Malware Analysis Report

2024-11-30 04:05

Sample ID 240408-cgkeyadf3w
Target MentalMentor.exe
SHA256 4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec
Tags
discovery evasion persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec

Threat Level: Shows suspicious behavior

The file MentalMentor.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence spyware stealer

Reads user/profile data of web browsers

Adds Run key to start application

Modifies Windows Firewall

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Checks installed software on the system

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Script User-Agent

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Modifies system certificate store

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 02:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 02:02

Reported

2024-04-08 02:13

Platform

win10-20240404-en

Max time kernel

621s

Max time network

625s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "976" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 17b8af535989da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "418704060" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1810" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "1631" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1174" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1130" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "English Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "I 0069 Y 0079 IX 0268 YX 0289 UU 026F U 0075 IH 026A YH 028F UH 028A E 0065 EU 00F8 EX 0258 OX 0275 OU 0264 O 006F AX 0259 EH 025B OE 0153 ER 025C UR 025E AH 028C AO 0254 AE 00E6 AEX 0250 A 0061 AOE 0276 AA 0251 Q 0252 EI 006503610069 AU 00610361028A OI 025403610069 AI 006103610069 IYX 006903610259 UYX 007903610259 EHX 025B03610259 UWX 007503610259 OWX 006F03610259 AOX 025403610259 EN 00650303 AN 00610303 ON 006F0303 OEN 01530303 P 0070 B 0062 M 006D BB 0299 PH 0278 BH 03B2 MF 0271 F 0066 V 0076 VA 028B TH 03B8 DH 00F0 T 0074 D 0064 N 006E RR 0072 DX 027E S 0073 Z 007A LSH 026C LH 026E RA 0279 L 006C SH 0283 ZH 0292 TR 0288 DR 0256 NR 0273 DXR 027D SR 0282 ZR 0290 R 027B LR 026D CT 0063 JD 025F NJ 0272 C 00E7 CJ 029D J 006A LJ 028E W 0077 K 006B G 0067 NG 014B X 0078 GH 0263 GA 0270 GL 029F QT 0071 QD 0262 QN 0274 QQ 0280 QH 03C7 RH 0281 HH 0127 HG 0295 GT 0294 H 0068 WJ 0265 PF 007003610066 TS 007403610073 CH 007403610283 JH 006403610292 JJ 006A0361006A DZ 00640361007A CC 007403610255 JC 006403610291 TSR 007403610282 WH 028D ESH 029C EZH 02A2 ET 02A1 SC 0255 ZC 0291 LT 027A SHX 0267 HZ 0266 PCK 0298 TCK 01C0 NCK 0021 CCK 01C2 LCK 01C1 BIM 0253 DIM 0257 QIM 029B GIM 0260 JIM 0284 S1 02C8 S2 02CC . 002E _| 007C _|| 2016 lng 02D0 hlg 02D1 xsh 02D8 _^ 203F _! 0001 _& 0002 _, 0003 _s 0004 _. 2198 _? 2197 T5 030B T4 0301 T3 0304 T2 0300 T1 030F T- 2193 T+ 2191 vls 030A vcd 032C bvd 0324 cvd 0330 asp 02B0 mrd 0339 lrd 031C adv 031F ret 0331 cen 0308 mcn 033D syl 0329 nsy 032F rho 02DE lla 033C lab 02B7 pal 02B2 vel 02E0 phr 02E4 vph 0334 rai 031D low 031E atr 0318 rtr 0319 den 032A api 033A lam 033B nas 0303 nsr 207F lar 02E1 nar 031A ejc 02BC + 0361 bva 02B1 G2 0261 rte 0320 vsl 0325 NCK3 0297 NCK2 01C3 LCK2 0296 TCK2 0287 JC2 02A5 CC2 02A8 LG 026B DZ2 02A3 TS2 02A6 JH2 02A4 CH2 02A7 SHC 0286 rhz 02B4 QOM 02A0 xst 0306 T= 2192 ERR 025D AXR 025A ZHJ 0293" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "409;9" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\Total = "136" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "453" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 206725ad8b89da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "136" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "332" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b87f38485989da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2013.1022" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033David" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "1088" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "1130" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "53" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bfd3ca475989da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "You have selected %1 as the default voice." C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\mentalmentor\mentalmentor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5080 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp
PID 5080 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp
PID 5080 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp
PID 4668 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
PID 4668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4668 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4668 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4668 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Windows\SysWOW64\netsh.exe
PID 4668 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 4668 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 4668 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp C:\Users\Admin\mentalmentor\mentalmentor.exe
PID 4324 wrote to memory of 4884 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 4324 wrote to memory of 4884 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 4324 wrote to memory of 4884 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
PID 4324 wrote to memory of 4744 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\luminati\luminati.exe
PID 4324 wrote to memory of 4744 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\luminati\luminati.exe
PID 4324 wrote to memory of 4744 N/A C:\Users\Admin\mentalmentor\mentalmentor.exe C:\Users\Admin\mentalmentor\luminati\luminati.exe
PID 4744 wrote to memory of 372 N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
PID 4744 wrote to memory of 372 N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
PID 4744 wrote to memory of 372 N/A C:\Users\Admin\mentalmentor\luminati\luminati.exe C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2376 wrote to memory of 488 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp" /SL5="$50202,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes

C:\Windows\SysWOW64\netsh.exe

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe" install

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe

C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\98cf48b6-0262-4660-0d39-02130f5185c6.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\98cf48b6-0262-4660-0d39-02130f5185c6.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\98cf48b6-0262-4660-0d39-02130f5185c6.run\__sentry-breadcrumb2 --initial-client-data=0x4e4,0x4e8,0x4ec,0x4b0,0x4f0,0x72017b7c,0x72017b90,0x72017ba0

