd331 |
| SHA1 | a0b2d43dd1c27d8244d11495e16d9f4f889e34c4 |
| SHA256 | 3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7 |
| SHA512 | 0ef6578de4e6ba55eda64691892d114e154d288c419d05d6cff0ef4240118c20a4ce7f4174eec1a33397c6cd0135d13798dc91cc97416351775f9abf60fcae76 |
\Users\Admin\mentalmentor\api-ms-win-core-file-l1-2-0.dll
| MD5 | f6d1216e974fb76585fd350ebdc30648 |
| SHA1 | f8f73aa038e49d9fcf3bd05a30dc2e8cbbe54a7c |
| SHA256 | 348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271 |
| SHA512 | 756ee21ba895179a5b6836b75aeefb75389b0fe4ae2aaff9ed84f33075094663117133c810ab2e697ec04eaffd54ff03efa3b9344e467a847acea9f732935843 |
\Users\Admin\mentalmentor\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | c2ead5fcce95a04d31810768a3d44d57 |
| SHA1 | 96e791b4d217b3612b0263e8df2f00009d5af8d8 |
| SHA256 | 42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62 |
| SHA512 | c90048481d8f0a5eda2eb6e7703b5a064f481bb7d8c78970408b374cb82e89febc2e36633f1f3e28323fb633d6a95aa1050a626cb0cb5ec62e9010491aae91f4 |
\Users\Admin\mentalmentor\api-ms-win-core-synch-l1-2-0.dll
| MD5 | f6b4d8d403d22eb87a60bf6e4a3e7041 |
| SHA1 | b51a63f258b57527549d5331c405eacc77969433 |
| SHA256 | 25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270 |
| SHA512 | 1acd8f7bc5d3ae1db46824b3a5548b33e56c9bac81dcd2e7d90fdbd1d3dd76f93cdf4d52a5f316728f92e623f73bc2ccd0bc505a259dff20c1a5a2eb2f12e41b |
\Users\Admin\mentalmentor\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 3b9d034ca8a0345bc8f248927a86bf22 |
| SHA1 | 95faf5007daf8ba712a5d17f865f0e7938da662b |
| SHA256 | a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d |
| SHA512 | 04f0830878e0166ffd1220536592d0d7ec8aacd3f04340a8d91df24d728f34fbbd559432e5c35f256d231afe0ae926139d7503107cea09bfd720ad65e19d1cdc |
\Users\Admin\mentalmentor\api-ms-win-core-file-l2-1-0.dll
| MD5 | bfb08fb09e8d68673f2f0213c59e2b97 |
| SHA1 | e1e5ff4e7dd1c902afbe195d3e9fd2a7d4a539f2 |
| SHA256 | 6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e |
| SHA512 | e4f33306f3d06ea5c8e539ebdb6926d5f818234f481ff4605a9d5698ae8f2afdf79f194acd0e55ac963383b78bb4c9311ee97f3a188e12fbf2ee13b35d409900 |
\Users\Admin\mentalmentor\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | a20084f41b3f1c549d6625c790b72268 |
| SHA1 | e3669b8d89402a047bfbf9775d18438b0d95437e |
| SHA256 | 0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1 |
| SHA512 | ddf294a47dd80b3abfb3a0d82bc5f2b510d3734439f5a25da609edbbd9241ed78045114d011925d61c3d80b1ccd0283471b1dad4cf16e2194e9bc22e8abf278f |
memory/2636-513-0x00000000006D0000-0x00000000006E0000-memory.dmp
memory/2636-516-0x00000000006F0000-0x00000000006FA000-memory.dmp
memory/2636-517-0x00000000006F0000-0x00000000006FA000-memory.dmp
memory/2724-526-0x0000000000400000-0x0000000000717000-memory.dmp
memory/2208-528-0x0000000000400000-0x00000000004DC000-memory.dmp
C:\Users\Admin\mentalmentor\sentry\0411b8cd-0eb1-4e76-e5fa-1ec59f90589f.run\__sentry-event
| MD5 | ecba0f6cff93dd9df1bbdae922126af2 |
| SHA1 | 455e5384efa970903f4128f6a3f54d25c7f00efb |
| SHA256 | ece8a723d3fed42e1718a1b0a1244e0917165621094f9ae54f1a41c406693149 |
