Analysis Overview
SHA256
4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec
Threat Level: Shows suspicious behavior
The file MentalMentor.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Adds Run key to start application
Modifies Windows Firewall
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Drops file in Windows directory
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Script User-Agent
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: MapViewOfSection
Modifies system certificate store
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 02:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 02:02
Reported
2024-04-08 02:13
Platform
win10-20240404-en
Max time kernel
621s
Max time network
625s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
| N/A | N/A | C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "976" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 17b8af535989da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "418704060" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1810" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "1631" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1174" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1130" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "English Phone Converter" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "I 0069 Y 0079 IX 0268 YX 0289 UU 026F U 0075 IH 026A YH 028F UH 028A E 0065 EU 00F8 EX 0258 OX 0275 OU 0264 O 006F AX 0259 EH 025B OE 0153 ER 025C UR 025E AH 028C AO 0254 AE 00E6 AEX 0250 A 0061 AOE 0276 AA 0251 Q 0252 EI 006503610069 AU 00610361028A OI 025403610069 AI 006103610069 IYX 006903610259 UYX 007903610259 EHX 025B03610259 UWX 007503610259 OWX 006F03610259 AOX 025403610259 EN 00650303 AN 00610303 ON 006F0303 OEN 01530303 P 0070 B 0062 M 006D BB 0299 PH 0278 BH 03B2 MF 0271 F 0066 V 0076 VA 028B TH 03B8 DH 00F0 T 0074 D 0064 N 006E RR 0072 DX 027E S 0073 Z 007A LSH 026C LH 026E RA 0279 L 006C SH 0283 ZH 0292 TR 0288 DR 0256 NR 0273 DXR 027D SR 0282 ZR 0290 R 027B LR 026D CT 0063 JD 025F NJ 0272 C 00E7 CJ 029D J 006A LJ 028E W 0077 K 006B G 0067 NG 014B X 0078 GH 0263 GA 0270 GL 029F QT 0071 QD 0262 QN 0274 QQ 0280 QH 03C7 RH 0281 HH 0127 HG 0295 GT 0294 H 0068 WJ 0265 PF 007003610066 TS 007403610073 CH 007403610283 JH 006403610292 JJ 006A0361006A DZ 00640361007A CC 007403610255 JC 006403610291 TSR 007403610282 WH 028D ESH 029C EZH 02A2 ET 02A1 SC 0255 ZC 0291 LT 027A SHX 0267 HZ 0266 PCK 0298 TCK 01C0 NCK 0021 CCK 01C2 LCK 01C1 BIM 0253 DIM 0257 QIM 029B GIM 0260 JIM 0284 S1 02C8 S2 02CC . 002E _| 007C _|| 2016 lng 02D0 hlg 02D1 xsh 02D8 _^ 203F _! 0001 _& 0002 _, 0003 _s 0004 _. 2198 _? 2197 T5 030B T4 0301 T3 0304 T2 0300 T1 030F T- 2193 T+ 2191 vls 030A vcd 032C bvd 0324 cvd 0330 asp 02B0 mrd 0339 lrd 031C adv 031F ret 0331 cen 0308 mcn 033D syl 0329 nsy 032F rho 02DE lla 033C lab 02B7 pal 02B2 vel 02E0 phr 02E4 vph 0334 rai 031D low 031E atr 0318 rtr 0319 den 032A api 033A lam 033B nas 0303 nsr 207F lar 02E1 nar 031A ejc 02BC + 0361 bva 02B1 G2 0261 rte 0320 vsl 0325 NCK3 0297 NCK2 01C3 LCK2 0296 TCK2 0287 JC2 02A5 CC2 02A8 LG 026B DZ2 02A3 TS2 02A6 JH2 02A4 CH2 02A7 SHC 0286 rhz 02B4 QOM 02A0 xst 0306 T= 2192 ERR 025D AXR 025A ZHJ 0293" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "409;9" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\Total = "136" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "453" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 206725ad8b89da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "136" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "332" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b87f38485989da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2013.1022" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033David" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "1088" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "1130" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\brightdata.com\ = "53" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bfd3ca475989da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3727096518-2913484142-3593445157-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\mentalmentor\luminati\luminati.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
| N/A | N/A | C:\Users\Admin\mentalmentor\mentalmentor.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe
"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"
C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp" /SL5="$50202,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
C:\Windows\SysWOW64\netsh.exe
"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
C:\Windows\SysWOW64\netsh.exe
"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
C:\Users\Admin\mentalmentor\mentalmentor.exe
"C:\Users\Admin\mentalmentor\mentalmentor.exe" install
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\98cf48b6-0262-4660-0d39-02130f5185c6.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\98cf48b6-0262-4660-0d39-02130f5185c6.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\98cf48b6-0262-4660-0d39-02130f5185c6.run\__sentry-breadcrumb2 --initial-client-data=0x4e4,0x4e8,0x4ec,0x4b0,0x4f0,0x72017b7c,0x72017b90,0x72017ba0
C:\Users\Admin\mentalmentor\luminati\luminati.exe
"C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe
C:\Users\Admin\mentalmentor\mentalmentor.exe
"C:\Users\Admin\mentalmentor\mentalmentor.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3524 /prefetch:8
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3632 /prefetch:1
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe
"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4496 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.mymentalmentor.net | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 166.210.158.51.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 78.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perr.lum-sdk.io | udp |
| US | 161.35.48.195:443 | perr.lum-sdk.io | tcp |
| US | 8.8.8.8:53 | 195.48.35.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 3.228.36.186:443 | clientsdk.bright-sdk.com | tcp |
| US | 206.189.231.23:443 | perr.lum-sdk.io | tcp |
| US | 8.8.8.8:53 | perr.l-err.biz | udp |
| US | 192.81.214.145:443 | perr.l-err.biz | tcp |
| US | 161.35.48.195:443 | perr.l-err.biz | tcp |
| US | 8.8.8.8:53 | 186.36.228.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.231.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.214.81.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web.mentor-staging.mymentalmentor.net | udp |
| US | 192.81.214.145:443 | perr.l-err.biz | tcp |
| FR | 195.154.71.230:443 | web.mentor-staging.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | 230.71.154.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | brightdata.com | udp |