C:\Users\Admin\mentalmentor\luminati\luminati.exe

"C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe

C:\Users\Admin\mentalmentor\mentalmentor.exe

"C:\Users\Admin\mentalmentor\mentalmentor.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3524 /prefetch:8

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3632 /prefetch:1

C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe

"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4496 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 web.mymentalmentor.net udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 166.210.158.51.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 78.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 perr.lum-sdk.io udp
US 161.35.48.195:443 perr.lum-sdk.io tcp
US 8.8.8.8:53 195.48.35.161.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 3.228.36.186:443 clientsdk.bright-sdk.com tcp
US 206.189.231.23:443 perr.lum-sdk.io tcp
US 8.8.8.8:53 perr.l-err.biz udp
US 192.81.214.145:443 perr.l-err.biz tcp
US 161.35.48.195:443 perr.l-err.biz tcp
US 8.8.8.8:53 186.36.228.3.in-addr.arpa udp
US 8.8.8.8:53 23.231.189.206.in-addr.arpa udp
US 8.8.8.8:53 145.214.81.192.in-addr.arpa udp
US 8.8.8.8:53 web.mentor-staging.mymentalmentor.net udp
US 192.81.214.145:443 perr.l-err.biz tcp
FR 195.154.71.230:443 web.mentor-staging.mymentalmentor.net tcp
US 8.8.8.8:53 230.71.154.195.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 brightdata.com udp
US 104.18.24.60:443 brightdata.com tcp
US 104.18.24.60:443 brightdata.com tcp
US 8.8.8.8:53 67.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 60.24.18.104.in-addr.arpa udp
US 104.18.24.60:443 brightdata.com tcp
US 104.18.24.60:443 brightdata.com tcp
US 8.8.8.8:53 web.mymentalmentor.net udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 232.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 api.mymentalmentor.net udp
US 8.8.8.8:53 privacy-cs.mail.ru udp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 89.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.userway.org udp
GB 195.181.164.16:443 cdn.userway.org tcp
GB 195.181.164.16:443 cdn.userway.org tcp
US 8.8.8.8:53 16.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 api.userway.org udp
US 54.190.247.174:443 api.userway.org tcp
US 54.190.247.174:443 api.userway.org tcp
US 8.8.8.8:53 eulady.thesmilingelbows.com udp
FR 3.162.38.109:443 eulady.thesmilingelbows.com tcp
FR 3.162.38.109:443 eulady.thesmilingelbows.com tcp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 130.211.5.208:443 cdn.mxpnl.com tcp
US 130.211.5.208:443 cdn.mxpnl.com tcp
US 104.16.138.209:443 js.hs-scripts.com tcp
US 104.16.138.209:443 js.hs-scripts.com tcp
US 2.17.251.25:443 snap.licdn.com tcp
US 2.17.251.25:443 snap.licdn.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 204.79.197.237:443 bat.bing.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 174.247.190.54.in-addr.arpa udp
US 8.8.8.8:53 109.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 208.5.211.130.in-addr.arpa udp
US 8.8.8.8:53 209.138.16.104.in-addr.arpa udp
US 8.8.8.8:53 25.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
DE 172.217.16.206:443 analytics.google.com tcp
DE 172.217.16.206:443 analytics.google.com tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 142.250.186.34:443 googleads.g.doubleclick.net tcp
DE 142.250.186.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 104.16.80.186:443 js.hs-analytics.net tcp
US 104.16.80.186:443 js.hs-analytics.net tcp
US 8.8.8.8:53 c.clarity.ms udp
US 104.18.34.229:443 js.hs-banner.com tcp
US 104.18.34.229:443 js.hs-banner.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 163.128.155.18.in-addr.arpa udp
US 8.8.8.8:53 206.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 34.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 229.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
DE 172.217.16.196:443 www.google.com tcp
DE 172.217.16.196:443 www.google.com tcp
FR 52.222.162.93:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 track.hubspot.com udp
US 104.16.118.116:443 track.hubspot.com tcp
US 104.16.118.116:443 track.hubspot.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
FR 52.222.162.93:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 196.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 93.162.222.52.in-addr.arpa udp
US 8.8.8.8:53 116.118.16.104.in-addr.arpa udp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
US 8.8.8.8:53 automn.thesmilingelbows.com udp
IE 3.248.162.96:443 automn.thesmilingelbows.com tcp
IE 3.248.162.96:443 automn.thesmilingelbows.com tcp
US 8.8.8.8:53 96.162.248.3.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 107.178.240.159:443 api-js.mixpanel.com tcp
US 107.178.240.159:443 api-js.mixpanel.com tcp
US 8.8.8.8:53 159.240.178.107.in-addr.arpa udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
IE 3.248.162.96:443 automn.thesmilingelbows.com tcp
IE 3.248.162.96:443 automn.thesmilingelbows.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp

Files

memory/5080-0-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp

MD5 0d041f22d598f3a63bdf0e66c448bdab
SHA1 591fc72ec32e7efe2e641dba38c3cd7b6d415450
SHA256 e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563
SHA512 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

memory/4668-5-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\idp.dll

MD5 59fd376f6e67cf49bfb0ac6724140e72
SHA1 e02a4185b9272ae6a3b5eaa4333905fc989698e2
SHA256 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5
SHA512 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb

memory/4668-12-0x00000000024F0000-0x0000000002630000-memory.dmp

memory/4668-13-0x00000000024F0000-0x0000000002630000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\mentor-inno-lib.dll