| SHA512 | c7da265be7ed778603c29110d647c9ca9d71f7b77adf7f374fa6b405c3e6ea6986d66d077565fc108f1f8c2b950211029f8e1dd189abda1ab87984665f615b31 |
memory/704-557-0x00000000002A0000-0x00000000002B0000-memory.dmp
C:\Users\Admin\mentalmentor\sentry\reports\683e7786-56ed-47fd-b4ad-fbce09e2c4d7.dmp
| MD5 | ca373072b4b68a33d4690332ad4602a3 |
| SHA1 | cda8ab9fe4d38cdc5de504417550c1a160830a52 |
| SHA256 | 0a164ba6965f3d255f9f5b79f38bda2ce250c8d6bb71bf54f1df8aff62b631a1 |
| SHA512 | b87c96ae89ca784920461c6b23824f69ec1a57e078ba633d11d9453d2957978557b61d90bff93a9e39c36b1d8b68f213fc02b465b14aeb92dbb36c6dff795b2b |
memory/704-559-0x0000000000750000-0x000000000075A000-memory.dmp
memory/704-558-0x0000000000750000-0x000000000075A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:45
Reported
2024-04-08 00:50
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
| N/A | N/A | C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{E388BE1C-1EFB-4638-9415-04D4C4CAAA24} | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe
"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"
C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp" /SL5="$4016C,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=3136,i,3192284747741020952,1225278682167953346,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
C:\Windows\SysWOW64\netsh.exe
"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
C:\Windows\SysWOW64\netsh.exe
"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
C:\Users\Admin\mentalmentor\mentalmentor.exe
"C:\Users\Admin\mentalmentor\mentalmentor.exe" install
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\3cee93a0-c973-4a93-16ff-a6dc9a1b7157.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\3cee93a0-c973-4a93-16ff-a6dc9a1b7157.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\3cee93a0-c973-4a93-16ff-a6dc9a1b7157.run\__sentry-breadcrumb2 --initial-client-data=0x520,0x524,0x528,0x4ec,0x52c,0x73627b7c,0x73627b90,0x73627ba0
C:\Users\Admin\mentalmentor\luminati\luminati.exe
"C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
C:\Users\Admin\mentalmentor\mentalmentor.exe
"C:\Users\Admin\mentalmentor\mentalmentor.exe"
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3264 /prefetch:8
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3308 /prefetch:1
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4348 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web.mymentalmentor.net | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 166.210.158.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perr.lum-sdk.io | udp |
| US | 161.35.48.195:443 | perr.lum-sdk.io | tcp |
| US | 8.8.8.8:53 | 195.48.35.161.in-addr.arpa | udp |
| US | 3.228.36.186:443 | clientsdk.bright-sdk.com | tcp |
| US | 159.223.133.120:443 | perr.lum-sdk.io | tcp |
| US | 8.8.8.8:53 | perr.l-err.biz | udp |
| US | 159.223.133.120:443 | perr.l-err.biz | tcp |
| US | 206.189.231.23:443 | perr.l-err.biz | tcp |
| US | 8.8.8.8:53 | 186.36.228.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.133.223.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.231.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web.mentor-staging.mymentalmentor.net | udp |