| US | 104.18.24.60:443 | brightdata.com | tcp |
| US | 104.18.24.60:443 | brightdata.com | tcp |
| US | 8.8.8.8:53 | 67.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.24.18.104.in-addr.arpa | udp |
| US | 104.18.24.60:443 | brightdata.com | tcp |
| US | 104.18.24.60:443 | brightdata.com | tcp |
| US | 8.8.8.8:53 | web.mymentalmentor.net | udp |
| NL | 51.158.210.166:443 | web.mymentalmentor.net | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | api.mymentalmentor.net | udp |
| US | 8.8.8.8:53 | privacy-cs.mail.ru | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.userway.org | udp |
| GB | 195.181.164.16:443 | cdn.userway.org | tcp |
| GB | 195.181.164.16:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | 16.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.userway.org | udp |
| US | 54.190.247.174:443 | api.userway.org | tcp |
| US | 54.190.247.174:443 | api.userway.org | tcp |
| US | 8.8.8.8:53 | eulady.thesmilingelbows.com | udp |
| FR | 3.162.38.109:443 | eulady.thesmilingelbows.com | tcp |
| FR | 3.162.38.109:443 | eulady.thesmilingelbows.com | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 130.211.5.208:443 | cdn.mxpnl.com | tcp |
| US | 130.211.5.208:443 | cdn.mxpnl.com | tcp |
| US | 104.16.138.209:443 | js.hs-scripts.com | tcp |
| US | 104.16.138.209:443 | js.hs-scripts.com | tcp |
| US | 2.17.251.25:443 | snap.licdn.com | tcp |
| US | 2.17.251.25:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 174.247.190.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.5.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.138.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 172.217.16.206:443 | analytics.google.com | tcp |
| DE | 172.217.16.206:443 | analytics.google.com | tcp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 142.250.186.34:443 | googleads.g.doubleclick.net | tcp |
| DE | 142.250.186.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 104.16.80.186:443 | js.hs-analytics.net | tcp |
| US | 104.16.80.186:443 | js.hs-analytics.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.128.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| FR | 52.222.162.93:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 104.16.118.116:443 | track.hubspot.com | tcp |
| US | 104.16.118.116:443 | track.hubspot.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| FR | 52.222.162.93:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.162.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | automn.thesmilingelbows.com | udp |
| IE | 3.248.162.96:443 | automn.thesmilingelbows.com | tcp |
| IE | 3.248.162.96:443 | automn.thesmilingelbows.com | tcp |
| US | 8.8.8.8:53 | 96.162.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 107.178.240.159:443 | api-js.mixpanel.com | tcp |
| US | 107.178.240.159:443 | api-js.mixpanel.com | tcp |
| US | 8.8.8.8:53 | 159.240.178.107.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| IE | 3.248.162.96:443 | automn.thesmilingelbows.com | tcp |
| IE | 3.248.162.96:443 | automn.thesmilingelbows.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
Files
memory/5080-0-0x0000000000400000-0x00000000004DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-0276F.tmp\MentalMentor.tmp
| MD5 | 0d041f22d598f3a63bdf0e66c448bdab |
| SHA1 | 591fc72ec32e7efe2e641dba38c3cd7b6d415450 |