MD5 8e8f2104c9a175fb576cdb208a08e6a3
SHA1 77f937b7ca2450c71db6075bfe71df266fd1854d
SHA256 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be
SHA512 e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6

memory/5080-18-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4668-19-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4668-22-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

memory/4668-24-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4668-28-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4668-42-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe

MD5 a51d90f2f9394f5ea0a3acae3bd2b219
SHA1 20fea1314dbed552d5fedee096e2050369172ee1
SHA256 ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f
SHA512 c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.dll

MD5 04ad4b80880b32c94be8d0886482c774
SHA1 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
SHA256 a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
SHA512 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_libs.7z

MD5 bce933e77a7cc5811406c2b289388304
SHA1 5326ed50ef6791f07421658f93cd0c8a0b9767c1
SHA256 0caed92104cf6c38085081338a3f38b7568adc5d51f4ef923277e0ca7802305a
SHA512 fda5a2327b8d67cfeb97a6cab9ac34d943c01baff4ccfdb6149b4b36c2b519f8d695363d9be7b20c6ae679eff78d45c969887bbea9f7a65562bcf3558888f490

memory/4668-106-0x0000000000400000-0x0000000000717000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_bin.7z

MD5 17d7c4803b008681d8cc0f8d334eceb9
SHA1 58e8ec3c1f4c7273e1e9a563ee0bf8fb80b23c5e
SHA256 9f6020ff2cab2cce6d15fdf7495fbf8494a474ba5a7eaf04918296ffb039b1c8
SHA512 0499306ccaac2ff0fbd4d1e1e7928434f06c922e492fbe03ffece28d5e69ef22207e2d1be58b90fc9b8246c2efbdb1f55e62fdf99748b1f4d9f4b83a91ea6b42

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_lum.7z

MD5 aae7bd94dd15b8dfdcc9538d2005b86d
SHA1 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73
SHA256 e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15
SHA512 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41

C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_html.7z

MD5 aafa3fff44ab926b8906d63d49a7e98d
SHA1 40c45db5a011f121193a790663d79e2c925b263a
SHA256 4d0d4599417351498bd59cc89a7f41862fe83c957833d8628254cacc00ad6656
SHA512 7ca8bd19cbd8cabd1e55873ac7b642a982536d9eb7684c79eff6e329db336780e395ecdb3fa2f4030151d0ffa45a85f069aa1ca340a356b637f4e020b14e7855

C:\Users\Admin\mentalmentor\mentalmentor.exe

MD5 bb5bf8b01739c87245173b7c6ec5d7c4
SHA1 71df2b7b87eef61b70c8b8ad05f6ff52885c88f5
SHA256 50803a232bbfee632d529406b1f7e2cab54232f18c84b13bc4f21f4e8efe3638
SHA512 b3c8534e58594e07f78a280524338a6d7873a9881c36e4ae3195f8b08f1839489af344f40e5dd281dd594b5285ad0c376c12f697203983a8600d07e8f6ca542f

C:\Users\Admin\mentalmentor\libcrypto-1_1.dll

MD5 d5a5e2b8e937e31c881dafd4179f5536
SHA1 8e2fa5c30b71da58196c2033be847937b3d0ff0a
SHA256 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3
SHA512 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268

C:\Users\Admin\mentalmentor\Qt5WebEngineWidgets.dll

MD5 41a53eae6b03d8521b34b12ed71da21d
SHA1 d4697400d43d2fba849cbe009bc7f26b0212df60
SHA256 c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c
SHA512 0254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65

C:\Users\Admin\mentalmentor\Qt5Gui.dll

MD5 5b0f3d5b1b29b5e650375093c7afa243
SHA1 1920cbc98bd46a3a72bcfb45caefcfa2649a92e6
SHA256 80016776efea2b2a838c3ffa4c82e5f146baff68c36073c0c34668809d1c4297
SHA512 9db9a90ab5a1a768e079cf9b10f1da868ac7dae774e90e139ee047c9c8fb43cc5b3e01ae3724ea74efd64409eeeafbcda4f04da3e86265575a3831a4fc69cc8c

\Users\Admin\mentalmentor\Qt5Widgets.dll

MD5 da70580648a398ab1c5336ee9ec631ca
SHA1 fa67a8a2d7f7930a45974dcb7a12e56914bf0a57
SHA256 600285754e7eee7239b9d252dbed5c9d2c9c4c432751b8953dcb2e8b45e0408a
SHA512 83d85df1717a5b1dd5b31f5ab33e73d1442027a719af7fdcd20d578598f436d63e7cf58287cbe34dbee8d5b0464a68dfd471d8ec6a95a3168eb8639864a7adfc

C:\Users\Admin\mentalmentor\Qt5Core.dll

MD5 7d180286e9c071c7bc3a6bc2ace792ac
SHA1 f5947d69aeaacc8a378721f3750b049cc41dddef
SHA256 4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4
SHA512 9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167

C:\Users\Admin\mentalmentor\Qt5Network.dll

MD5 2e3db1cd1ec59d08706438258e86ea30
SHA1 bc20b1e40049386e6bea3f448a6852bc879a8821
SHA256 37275f3ea79d15a2792bf21f71f1df825f201cf8b33aa1f94ca93d62d76b216c
SHA512 0c0e0e02ccadc3f2b3f6c8cbf2c162fb73734b0b244c80048968a6fe268450a270a3f92b155daf6268fef246d26ad417e6cec224133fd66e6ffb3a5394b04358