| FR | 195.154.71.230:443 | web.mentor-staging.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 230.71.154.195.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 238.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web.mymentalmentor.net | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | privacy-cs.mail.ru | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mymentalmentor.net | udp |
| US | 8.8.8.8:53 | rs.mail.ru | udp |
| US | 8.8.8.8:53 | r.mradx.net | udp |
| RU | 95.163.52.80:443 | r.mradx.net | tcp |
| RU | 95.163.52.80:443 | r.mradx.net | tcp |
| RU | 95.163.52.80:443 | r.mradx.net | tcp |
| RU | 95.163.52.80:443 | r.mradx.net | tcp |
| RU | 95.163.41.56:443 | rs.mail.ru | tcp |
| US | 8.8.8.8:53 | 80.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.41.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| DE | 216.58.212.170:443 | chromewebstore.googleapis.com | tcp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | 170.212.58.216.in-addr.arpa | udp |
Files
memory/3932-0-0x0000000000400000-0x00000000004DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-I7EL9.tmp\MentalMentor.tmp
| MD5 | 0d041f22d598f3a63bdf0e66c448bdab |
| SHA1 | 591fc72ec32e7efe2e641dba38c3cd7b6d415450 |
| SHA256 | e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563 |
| SHA512 | 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210 |
memory/4720-5-0x0000000000EC0000-0x0000000000EC1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\idp.dll
| MD5 | 59fd376f6e67cf49bfb0ac6724140e72 |
| SHA1 | e02a4185b9272ae6a3b5eaa4333905fc989698e2 |
| SHA256 | 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5 |
| SHA512 | 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb |
memory/4720-12-0x00000000024F0000-0x0000000002630000-memory.dmp
memory/4720-13-0x00000000024F0000-0x0000000002630000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\mentor-inno-lib.dll
| MD5 | 8e8f2104c9a175fb576cdb208a08e6a3 |
| SHA1 | 77f937b7ca2450c71db6075bfe71df266fd1854d |
| SHA256 | 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be |
| SHA512 | e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6 |
memory/3932-18-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/4720-19-0x0000000000400000-0x0000000000717000-memory.dmp
memory/4720-28-0x0000000000400000-0x0000000000717000-memory.dmp
memory/4720-29-0x0000000000EC0000-0x0000000000EC1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.exe
| MD5 | a51d90f2f9394f5ea0a3acae3bd2b219 |
| SHA1 | 20fea1314dbed552d5fedee096e2050369172ee1 |
| SHA256 | ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f |
| SHA512 | c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6 |
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\7z.dll
| MD5 | 04ad4b80880b32c94be8d0886482c774 |
| SHA1 | 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0 |
| SHA256 | a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338 |
| SHA512 | 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb |
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_libs.7z
| MD5 | bce933e77a7cc5811406c2b289388304 |
| SHA1 | 5326ed50ef6791f07421658f93cd0c8a0b9767c1 |