| SHA256 | e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563 |
| SHA512 | 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210 |
memory/4668-5-0x0000000000CF0000-0x0000000000CF1000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\idp.dll
| MD5 | 59fd376f6e67cf49bfb0ac6724140e72 |
| SHA1 | e02a4185b9272ae6a3b5eaa4333905fc989698e2 |
| SHA256 | 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5 |
| SHA512 | 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb |
memory/4668-12-0x00000000024F0000-0x0000000002630000-memory.dmp
memory/4668-13-0x00000000024F0000-0x0000000002630000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\mentor-inno-lib.dll
| MD5 | 8e8f2104c9a175fb576cdb208a08e6a3 |
| SHA1 | 77f937b7ca2450c71db6075bfe71df266fd1854d |
| SHA256 | 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be |
| SHA512 | e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6 |
memory/5080-18-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/4668-19-0x0000000000400000-0x0000000000717000-memory.dmp
memory/4668-22-0x0000000000CF0000-0x0000000000CF1000-memory.dmp
memory/4668-24-0x0000000000400000-0x0000000000717000-memory.dmp
memory/4668-28-0x0000000000400000-0x0000000000717000-memory.dmp
memory/4668-42-0x0000000000400000-0x0000000000717000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.exe
| MD5 | a51d90f2f9394f5ea0a3acae3bd2b219 |
| SHA1 | 20fea1314dbed552d5fedee096e2050369172ee1 |
| SHA256 | ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f |
| SHA512 | c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6 |
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\7z.dll
| MD5 | 04ad4b80880b32c94be8d0886482c774 |
| SHA1 | 344faf61c3eb76f4a2fb6452e83ed16c9cce73e0 |
| SHA256 | a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338 |
| SHA512 | 3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb |
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_libs.7z
| MD5 | bce933e77a7cc5811406c2b289388304 |
| SHA1 | 5326ed50ef6791f07421658f93cd0c8a0b9767c1 |
| SHA256 | 0caed92104cf6c38085081338a3f38b7568adc5d51f4ef923277e0ca7802305a |
| SHA512 | fda5a2327b8d67cfeb97a6cab9ac34d943c01baff4ccfdb6149b4b36c2b519f8d695363d9be7b20c6ae679eff78d45c969887bbea9f7a65562bcf3558888f490 |
memory/4668-106-0x0000000000400000-0x0000000000717000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_bin.7z
| MD5 | 17d7c4803b008681d8cc0f8d334eceb9 |
| SHA1 | 58e8ec3c1f4c7273e1e9a563ee0bf8fb80b23c5e |
| SHA256 | 9f6020ff2cab2cce6d15fdf7495fbf8494a474ba5a7eaf04918296ffb039b1c8 |
| SHA512 | 0499306ccaac2ff0fbd4d1e1e7928434f06c922e492fbe03ffece28d5e69ef22207e2d1be58b90fc9b8246c2efbdb1f55e62fdf99748b1f4d9f4b83a91ea6b42 |
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_lum.7z
| MD5 | aae7bd94dd15b8dfdcc9538d2005b86d |
| SHA1 | 3ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73 |
| SHA256 | e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15 |
| SHA512 | 860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41 |
C:\Users\Admin\AppData\Local\Temp\is-93KUD.tmp\zip_html.7z
| MD5 | aafa3fff44ab926b8906d63d49a7e98d |
| SHA1 | 40c45db5a011f121193a790663d79e2c925b263a |
| SHA256 | 4d0d4599417351498bd59cc89a7f41862fe83c957833d8628254cacc00ad6656 |
| SHA512 | 7ca8bd19cbd8cabd1e55873ac7b642a982536d9eb7684c79eff6e329db336780e395ecdb3fa2f4030151d0ffa45a85f069aa1ca340a356b637f4e020b14e7855 |