\Users\Admin\mentalmentor\Qt5Quick.dll

MD5 07266e7d049ac4499f34ce281f3a50d7
SHA1 257968090b95fae67f92f82db9cab1f7613d75e3
SHA256 5f246016691ff883243ee9b3c9215eb16b859b12aefc5f4bbd2fbda3911883de
SHA512 d7f9ce2fb11de178d6d38a5580c503c21fed6777067b8a8259f9fe35b44047040b705903db4ed3fbac821806cbd5ca1db0f5fcbec68cdc49282dc0e63a3257c3

\Users\Admin\mentalmentor\Qt5QmlModels.dll

MD5 78e8091feb2e6ce5646459db0ea9e465
SHA1 1731d2d47cfe21394f208f7baff7ea1f2e702546
SHA256 065c8d687dc74964123f4bb06319565b163b164ab09dadc1eb6929ee19755735
SHA512 b3fdf745336c7473b9afa57432379ff32ca5105eb956779da16de3cd55453af54e1420e5f514a1bd9f78107dad4ef719089640cfd0f144d8b7a36e3e39e319d5

\Users\Admin\mentalmentor\Qt5WebEngineCore.dll

MD5 d1b13b694c699e25cae33128924f8123
SHA1 9a24e859601f50cde47b29fe31b649dcaa84ef20
SHA256 de71b3d6da8162d229dc030d344561306bd7d96ae7e3ab3d922771efdd22c542
SHA512 0a6af5bf509985be60bc5aa0dba8d37f338798e7b6ab5075c6948026207c6be48114c7960c08ef7edc3315f697122394e79750451883778d1f214e3222aa8a6c

\Users\Admin\mentalmentor\Qt5Positioning.dll

MD5 7564b2125d2554c98d92d20295d0515a
SHA1 1604d1ab6e424cab14e1f985f288b4197023f548
SHA256 1225b627e5267a9a758af530e7fc842e3ac1c054647ae061a524f8a059a87879
SHA512 cae8d731ee8cc5be31403bd32a7118075f0b708bca667a7c41eb876f15d60570b61626fecc1fe61b69313d7305ffaae80209c35bd68e02a48229692621633922

\Users\Admin\mentalmentor\Qt5Qml.dll

MD5 7cda5037206a57cadd50b5f032876a8e
SHA1 314b671b27e9602a66396ec37bdd6e70bb180d92
SHA256 e45f26ebbc2b0499e0e90f1666fd13f1bb2bed1073e828d30b6a3a70599d4bc9
SHA512 1450a79b017b4809c83c2fc4ef53df926e3a725959b6e378c5a55c853d2151a2ba70272848962931c58596fb4174601e3defedb120fd0a211d57be9d1908ee3e

\Users\Admin\mentalmentor\Qt5PrintSupport.dll

MD5 83fb40d5ab3108f18832b78574404b62
SHA1 0f6ae59ca205ca75a8ecf02d0e0ed5203f894685
SHA256 74e737dda4f666c28f9543bde9cee526a18d0088a780b497ad7c1772b3cadd4e
SHA512 8b9763c3ae94178a350e355f436bcc8b1802064eb2e968327afa423688035c2aa3ae7989cb4d0f61231e1a7aee86a2635626ccdcfceeca3058d99520f4e38d1a

\Users\Admin\mentalmentor\msvcp140_1.dll

MD5 cb8e791faf8a711f9863f759f37fd316
SHA1 ab7a1a33574364d8bfbeace46bda3c8192faf379
SHA256 f1efc4a0f0aef50477fc979642a51b1cdcd23c689f98afa9f5a039f5f05904f0
SHA512 30a30ffcb3514649d2aa747d4036eef50dbfd986d1bf8e5e855f74a5c55db61c4d77444378eddcb73a251cb22fe4f8658a0aa7989a78552b36a7fed5bfcc1a2c

\Users\Admin\mentalmentor\Qt5QuickWidgets.dll

MD5 0c1210b83e965e391ec725811f4c233f
SHA1 156b414ee4d78df6efc37717434dd4428cc5f9d0
SHA256 ee8ecdb086359fefc14f82cc2aac7b572a471264ff756e848615cafce72c98b0
SHA512 b82e5f871cf4b57b7bfd34d6413b070adbb63872ef12e2a1bcede47a59721d210f843e2eb6d15ccfd66578bfb71afd1e57b61815a0951919245a5499066140df

\Users\Admin\mentalmentor\vcruntime140.dll

MD5 1b171f9a428c44acf85f89989007c328
SHA1 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
SHA256 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
SHA512 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

\Users\Admin\mentalmentor\msvcp140.dll

MD5 1fb93933fd087215a3c7b0800e6bb703
SHA1 a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb
SHA256 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01
SHA512 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

\Users\Admin\mentalmentor\Qt5WebChannel.dll

MD5 3a180dcd023884b1cfc2ce66b57f4931
SHA1 1a8d719ffa5bfe24d7addbf480772a4b256c49c2
SHA256 34e5cf82808bba7dd544fd83ab0a88ec6c336d7e00319a4b8389f8c4d4d2ebab
SHA512 e4b0234dbdd09d5da8817621d25f10ccb3666e95c002d7cbecb3735ff1a111703792fecbd80871f3559d403107f55c1b02932f3a4351262a4c6db3c271d7d84f

\Users\Admin\mentalmentor\sentry.dll

MD5 231c11192fa58f32794dc7fa6fec9f8c
SHA1 7bf5f9364a4251b91a274188f504d839e9b4c428
SHA256 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d
SHA512 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867

\Users\Admin\mentalmentor\platforms\qwindows.dll

MD5 b2af81698f607061986109b4a9004819
SHA1 36a789f49738de6a10bfe82a282ee7e5fefd396b
SHA256 4d1eaf41136ac3faefb76f5cf2efe8e7f8a11fd6a943a8b11f2f2a8be5cfe19b
SHA512 1786885032c3a7f4b4d6624dc0f1365322619f6ed92417a8671fe0a36e20016e677f254da0909395a5b4d0f4c3403072eed8c1471dc3b729cb2d687c4f78b6c4