| SHA256 | 0caed92104cf6c38085081338a3f38b7568adc5d51f4ef923277e0ca7802305a |
| SHA512 | fda5a2327b8d67cfeb97a6cab9ac34d943c01baff4ccfdb6149b4b36c2b519f8d695363d9be7b20c6ae679eff78d45c969887bbea9f7a65562bcf3558888f490 |
memory/4720-176-0x0000000000400000-0x0000000000717000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_bin.7z
| MD5 | 17d7c4803b008681d8cc0f8d334eceb9 |
| SHA1 | 58e8ec3c1f4c7273e1e9a563ee0bf8fb80b23c5e |
| SHA256 | 9f6020ff2cab2cce6d15fdf7495fbf8494a474ba5a7eaf04918296ffb039b1c8 |
| SHA512 | 0499306ccaac2ff0fbd4d1e1e7928434f06c922e492fbe03ffece28d5e69ef22207e2d1be58b90fc9b8246c2efbdb1f55e62fdf99748b1f4d9f4b83a91ea6b42 |
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_lum.7z
| MD5 | aae7bd94dd15b8dfdcc9538d2005b86d |
| SHA1 | 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73 |
| SHA256 | e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15 |
| SHA512 | 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41 |
C:\Users\Admin\AppData\Local\Temp\is-OTUCT.tmp\zip_html.7z
| MD5 | aafa3fff44ab926b8906d63d49a7e98d |
| SHA1 | 40c45db5a011f121193a790663d79e2c925b263a |
| SHA256 | 4d0d4599417351498bd59cc89a7f41862fe83c957833d8628254cacc00ad6656 |
| SHA512 | 7ca8bd19cbd8cabd1e55873ac7b642a982536d9eb7684c79eff6e329db336780e395ecdb3fa2f4030151d0ffa45a85f069aa1ca340a356b637f4e020b14e7855 |
C:\Users\Admin\mentalmentor\mentalmentor.exe
| MD5 | bb5bf8b01739c87245173b7c6ec5d7c4 |
| SHA1 | 71df2b7b87eef61b70c8b8ad05f6ff52885c88f5 |
| SHA256 | 50803a232bbfee632d529406b1f7e2cab54232f18c84b13bc4f21f4e8efe3638 |
| SHA512 | b3c8534e58594e07f78a280524338a6d7873a9881c36e4ae3195f8b08f1839489af344f40e5dd281dd594b5285ad0c376c12f697203983a8600d07e8f6ca542f |
C:\Users\Admin\mentalmentor\sentry.dll
| MD5 | 231c11192fa58f32794dc7fa6fec9f8c |
| SHA1 | 7bf5f9364a4251b91a274188f504d839e9b4c428 |
| SHA256 | 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d |
| SHA512 | 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867 |
C:\Users\Admin\mentalmentor\Qt5WebEngineCore.dll
| MD5 | d1b13b694c699e25cae33128924f8123 |
| SHA1 | 9a24e859601f50cde47b29fe31b649dcaa84ef20 |
| SHA256 | de71b3d6da8162d229dc030d344561306bd7d96ae7e3ab3d922771efdd22c542 |
| SHA512 | 0a6af5bf509985be60bc5aa0dba8d37f338798e7b6ab5075c6948026207c6be48114c7960c08ef7edc3315f697122394e79750451883778d1f214e3222aa8a6c |
C:\Users\Admin\mentalmentor\Qt5Core.dll
| MD5 | 7d180286e9c071c7bc3a6bc2ace792ac |
| SHA1 | f5947d69aeaacc8a378721f3750b049cc41dddef |
| SHA256 | 4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4 |
| SHA512 | 9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167 |
C:\Users\Admin\mentalmentor\Qt5Quick.dll
| MD5 | 07266e7d049ac4499f34ce281f3a50d7 |
| SHA1 | 257968090b95fae67f92f82db9cab1f7613d75e3 |
| SHA256 | 5f246016691ff883243ee9b3c9215eb16b859b12aefc5f4bbd2fbda3911883de |
| SHA512 | d7f9ce2fb11de178d6d38a5580c503c21fed6777067b8a8259f9fe35b44047040b705903db4ed3fbac821806cbd5ca1db0f5fcbec68cdc49282dc0e63a3257c3 |
C:\Users\Admin\mentalmentor\Qt5QmlModels.dll
| MD5 | 78e8091feb2e6ce5646459db0ea9e465 |
| SHA1 | 1731d2d47cfe21394f208f7baff7ea1f2e702546 |
| SHA256 | 065c8d687dc74964123f4bb06319565b163b164ab09dadc1eb6929ee19755735 |