C:\Users\Admin\mentalmentor\mentalmentor.exe
| MD5 | bb5bf8b01739c87245173b7c6ec5d7c4 |
| SHA1 | 71df2b7b87eef61b70c8b8ad05f6ff52885c88f5 |
| SHA256 | 50803a232bbfee632d529406b1f7e2cab54232f18c84b13bc4f21f4e8efe3638 |
| SHA512 | b3c8534e58594e07f78a280524338a6d7873a9881c36e4ae3195f8b08f1839489af344f40e5dd281dd594b5285ad0c376c12f697203983a8600d07e8f6ca542f |
C:\Users\Admin\mentalmentor\libcrypto-1_1.dll
| MD5 | d5a5e2b8e937e31c881dafd4179f5536 |
| SHA1 | 8e2fa5c30b71da58196c2033be847937b3d0ff0a |
| SHA256 | 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3 |
| SHA512 | 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268 |
C:\Users\Admin\mentalmentor\Qt5WebEngineWidgets.dll
| MD5 | 41a53eae6b03d8521b34b12ed71da21d |
| SHA1 | d4697400d43d2fba849cbe009bc7f26b0212df60 |
| SHA256 | c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c |
| SHA512 | 0254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65 |
C:\Users\Admin\mentalmentor\Qt5Gui.dll
| MD5 | 5b0f3d5b1b29b5e650375093c7afa243 |
| SHA1 | 1920cbc98bd46a3a72bcfb45caefcfa2649a92e6 |
| SHA256 | 80016776efea2b2a838c3ffa4c82e5f146baff68c36073c0c34668809d1c4297 |
| SHA512 | 9db9a90ab5a1a768e079cf9b10f1da868ac7dae774e90e139ee047c9c8fb43cc5b3e01ae3724ea74efd64409eeeafbcda4f04da3e86265575a3831a4fc69cc8c |
\Users\Admin\mentalmentor\Qt5Widgets.dll
| MD5 | da70580648a398ab1c5336ee9ec631ca |
| SHA1 | fa67a8a2d7f7930a45974dcb7a12e56914bf0a57 |
| SHA256 | 600285754e7eee7239b9d252dbed5c9d2c9c4c432751b8953dcb2e8b45e0408a |
| SHA512 | 83d85df1717a5b1dd5b31f5ab33e73d1442027a719af7fdcd20d578598f436d63e7cf58287cbe34dbee8d5b0464a68dfd471d8ec6a95a3168eb8639864a7adfc |
C:\Users\Admin\mentalmentor\Qt5Core.dll
| MD5 | 7d180286e9c071c7bc3a6bc2ace792ac |
| SHA1 | f5947d69aeaacc8a378721f3750b049cc41dddef |
| SHA256 | 4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4 |
| SHA512 | 9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167 |
C:\Users\Admin\mentalmentor\Qt5Network.dll
| MD5 | 2e3db1cd1ec59d08706438258e86ea30 |
| SHA1 | bc20b1e40049386e6bea3f448a6852bc879a8821 |
| SHA256 | 37275f3ea79d15a2792bf21f71f1df825f201cf8b33aa1f94ca93d62d76b216c |
| SHA512 | 0c0e0e02ccadc3f2b3f6c8cbf2c162fb73734b0b244c80048968a6fe268450a270a3f92b155daf6268fef246d26ad417e6cec224133fd66e6ffb3a5394b04358 |
\Users\Admin\mentalmentor\Qt5Quick.dll
| MD5 | 07266e7d049ac4499f34ce281f3a50d7 |
| SHA1 | 257968090b95fae67f92f82db9cab1f7613d75e3 |
| SHA256 | 5f246016691ff883243ee9b3c9215eb16b859b12aefc5f4bbd2fbda3911883de |
| SHA512 | d7f9ce2fb11de178d6d38a5580c503c21fed6777067b8a8259f9fe35b44047040b705903db4ed3fbac821806cbd5ca1db0f5fcbec68cdc49282dc0e63a3257c3 |
\Users\Admin\mentalmentor\Qt5QmlModels.dll
| MD5 | 78e8091feb2e6ce5646459db0ea9e465 |
| SHA1 | 1731d2d47cfe21394f208f7baff7ea1f2e702546 |
| SHA256 | 065c8d687dc74964123f4bb06319565b163b164ab09dadc1eb6929ee19755735 |
| SHA512 | b3fdf745336c7473b9afa57432379ff32ca5105eb956779da16de3cd55453af54e1420e5f514a1bd9f78107dad4ef719089640cfd0f144d8b7a36e3e39e319d5 |
\Users\Admin\mentalmentor\Qt5WebEngineCore.dll
| MD5 | d1b13b694c699e25cae33128924f8123 |
| SHA1 | 9a24e859601f50cde47b29fe31b649dcaa84ef20 |
| SHA256 | de71b3d6da8162d229dc030d344561306bd7d96ae7e3ab3d922771efdd22c542 |
| SHA512 | 0a6af5bf509985be60bc5aa0dba8d37f338798e7b6ab5075c6948026207c6be48114c7960c08ef7edc3315f697122394e79750451883778d1f214e3222aa8a6c |
\Users\Admin\mentalmentor\Qt5Positioning.dll