\Users\Admin\mentalmentor\libGLESv2.dll

MD5 7ff6836c626bbc7f0833a66aa77a7a7f
SHA1 9ad21c1a5df940999ba9f884d21868d3b69e7155
SHA256 8cfc024d09a6784486da7dc0ebfd90c0c8136b27c08ec1c3f352cd4fa43b9273
SHA512 8ff378b9d2a1058396ff5e9795f7bd25fc3092f94b9274447c849c19294569197f6920bda448a3e2c06b012ba1468d75f2b26ed1bd4e54191f28ca209bf41697

C:\Users\Admin\mentalmentor\styles\qwindowsvistastyle.dll

MD5 53af56ea898bb82775fdd0f940c429d2
SHA1 5675fd1243ea87e59256b05e5a7c6c64298312ea
SHA256 547606fc8a6b20a2616a4f390c6cf0e7aa713f6ad53bae23c8d1b021885aab0e
SHA512 401f9b346a3da18e750cf26cc05e1013ec8446955344d0e353012abdcb4af4e836515531b1bef4c2fa5a07ec5b41a9cd74c68e39b977e43f9ad1a06ac32fa27e

memory/4668-496-0x0000000000400000-0x0000000000717000-memory.dmp

memory/4324-497-0x0000000000E30000-0x0000000000E40000-memory.dmp

\Users\Admin\mentalmentor\libEGL.dll

MD5 371aeb50f7816108b346b67ef2b11e1a
SHA1 5de780b46d7663d1615727edaba32b5709286d38
SHA256 12903d93a7f57b479401602a533849e6f813ff5c2c92f3a02d468fc98e7ac1d5
SHA512 4aff94adbd97948766c7839220e15000a4defb7d46b5502872b16225e8c5b85b6b674b632455afbb3db729d5f2e9666b32b8db282ea3499ebd84fe4ce11d9631

memory/4668-489-0x0000000000400000-0x0000000000717000-memory.dmp

memory/5080-500-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/372-515-0x0000000000BD0000-0x0000000000BD8000-memory.dmp

memory/372-516-0x0000000069600000-0x0000000069CEE000-memory.dmp

memory/372-517-0x0000000001240000-0x0000000001262000-memory.dmp

memory/372-518-0x0000000001200000-0x0000000001210000-memory.dmp

memory/372-519-0x00000000054B0000-0x00000000054E8000-memory.dmp

memory/372-521-0x0000000069600000-0x0000000069CEE000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll

MD5 c6030e74a4597da324a77da97cb33ada
SHA1 d015867cf7aca7a93f0912e1dccbafb1b2f4e04f
SHA256 44147c861e95842b7cf885afdd84935e28566514b3dccf6a1f8fb97df21aa21c
SHA512 25484367903290a2daa7d847a4db6ee72dba137ca4ee5410824d9d84618a0aa41bd33ae55475efe4f9034409b8e8c97daacbc82dd56c75ad29aaeed478be28db

memory/4744-552-0x0000000001700000-0x0000000001710000-memory.dmp

memory/4744-553-0x0000000068EE0000-0x00000000695CE000-memory.dmp

memory/4744-554-0x0000000006130000-0x0000000006850000-memory.dmp

memory/4744-555-0x0000000006850000-0x0000000006F5C000-memory.dmp

memory/4744-556-0x0000000001700000-0x0000000001710000-memory.dmp

memory/4744-557-0x0000000005D40000-0x0000000005D62000-memory.dmp

memory/4744-558-0x0000000006F60000-0x00000000072B0000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id

MD5 7a4ec2cb99e72f0e3190a58f52e9ad8a
SHA1 9e5a90b5c5ad8884f18084fdcedbdb3c14c0f497
SHA256 8c0f48908e83f5b49c33c726d4523e5823519e531061fedf6b5d1b7209659abc
SHA512 4acb9a60ea32692374b84244ea55aa72a23b2cc5cd1359f352af92c7af93070f774367b17b5cf308679a459c787b4ee1bf24802554b5bcf1c810f593aaf152cc

memory/4744-584-0x0000000007F10000-0x000000000843C000-memory.dmp

memory/4744-589-0x0000000001700000-0x0000000001710000-memory.dmp

memory/4744-597-0x000000000A400000-0x000000000A408000-memory.dmp

memory/4744-598-0x000000000C6B0000-0x000000000C742000-memory.dmp

memory/4744-601-0x000000000D340000-0x000000000D416000-memory.dmp

memory/1732-622-0x000002D170800000-0x000002D170810000-memory.dmp

memory/1732-641-0x000002D1704F0000-0x000002D1704F2000-memory.dmp

memory/488-736-0x00000263C75B0000-0x00000263C76B0000-memory.dmp

memory/488-746-0x00000263C7AD0000-0x00000263C7AD2000-memory.dmp

memory/488-748-0x00000263C7AF0000-0x00000263C7AF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8RQS2CYX\favicon[2].png