| SHA512 | b3fdf745336c7473b9afa57432379ff32ca5105eb956779da16de3cd55453af54e1420e5f514a1bd9f78107dad4ef719089640cfd0f144d8b7a36e3e39e319d5 |
C:\Users\Admin\mentalmentor\Qt5Qml.dll
| MD5 | 7cda5037206a57cadd50b5f032876a8e |
| SHA1 | 314b671b27e9602a66396ec37bdd6e70bb180d92 |
| SHA256 | e45f26ebbc2b0499e0e90f1666fd13f1bb2bed1073e828d30b6a3a70599d4bc9 |
| SHA512 | 1450a79b017b4809c83c2fc4ef53df926e3a725959b6e378c5a55c853d2151a2ba70272848962931c58596fb4174601e3defedb120fd0a211d57be9d1908ee3e |
C:\Users\Admin\mentalmentor\Qt5Positioning.dll
| MD5 | 7564b2125d2554c98d92d20295d0515a |
| SHA1 | 1604d1ab6e424cab14e1f985f288b4197023f548 |
| SHA256 | 1225b627e5267a9a758af530e7fc842e3ac1c054647ae061a524f8a059a87879 |
| SHA512 | cae8d731ee8cc5be31403bd32a7118075f0b708bca667a7c41eb876f15d60570b61626fecc1fe61b69313d7305ffaae80209c35bd68e02a48229692621633922 |
C:\Users\Admin\mentalmentor\platforms\qwindows.dll
| MD5 | b2af81698f607061986109b4a9004819 |
| SHA1 | 36a789f49738de6a10bfe82a282ee7e5fefd396b |
| SHA256 | 4d1eaf41136ac3faefb76f5cf2efe8e7f8a11fd6a943a8b11f2f2a8be5cfe19b |
| SHA512 | 1786885032c3a7f4b4d6624dc0f1365322619f6ed92417a8671fe0a36e20016e677f254da0909395a5b4d0f4c3403072eed8c1471dc3b729cb2d687c4f78b6c4 |
C:\Users\Admin\mentalmentor\libGLESv2.dll
| MD5 | 7ff6836c626bbc7f0833a66aa77a7a7f |
| SHA1 | 9ad21c1a5df940999ba9f884d21868d3b69e7155 |
| SHA256 | 8cfc024d09a6784486da7dc0ebfd90c0c8136b27c08ec1c3f352cd4fa43b9273 |
| SHA512 | 8ff378b9d2a1058396ff5e9795f7bd25fc3092f94b9274447c849c19294569197f6920bda448a3e2c06b012ba1468d75f2b26ed1bd4e54191f28ca209bf41697 |
C:\Users\Admin\mentalmentor\styles\qwindowsvistastyle.dll
| MD5 | 53af56ea898bb82775fdd0f940c429d2 |
| SHA1 | 5675fd1243ea87e59256b05e5a7c6c64298312ea |
| SHA256 | 547606fc8a6b20a2616a4f390c6cf0e7aa713f6ad53bae23c8d1b021885aab0e |
| SHA512 | 401f9b346a3da18e750cf26cc05e1013ec8446955344d0e353012abdcb4af4e836515531b1bef4c2fa5a07ec5b41a9cd74c68e39b977e43f9ad1a06ac32fa27e |
C:\Users\Admin\mentalmentor\libEGL.dll
| MD5 | 371aeb50f7816108b346b67ef2b11e1a |
| SHA1 | 5de780b46d7663d1615727edaba32b5709286d38 |
| SHA256 | 12903d93a7f57b479401602a533849e6f813ff5c2c92f3a02d468fc98e7ac1d5 |
| SHA512 | 4aff94adbd97948766c7839220e15000a4defb7d46b5502872b16225e8c5b85b6b674b632455afbb3db729d5f2e9666b32b8db282ea3499ebd84fe4ce11d9631 |
memory/4720-468-0x0000000000400000-0x0000000000717000-memory.dmp
C:\Users\Admin\mentalmentor\msvcp140_1.dll
| MD5 | cb8e791faf8a711f9863f759f37fd316 |
| SHA1 | ab7a1a33574364d8bfbeace46bda3c8192faf379 |
| SHA256 | f1efc4a0f0aef50477fc979642a51b1cdcd23c689f98afa9f5a039f5f05904f0 |
| SHA512 | 30a30ffcb3514649d2aa747d4036eef50dbfd986d1bf8e5e855f74a5c55db61c4d77444378eddcb73a251cb22fe4f8658a0aa7989a78552b36a7fed5bfcc1a2c |
memory/3932-492-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/532-490-0x0000000002910000-0x0000000002920000-memory.dmp
C:\Users\Admin\mentalmentor\Qt5QuickWidgets.dll
| MD5 | 0c1210b83e965e391ec725811f4c233f |
| SHA1 | 156b414ee4d78df6efc37717434dd4428cc5f9d0 |
| SHA256 | ee8ecdb086359fefc14f82cc2aac7b572a471264ff756e848615cafce72c98b0 |
| SHA512 | b82e5f871cf4b57b7bfd34d6413b070adbb63872ef12e2a1bcede47a59721d210f843e2eb6d15ccfd66578bfb71afd1e57b61815a0951919245a5499066140df |