| MD5 | 7564b2125d2554c98d92d20295d0515a |
| SHA1 | 1604d1ab6e424cab14e1f985f288b4197023f548 |
| SHA256 | 1225b627e5267a9a758af530e7fc842e3ac1c054647ae061a524f8a059a87879 |
| SHA512 | cae8d731ee8cc5be31403bd32a7118075f0b708bca667a7c41eb876f15d60570b61626fecc1fe61b69313d7305ffaae80209c35bd68e02a48229692621633922 |
\Users\Admin\mentalmentor\Qt5Qml.dll
| MD5 | 7cda5037206a57cadd50b5f032876a8e |
| SHA1 | 314b671b27e9602a66396ec37bdd6e70bb180d92 |
| SHA256 | e45f26ebbc2b0499e0e90f1666fd13f1bb2bed1073e828d30b6a3a70599d4bc9 |
| SHA512 | 1450a79b017b4809c83c2fc4ef53df926e3a725959b6e378c5a55c853d2151a2ba70272848962931c58596fb4174601e3defedb120fd0a211d57be9d1908ee3e |
\Users\Admin\mentalmentor\Qt5PrintSupport.dll
| MD5 | 83fb40d5ab3108f18832b78574404b62 |
| SHA1 | 0f6ae59ca205ca75a8ecf02d0e0ed5203f894685 |
| SHA256 | 74e737dda4f666c28f9543bde9cee526a18d0088a780b497ad7c1772b3cadd4e |
| SHA512 | 8b9763c3ae94178a350e355f436bcc8b1802064eb2e968327afa423688035c2aa3ae7989cb4d0f61231e1a7aee86a2635626ccdcfceeca3058d99520f4e38d1a |
\Users\Admin\mentalmentor\msvcp140_1.dll
| MD5 | cb8e791faf8a711f9863f759f37fd316 |
| SHA1 | ab7a1a33574364d8bfbeace46bda3c8192faf379 |
| SHA256 | f1efc4a0f0aef50477fc979642a51b1cdcd23c689f98afa9f5a039f5f05904f0 |
| SHA512 | 30a30ffcb3514649d2aa747d4036eef50dbfd986d1bf8e5e855f74a5c55db61c4d77444378eddcb73a251cb22fe4f8658a0aa7989a78552b36a7fed5bfcc1a2c |
\Users\Admin\mentalmentor\Qt5QuickWidgets.dll
| MD5 | 0c1210b83e965e391ec725811f4c233f |
| SHA1 | 156b414ee4d78df6efc37717434dd4428cc5f9d0 |
| SHA256 | ee8ecdb086359fefc14f82cc2aac7b572a471264ff756e848615cafce72c98b0 |
| SHA512 | b82e5f871cf4b57b7bfd34d6413b070adbb63872ef12e2a1bcede47a59721d210f843e2eb6d15ccfd66578bfb71afd1e57b61815a0951919245a5499066140df |
\Users\Admin\mentalmentor\vcruntime140.dll
| MD5 | 1b171f9a428c44acf85f89989007c328 |
| SHA1 | 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae |
| SHA256 | 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c |
| SHA512 | 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1 |
\Users\Admin\mentalmentor\msvcp140.dll
| MD5 | 1fb93933fd087215a3c7b0800e6bb703 |
| SHA1 | a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb |
| SHA256 | 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01 |
| SHA512 | 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e |
\Users\Admin\mentalmentor\Qt5WebChannel.dll
| MD5 | 3a180dcd023884b1cfc2ce66b57f4931 |
| SHA1 | 1a8d719ffa5bfe24d7addbf480772a4b256c49c2 |
| SHA256 | 34e5cf82808bba7dd544fd83ab0a88ec6c336d7e00319a4b8389f8c4d4d2ebab |
| SHA512 | e4b0234dbdd09d5da8817621d25f10ccb3666e95c002d7cbecb3735ff1a111703792fecbd80871f3559d403107f55c1b02932f3a4351262a4c6db3c271d7d84f |
\Users\Admin\mentalmentor\sentry.dll
| MD5 | 231c11192fa58f32794dc7fa6fec9f8c |
| SHA1 | 7bf5f9364a4251b91a274188f504d839e9b4c428 |
| SHA256 | 9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d |
| SHA512 | 6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867 |
\Users\Admin\mentalmentor\platforms\qwindows.dll
| MD5 | b2af81698f607061986109b4a9004819 |
| SHA1 | 36a789f49738de6a10bfe82a282ee7e5fefd396b |
| SHA256 | 4d1eaf41136ac3faefb76f5cf2efe8e7f8a11fd6a943a8b11f2f2a8be5cfe19b |
| SHA512 | 1786885032c3a7f4b4d6624dc0f1365322619f6ed92417a8671fe0a36e20016e677f254da0909395a5b4d0f4c3403072eed8c1471dc3b729cb2d687c4f78b6c4 |
\Users\Admin\mentalmentor\libGLESv2.dll