MD5 68fe9d00769981b3e7c91064dee8648d
SHA1 821c5601a37431247ce161931a794db0a87ca69f
SHA256 c9b3cb09c1cf5f0715fee4cbdfff0316f9cbce636832b3f01fe190ffb2019544
SHA512 5d462add5e81c8a40a61e7a9d9d9f47ba069ea179c3352bb825dfe81368cd6969d55cc4317cd1029c631d467cc04cd058c1ad0e429d4f7f04d7a84ee20504276

memory/4744-857-0x0000000001700000-0x0000000001710000-memory.dmp

memory/4744-861-0x0000000068EE0000-0x00000000695CE000-memory.dmp

memory/4744-918-0x0000000001700000-0x0000000001710000-memory.dmp

memory/4744-919-0x0000000001700000-0x0000000001710000-memory.dmp

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM

MD5 2118c2211b79b1eda140816a7d312c29
SHA1 9fb14b6ab0ecdf422797b7fd7ca323ce7f8f4fd6
SHA256 2f1308617826d2dbd774cb580b7ad7d4a3832564b01248f7cbe8516f8ea3d147
SHA512 2ae8242c850e52351ca74218137a317e87d174895f80a35bf81d942c6bd85f93406c88d8081c617e74c591f94ed2a0df1e9f9086f4ffcf8e13c185cb7955fc02

C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id

MD5 c91f148c730f5e012d25d863b5e3a6a8
SHA1 0af66a5def42a881c8f5c3a18cf3dfe9f0c3181b
SHA256 04f792a866c0fd978919ccdffef15ba52541c73a3dbf407c372d106df32d0328
SHA512 229357df825b68473d5730c94f137c065af86619feca45c23e5c80c365d21ad5b296ec74778745358d9d0295a967c55e9572cad2d8e06585ddc4a3645b4f9ddd

memory/4744-959-0x0000000068EE0000-0x00000000695CE000-memory.dmp

memory/2716-978-0x0000000002CB0000-0x0000000002CC0000-memory.dmp

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/3636-995-0x0000000000F50000-0x0000000000F60000-memory.dmp

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBHW1F6U\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/4324-1123-0x00000000011F0000-0x0000000001200000-memory.dmp

memory/4324-1144-0x00000000011F0000-0x0000000001200000-memory.dmp

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\aa1bbc80-ed7c-4523-bb86-a5b1fcdc88a1.tmp

MD5 deede6511277721a6ba118f5598efd0c
SHA1 b142a0fb1358853dd2e635a663cdc3605566b202
SHA256 4fb7d3da2902cc179b3a5acbd45ec6b1f0f4b31fdc757b26f8ec4a38b1d5b2e7
SHA512 8b01d29770e9dca654d5790d5f6244e366512a14b92771f7c9d2f9ebbf87b3e2dc580c8f51d7394f38022929181c70c01bd8983c577524df7627ac8da32bc1b4

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\TransportSecurity~RFe5ab910.TMP

MD5 374baee7e520c74ce586abcf8c7da550
SHA1 38c1c427c07ae459624236360e222e1a8dd4b3dd
SHA256 1f621962466b0d24b98496c9c115faa65cccc5182d52991b95c638b9f38d9dcf
SHA512 32edde2e2c5db3d41e26408b1d9347e3300b4edc7898b86596270e45de00faa3b1726c30a56a1d81880ce8f482f1cabcda771a4a220f9c61e63a0261528ab536

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OR3O6NAO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\G9TNOGZ1\brightdata[1].xml

MD5 df21f1c42ab258e64898101429975150
SHA1 2912d28f8b03235847d627bffd001b0610c7119c
SHA256 26daaab4ac15f3f262f85f35e9e4520b6ed1bfec8552f8a4bb75d0ec63fc7bb9
SHA512 e23b51a4ef8ec6e545ec1225828b71d901c5733d0e54ebd9a5e20f857557da254b5c0a4167dc01f61b0c5b5310dad8483a81b1fffd23078e30f2dde42a55483d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\G9TNOGZ1\brightdata[1].xml

MD5 421c3815ec17ac5ddb8744a8e6fe990a
SHA1 616653170971932e2bc21597d81e792c5dc75d1e
SHA256 b4bf63e786644c74e298350ab512fc06151621d786f1f3e707cd181e0117a5b2
SHA512 2e5247ff8693f7a168d7492c0dd526bec901e0764f8659c69afa53bd8c819957e402bccba5c71c1c7f0d578e902f2a8797b0b5be771ea48ce1b599388f0a63a0

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\65199d85-3ff3-4568-b391-d7423cf529b1.tmp

MD5 ac953707db93595fcb41e8a5341ed168
SHA1 43980b7f16c01a427a8c76aa71ac39f9da7ab4a7
SHA256 44fec3bc80a1ecce7957b4931ad134016d6acf99ec51a26c0c7d79febeddcfb5
SHA512 a4990a69be2bee697473c9ea6202c9e23b5773d2a9c47f3db91a48ac7d6ccd6dee45fdb33f9e81bf91acab02ec487aa61fd191fcb23e0f2bbdc3e79c4feead6d

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\f77e4634-7d15-486a-abe6-a3d5d4e5d571.tmp

MD5 b6260f064506fb4bd1271b108fcd72e9
SHA1 89eb11e39cf61ceab6cfd86cd78061c9f051fe94
SHA256 e5765d94249e91cc80289ec03ea78e39c5fc318b9ca99de4fa335437cf08fe6b
SHA512 adea3056b295d5b47312f9bb93927e7ac855ac98d91bd94fcf6af42f8280d50c31f2e2380d148c6816a639c0e9550193ff61092c4579122a0ffce72f2c38cf73

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\e56b98d2-fed3-41ad-913a-8ca848b0fb07.tmp

MD5 d30049c6499544c5b0568a5984df777d
SHA1 3ac9c88f92e8c8669d0d1c0d2036093ff782c901
SHA256 2192a76c022593c90b26f9dad5bfbe9251c6a9598ba361ab77b6d22a4cd238f4
SHA512 c832414c4e302bd66eceb35e4752e45bd1ec0b917b423cb8407e92f840e52905be5f5426fd645e05458d9b7b469cee3df0fe0ded88d46ad2ae7e9b7e189b5af1