C:\Users\Admin\mentalmentor\Qt5PrintSupport.dll
| MD5 | 83fb40d5ab3108f18832b78574404b62 |
| SHA1 | 0f6ae59ca205ca75a8ecf02d0e0ed5203f894685 |
| SHA256 | 74e737dda4f666c28f9543bde9cee526a18d0088a780b497ad7c1772b3cadd4e |
| SHA512 | 8b9763c3ae94178a350e355f436bcc8b1802064eb2e968327afa423688035c2aa3ae7989cb4d0f61231e1a7aee86a2635626ccdcfceeca3058d99520f4e38d1a |
C:\Users\Admin\mentalmentor\Qt5Network.dll
| MD5 | 2e3db1cd1ec59d08706438258e86ea30 |
| SHA1 | bc20b1e40049386e6bea3f448a6852bc879a8821 |
| SHA256 | 37275f3ea79d15a2792bf21f71f1df825f201cf8b33aa1f94ca93d62d76b216c |
| SHA512 | 0c0e0e02ccadc3f2b3f6c8cbf2c162fb73734b0b244c80048968a6fe268450a270a3f92b155daf6268fef246d26ad417e6cec224133fd66e6ffb3a5394b04358 |
C:\Users\Admin\mentalmentor\vcruntime140.dll
| MD5 | 1b171f9a428c44acf85f89989007c328 |
| SHA1 | 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae |
| SHA256 | 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c |
| SHA512 | 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1 |
C:\Users\Admin\mentalmentor\msvcp140.dll
| MD5 | 1fb93933fd087215a3c7b0800e6bb703 |
| SHA1 | a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb |
| SHA256 | 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01 |
| SHA512 | 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e |
C:\Users\Admin\mentalmentor\Qt5WebChannel.dll
| MD5 | 3a180dcd023884b1cfc2ce66b57f4931 |
| SHA1 | 1a8d719ffa5bfe24d7addbf480772a4b256c49c2 |
| SHA256 | 34e5cf82808bba7dd544fd83ab0a88ec6c336d7e00319a4b8389f8c4d4d2ebab |
| SHA512 | e4b0234dbdd09d5da8817621d25f10ccb3666e95c002d7cbecb3735ff1a111703792fecbd80871f3559d403107f55c1b02932f3a4351262a4c6db3c271d7d84f |
C:\Users\Admin\mentalmentor\Qt5Gui.dll
| MD5 | 5b0f3d5b1b29b5e650375093c7afa243 |
| SHA1 | 1920cbc98bd46a3a72bcfb45caefcfa2649a92e6 |
| SHA256 | 80016776efea2b2a838c3ffa4c82e5f146baff68c36073c0c34668809d1c4297 |
| SHA512 | 9db9a90ab5a1a768e079cf9b10f1da868ac7dae774e90e139ee047c9c8fb43cc5b3e01ae3724ea74efd64409eeeafbcda4f04da3e86265575a3831a4fc69cc8c |
C:\Users\Admin\mentalmentor\Qt5Widgets.dll
| MD5 | da70580648a398ab1c5336ee9ec631ca |
| SHA1 | fa67a8a2d7f7930a45974dcb7a12e56914bf0a57 |
| SHA256 | 600285754e7eee7239b9d252dbed5c9d2c9c4c432751b8953dcb2e8b45e0408a |
| SHA512 | 83d85df1717a5b1dd5b31f5ab33e73d1442027a719af7fdcd20d578598f436d63e7cf58287cbe34dbee8d5b0464a68dfd471d8ec6a95a3168eb8639864a7adfc |
C:\Users\Admin\mentalmentor\Qt5WebEngineWidgets.dll
| MD5 | 41a53eae6b03d8521b34b12ed71da21d |
| SHA1 | d4697400d43d2fba849cbe009bc7f26b0212df60 |
| SHA256 | c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c |
| SHA512 | 0254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65 |
C:\Users\Admin\mentalmentor\libcrypto-1_1.dll
| MD5 | d5a5e2b8e937e31c881dafd4179f5536 |
| SHA1 | 8e2fa5c30b71da58196c2033be847937b3d0ff0a |
| SHA256 | 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3 |
| SHA512 | 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268 |
memory/4056-499-0x000000006A540000-0x000000006ACF0000-memory.dmp
memory/4056-500-0x0000000000740000-0x0000000000748000-memory.dmp