| MD5 | 7ff6836c626bbc7f0833a66aa77a7a7f |
| SHA1 | 9ad21c1a5df940999ba9f884d21868d3b69e7155 |
| SHA256 | 8cfc024d09a6784486da7dc0ebfd90c0c8136b27c08ec1c3f352cd4fa43b9273 |
| SHA512 | 8ff378b9d2a1058396ff5e9795f7bd25fc3092f94b9274447c849c19294569197f6920bda448a3e2c06b012ba1468d75f2b26ed1bd4e54191f28ca209bf41697 |
C:\Users\Admin\mentalmentor\styles\qwindowsvistastyle.dll
| MD5 | 53af56ea898bb82775fdd0f940c429d2 |
| SHA1 | 5675fd1243ea87e59256b05e5a7c6c64298312ea |
| SHA256 | 547606fc8a6b20a2616a4f390c6cf0e7aa713f6ad53bae23c8d1b021885aab0e |
| SHA512 | 401f9b346a3da18e750cf26cc05e1013ec8446955344d0e353012abdcb4af4e836515531b1bef4c2fa5a07ec5b41a9cd74c68e39b977e43f9ad1a06ac32fa27e |
memory/4668-496-0x0000000000400000-0x0000000000717000-memory.dmp
memory/4324-497-0x0000000000E30000-0x0000000000E40000-memory.dmp
\Users\Admin\mentalmentor\libEGL.dll
| MD5 | 371aeb50f7816108b346b67ef2b11e1a |
| SHA1 | 5de780b46d7663d1615727edaba32b5709286d38 |
| SHA256 | 12903d93a7f57b479401602a533849e6f813ff5c2c92f3a02d468fc98e7ac1d5 |
| SHA512 | 4aff94adbd97948766c7839220e15000a4defb7d46b5502872b16225e8c5b85b6b674b632455afbb3db729d5f2e9666b32b8db282ea3499ebd84fe4ce11d9631 |
memory/4668-489-0x0000000000400000-0x0000000000717000-memory.dmp
memory/5080-500-0x0000000000400000-0x00000000004DC000-memory.dmp
memory/372-515-0x0000000000BD0000-0x0000000000BD8000-memory.dmp
memory/372-516-0x0000000069600000-0x0000000069CEE000-memory.dmp
memory/372-517-0x0000000001240000-0x0000000001262000-memory.dmp
memory/372-518-0x0000000001200000-0x0000000001210000-memory.dmp
memory/372-519-0x00000000054B0000-0x00000000054E8000-memory.dmp
memory/372-521-0x0000000069600000-0x0000000069CEE000-memory.dmp
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brd_sdk32_clr.dll
| MD5 | c6030e74a4597da324a77da97cb33ada |
| SHA1 | d015867cf7aca7a93f0912e1dccbafb1b2f4e04f |
| SHA256 | 44147c861e95842b7cf885afdd84935e28566514b3dccf6a1f8fb97df21aa21c |
| SHA512 | 25484367903290a2daa7d847a4db6ee72dba137ca4ee5410824d9d84618a0aa41bd33ae55475efe4f9034409b8e8c97daacbc82dd56c75ad29aaeed478be28db |
memory/4744-552-0x0000000001700000-0x0000000001710000-memory.dmp
memory/4744-553-0x0000000068EE0000-0x00000000695CE000-memory.dmp
memory/4744-554-0x0000000006130000-0x0000000006850000-memory.dmp
memory/4744-555-0x0000000006850000-0x0000000006F5C000-memory.dmp
memory/4744-556-0x0000000001700000-0x0000000001710000-memory.dmp
memory/4744-557-0x0000000005D40000-0x0000000005D62000-memory.dmp
memory/4744-558-0x0000000006F60000-0x00000000072B0000-memory.dmp
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_install_id
| MD5 | 7a4ec2cb99e72f0e3190a58f52e9ad8a |
| SHA1 | 9e5a90b5c5ad8884f18084fdcedbdb3c14c0f497 |
| SHA256 | 8c0f48908e83f5b49c33c726d4523e5823519e531061fedf6b5d1b7209659abc |
| SHA512 | 4acb9a60ea32692374b84244ea55aa72a23b2cc5cd1359f352af92c7af93070f774367b17b5cf308679a459c787b4ee1bf24802554b5bcf1c810f593aaf152cc |
memory/4744-584-0x0000000007F10000-0x000000000843C000-memory.dmp
memory/4744-589-0x0000000001700000-0x0000000001710000-memory.dmp
memory/4744-597-0x000000000A400000-0x000000000A408000-memory.dmp
memory/4744-598-0x000000000C6B0000-0x000000000C742000-memory.dmp
memory/4744-601-0x000000000D340000-0x000000000D416000-memory.dmp
memory/1732-622-0x000002D170800000-0x000002D170810000-memory.dmp
memory/1732-641-0x000002D1704F0000-0x000002D1704F2000-memory.dmp
memory/488-736-0x00000263C75B0000-0x00000263C76B0000-memory.dmp