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\0fb4a884-2e21-4b7d-9fe0-40b126a4c3d7.tmp

MD5 0fb0f870752591d1db52cd1616adfba1
SHA1 1330853ace9839d935459d6bbc6f2db33400d72c
SHA256 5abbb0e7a7f8dfea6649fdea7277e126969172624db928cfa099fc14893ac124
SHA512 4bd8d6b0b17a7d5cfbcabdbe4caaf5afbd3cabcc3c7908c68e68f01472ae68f489a02ddd404671526a0a1c841bd95ceb8f9c1d55dbcc0e510fa63596e501e901

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\57f71056-495b-4b69-9fa7-f1e8a83fc05d.tmp

MD5 9042f9a4f7f190ee0ad383e0a8d33425
SHA1 a847036cbe24c59fcc1369f0876533f45378861c
SHA256 eaf19e7888ae9d459a8918012756ab8cf8de6339e8f107563703b7a08e7c2ccc
SHA512 bcd7c1740343c4ae2bd1399fddd85eb863df03a266c9059369ce54546c675ac65599e6ae4d9ea5688373aa8202f8858e7be2144ed515dd3f9d83a1251deb1b7f

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\e6ae8f62-19bf-4ed8-9931-bceabc4f000e.tmp

MD5 118ce9ddd6139706ac64986a3c99f71d
SHA1 1533e80629cd45f5b4dd767ba2de56fe8291a55f
SHA256 4ec33ceec383191187c8f9dd309e08563724910ec030eca5b1a077af5ace3ce6
SHA512 383f401989af7d0b10c9415cfa1e659bf88b443879461f62a8749ae0c685af9678e89be0d946a2c58fe3c68a27aecdf443e123942dd9950f035c892c2017df6e

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\ce982963-bdac-40a7-a3ec-d8032143d02b.tmp

MD5 4a842b38712604936f7e0421a353db84
SHA1 fc5841e10aba515e468592ea96b408dc53a2e6b4
SHA256 bfe38869bb05544e32afd5cf1e55aeb96aed0d50c3e254aa457ded80d7106c2a
SHA512 75734a4a4681733d857513b830e5b4fd37c96e2e367df53420cac92471021eba9294c4632ebcc986d300dd7322b0faaceea49f6b81260b3d88964d9bc4bc2184

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\b8ddb0ac-06b8-48a7-a947-e3cd943c1d72.tmp

MD5 faf0da4c92ef57228c421d8b1bc9c34c
SHA1 b2d10821cf9f0aa4436945045c3142f737084153
SHA256 308c9c82e89a449414b237309ddb4d692c3d54d84fc67ffd93591d1345d740cc
SHA512 3d06dbb2c553e8c6592d37389d06a5b85894c6a0f57fc61d6d8d0123d7f5234de2e009d86464ea3893d1c5d50ef5089ebe231805e7854fbc766ab9570d860a9f

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\1276b9e7-2bfc-44f7-9c8c-174ad5747d8f.tmp

MD5 250b6f82d3a19c17a5d6949c3e92bcde
SHA1 026f30bb3f2f9f956ba9326b226e0f072559f0c3
SHA256 c5b3c6edab1a66e461ed318c016ea1ddc3df8dd9f5d25580d3e63a9b08f10afd
SHA512 87c0f55de2c2b1e8effbcd9736014f54af2c2534ee27ac0f102dec93a9104a69e97c6d0bd0a956459ca6975a33b3d71b8bdcdd83f9c797ebb3d0351d3a41ce37

C:\Users\Admin\mentalmentor\settings\webengine_profile_inst\5483d6aa-6e92-4865-83c0-528ef86be6b0.tmp

MD5 230987de069c22c99a206dfce781afd1
SHA1 da05b104ede1fd79e896098f8d92e8d93822d574
SHA256 12b68fc6e479f9964df77d38dbfe7df5ba93dbc975851ddfda5ecdcd248c823c
SHA512 b59bf5aaf2c7fef59a155cfc1f6ac834b7973bf04ccfae67e35ca612ca13f40bb57aae9becf6036edcb4ccd152c78d1aad3f883c02e31351632ba2748dec29c1

C:\Users\Admin\mentalmentor\settings\webengine_profile_inst\user_prefs.json~RFe5d64f6.TMP

MD5 f800a48bfea6e28a7eea1fad252a1034
SHA1 13a0b78ca023a4f17b626a8a85636a83e43cca11
SHA256 e61562ed7fb8d074e0787be3f941a441598348eae1a54eb5f48e0f40a0a4e1e5
SHA512 454993fe7d6381007fec52e54ca866e155c096a0a6dc2d47d2d6abf0a0ff12e9fb4f39a7afd33654e55098aeefe29b813ccf9e0fac8f473e8807bdbb3c98766a

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\user_prefs.json~RFe5d64f6.TMP

MD5 9306e6bb208058f77caa55239d6cccc1
SHA1 22ac05608d25253a92df306ce2f4298787b347dd
SHA256 6efdfb9f4eded6b1f9cee86b0040cf062131413fe0cf736a22f5fefa4e4e66ee
SHA512 62948fe2ed48568f6fa9054b686d4dcec5cdcc814cc10187b23022d201e36ce6e6ec095ba126296e9516a6febc5014827b2751bc14f1703a931ab38e6c607943

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\8026dfe0-f8a4-4b42-a6d4-cc52fd139d9a.tmp