memory/4056-501-0x0000000004F60000-0x0000000004F82000-memory.dmp
memory/4056-502-0x0000000004FF0000-0x0000000005000000-memory.dmp
memory/4056-503-0x0000000005210000-0x0000000005248000-memory.dmp
memory/4056-504-0x0000000004FD0000-0x0000000004FDE000-memory.dmp
memory/4056-506-0x000000006A540000-0x000000006ACF0000-memory.dmp
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll
| MD5 | c6030e74a4597da324a77da97cb33ada |
| SHA1 | d015867cf7aca7a93f0912e1dccbafb1b2f4e04f |
| SHA256 | 44147c861e95842b7cf885afdd84935e28566514b3dccf6a1f8fb97df21aa21c |
| SHA512 | 25484367903290a2daa7d847a4db6ee72dba137ca4ee5410824d9d84618a0aa41bd33ae55475efe4f9034409b8e8c97daacbc82dd56c75ad29aaeed478be28db |
memory/3212-537-0x0000000003490000-0x00000000034A0000-memory.dmp
memory/3212-539-0x0000000006630000-0x0000000006D50000-memory.dmp
memory/3212-540-0x0000000069E20000-0x000000006A5D0000-memory.dmp
memory/3212-541-0x0000000005F10000-0x000000000661C000-memory.dmp
memory/3212-542-0x0000000003490000-0x00000000034A0000-memory.dmp
memory/3212-543-0x0000000003CB0000-0x0000000003CD2000-memory.dmp
memory/3212-544-0x0000000007050000-0x00000000073A4000-memory.dmp
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id
| MD5 | 9e9e520b64f26fea485899d529a54375 |
| SHA1 | fceb560e0ec86c000a252c56fa92627943fc7516 |
| SHA256 | ea4a5b3d66b0d7c82602f5125257bbf0ac6ab982d0ca32ef8cd02574740794aa |
| SHA512 | 152940ef756dfd6596209e33e9b9fa6f5c75d2ce401cd41a69c956be5adacdec6f26f2b1d7830c9d27077087fcc0014bcd62ad9c4b1e814d0eeaaf3addcd96c9 |
memory/3212-573-0x0000000008120000-0x000000000864C000-memory.dmp
memory/3212-574-0x0000000003490000-0x00000000034A0000-memory.dmp
memory/3212-584-0x000000000A8F0000-0x000000000A8F8000-memory.dmp
memory/3212-585-0x000000000CC40000-0x000000000CCD2000-memory.dmp
memory/3212-589-0x000000000D860000-0x000000000D9E6000-memory.dmp
memory/3212-590-0x0000000003490000-0x00000000034A0000-memory.dmp
memory/3212-591-0x0000000069E20000-0x000000006A5D0000-memory.dmp
memory/3212-592-0x0000000003490000-0x00000000034A0000-memory.dmp
memory/3212-593-0x0000000003490000-0x00000000034A0000-memory.dmp
memory/3212-613-0x0000000069E20000-0x000000006A5D0000-memory.dmp
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/532-778-0x0000000000D50000-0x0000000000D60000-memory.dmp
memory/532-779-0x0000000000D50000-0x0000000000D60000-memory.dmp
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\96750768-937c-4805-93a9-a90e078349c6.tmp
| MD5 | eaa64d746f1d47c2d5834de590eaa274 |
| SHA1 | 4b49d07251fa1bbeecc6df1cdc63073ecdc6ae37 |
| SHA256 | 946cae89492308c1cd4f6a9ebb073b7e49021608da0d65ef3bb8a4ab53a5e725 |
| SHA512 | ab008af6833c724d6fc88679351cd685ed68c65df0fe12cf453a34d898ac54de012934df6624d7011a34d05b93ba1007b365b2ba34fdde00e7cd772ca710b5fb |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\TransportSecurity~RFe59a59d.TMP
| MD5 | b191b3d6f579ad5b113985e9cd80d02e |
| SHA1 | 84c5aa4c712ffd6f18985806961b86696ab77f8a |
| SHA256 | 886c55c819cd7f9066737b81e4c6784016e46e90f2fc87e83f36bdaaf3f86e78 |
| SHA512 | e837a52ad151c20c9bc74f421930458e777365f4eb094caa3eef2bfb741a7570b6044fb3e0cb80636e2e9337230ff8ff0d689c06b71aadda0a6bde8681bce2a6 |