MD5 93ef18f752efbd03763a14be17a9c20f
SHA1 dfc305d2daec8b4febb2b3d34522523ab6f8b9a1
SHA256 a992e6fc8dd35f1b32c58c8e2656577de43ea4d9a0fd5c4b6ba0816d3c4a13a5
SHA512 36bea91f66b2e7dce0759a1d72d465a3cc6fc4abce9f4573a46a2af1befceb534ab3c1929c3a6ed9ad1c8352b950f73c2695f54316c4b357f1ca8d14203796ab

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\fdcde7ad-7229-475c-a6ff-2d6a17549e06.tmp

MD5 81908e5f82d49e787a4b6ee1315d98bd
SHA1 8e48e58691c0e20515ab9c57b7f43a08558e74d0
SHA256 120d7081de1d50d3c625a17f63f5283a2cf0bc120d609b4f846f1faaace0efc1
SHA512 c46cf1a5a58d39408dd68a722ea1c2e22b4ed29515ff8c555fdbc840a098e299f9aec94ea0bac5007eb586f911e7615ce09abf1b896ebe12cac6cdbb13f82027

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\f8f27eb3-ec5c-4ab1-8522-2b97e0e54cb3.tmp

MD5 3fb3bf0de185ceea20825a868ae3c8d4
SHA1 5414afa646333ae9bb91e504b965fe76a62cba9e
SHA256 58acc632666a3e2c771eabdc0291e3699a9571bf1d83cc53321641515273823a
SHA512 96d9813e2385654a459270015afb36661315ade71aebf60d2076654a5577792967a2f4f0b8c382a185a3381806d4175df0c5570945ce00aa14b12ebd231236ad

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\f77d4110-debc-433d-bf2c-afe0a779e260.tmp

MD5 1b95262f6783a85efcaf6166d304daa3
SHA1 f3a6e3b01c50f2aab861d53e2214b7f78f3eac1d
SHA256 a22a67f7eeae180899586f2a9e58c3bfac59cae65d5a2aab8b078eefa5cfc809
SHA512 4674072ab856410295b6f49a73ff4d45143dad11d2d3ac2da30e97b936c9b5818bf7aff56e4f6873e2e1168e2438248e1d4905c0398677c7efeda6aa42f655fb

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\551b059c-ff4b-428c-b367-9e3e86787841.tmp

MD5 00c352ee04a318b6ea8830fcc9c05467
SHA1 8643f40f6bca1dd547879f2e82463ab719c2d7f1
SHA256 8d4d85804c2308a5bf4b0829d675b74d112f3ca56f45cd9909ea10a2b1daa380
SHA512 538a46f834715a62da6d3e09d8a91fa943fbf534f10383d75af157fbee555b5aee75f65456eaf0612994b0a950c6bf808ae363d38e76d9d5506eb80462082cc1

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\07988938-f6fa-43d0-9d59-ab25b62fb6b3.tmp

MD5 bf47d8d7be42953cd1ca1e4da87b9f6c
SHA1 77693bc98124cd410cc8969555eecfc524d72bfb
SHA256 9e78eeab72a39dbdd4f08cdea9b1b8bb4d52c5e3a8797e339b51a771cf269703
SHA512 643ff0f8a394dd26d0304a649a60a06af5e5f33ef475249615298b228ac0c9989d8fc6a04a871cd76329d715c13422534acf1b5ca645c5dee5a21706991a6b0f

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\801242da-102c-4dee-ae8e-39384ff4ba4b.tmp

MD5 427695d1be346bb224f4b3cbf3606982
SHA1 b9303d97fd4a58d8819f2a5dafc95860b282b651
SHA256 be6ba498570cecd1354a9bd0731d1fc84be67f13a49bb2ac62025ffa381b55a5
SHA512 a13f1321bf69bc51eacf6f3472f7e5395a1324f803a2348fdc1ff46ba03d3db700771d8cb43a363f6eb97d499f668015fd0b2dcddae22e70d050373a71676c9b

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\caaa2e85-9d2f-428e-88c7-f4b7573e794d.tmp

MD5 b3721437baa09fba17870cf896ef5261
SHA1 f067c84ad7dc1ac7bc650b5487eab112fad0e3f7
SHA256 fcf24c00602482045503ac3ef5f673b51492e7bd32a23fa601e2f84abbd1951a
SHA512 3bf5f8d190a792ca447995d5b81671f8848bf9a41295b748f95cc0a945ddd1a3e1c055f7c92fba058804e90d33f764c2dbddf74d8bf243cad4aa6eb749e7a244

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\efb12643-6691-4b2c-a0f2-190cdb24adfb.tmp

MD5 e910213ac81b542b28c4f92abe5fcdba
SHA1 4770006114976e2d4a0621e8a3190f2abb8cc34d
SHA256 090c38897740334eb7549d2c709185a4aac8b6fafd9c54c535ace1f8b4588010
SHA512 e5374bb2be0fafbfe48ecf81436e556c3c25cdce6db73d93bfd92e6c1fa33c1713be3cf7aae213cbd77ed8af26cf889b618ff6462d88961d56301b5a2b41b4d3

C:\Users\Admin\mentalmentor\settings\webengine_profile_main\8b5a0aab-4a17-4675-a5ea-b2b02c19e798.tmp

MD5 082a30ff461bbfd5cad7527bf537fa31
SHA1 34927b7646817c463db0293acdcc80883c2140e7
SHA256 bdad6d3b586c38988e4d82b30797eef116ded2f8bfe333ef32a4ea9d0a914daa
SHA512 dc06dc1a4baba64123c0b6fd0e60cc9b6e2cf0ca7177aa415c7f5cedb3938b3ec99a36ec591433d7c5dc23884e869b55beddeeb8aa648cab3dc727af1608cf62