memory/488-746-0x00000263C7AD0000-0x00000263C7AD2000-memory.dmp
memory/488-748-0x00000263C7AF0000-0x00000263C7AF2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8RQS2CYX\favicon[2].png
| MD5 | 68fe9d00769981b3e7c91064dee8648d |
| SHA1 | 821c5601a37431247ce161931a794db0a87ca69f |
| SHA256 | c9b3cb09c1cf5f0715fee4cbdfff0316f9cbce636832b3f01fe190ffb2019544 |
| SHA512 | 5d462add5e81c8a40a61e7a9d9d9f47ba069ea179c3352bb825dfe81368cd6969d55cc4317cd1029c631d467cc04cd058c1ad0e429d4f7f04d7a84ee20504276 |
memory/4744-857-0x0000000001700000-0x0000000001710000-memory.dmp
memory/4744-861-0x0000000068EE0000-0x00000000695CE000-memory.dmp
memory/4744-918-0x0000000001700000-0x0000000001710000-memory.dmp
memory/4744-919-0x0000000001700000-0x0000000001710000-memory.dmp
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM
| MD5 | 2118c2211b79b1eda140816a7d312c29 |
| SHA1 | 9fb14b6ab0ecdf422797b7fd7ca323ce7f8f4fd6 |
| SHA256 | 2f1308617826d2dbd774cb580b7ad7d4a3832564b01248f7cbe8516f8ea3d147 |
| SHA512 | 2ae8242c850e52351ca74218137a317e87d174895f80a35bf81d942c6bd85f93406c88d8081c617e74c591f94ed2a0df1e9f9086f4ffcf8e13c185cb7955fc02 |
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id
| MD5 | c91f148c730f5e012d25d863b5e3a6a8 |
| SHA1 | 0af66a5def42a881c8f5c3a18cf3dfe9f0c3181b |
| SHA256 | 04f792a866c0fd978919ccdffef15ba52541c73a3dbf407c372d106df32d0328 |
| SHA512 | 229357df825b68473d5730c94f137c065af86619feca45c23e5c80c365d21ad5b296ec74778745358d9d0295a967c55e9572cad2d8e06585ddc4a3645b4f9ddd |
memory/4744-959-0x0000000068EE0000-0x00000000695CE000-memory.dmp
memory/2716-978-0x0000000002CB0000-0x0000000002CC0000-memory.dmp
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/3636-995-0x0000000000F50000-0x0000000000F60000-memory.dmp
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBHW1F6U\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/4324-1123-0x00000000011F0000-0x0000000001200000-memory.dmp
memory/4324-1144-0x00000000011F0000-0x0000000001200000-memory.dmp
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\aa1bbc80-ed7c-4523-bb86-a5b1fcdc88a1.tmp
| MD5 | deede6511277721a6ba118f5598efd0c |
| SHA1 | b142a0fb1358853dd2e635a663cdc3605566b202 |
| SHA256 | 4fb7d3da2902cc179b3a5acbd45ec6b1f0f4b31fdc757b26f8ec4a38b1d5b2e7 |
| SHA512 | 8b01d29770e9dca654d5790d5f6244e366512a14b92771f7c9d2f9ebbf87b3e2dc580c8f51d7394f38022929181c70c01bd8983c577524df7627ac8da32bc1b4 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\TransportSecurity~RFe5ab910.TMP
| MD5 | 374baee7e520c74ce586abcf8c7da550 |
| SHA1 | 38c1c427c07ae459624236360e222e1a8dd4b3dd |
| SHA256 | 1f621962466b0d24b98496c9c115faa65cccc5182d52991b95c638b9f38d9dcf |
| SHA512 | 32edde2e2c5db3d41e26408b1d9347e3300b4edc7898b86596270e45de00faa3b1726c30a56a1d81880ce8f482f1cabcda771a4a220f9c61e63a0261528ab536 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OR3O6NAO\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\G9TNOGZ1\brightdata[1].xml
| MD5 | df21f1c42ab258e64898101429975150 |
| SHA1 | 2912d28f8b03235847d627bffd001b0610c7119c |
| SHA256 | 26daaab4ac15f3f262f85f35e9e4520b6ed1bfec8552f8a4bb75d0ec63fc7bb9 |
| SHA512 | e23b51a4ef8ec6e545ec1225828b71d901c5733d0e54ebd9a5e20f857557da254b5c0a4167dc01f61b0c5b5310dad8483a81b1fffd23078e30f2dde42a55483d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\G9TNOGZ1\brightdata[1].xml
| MD5 | 421c3815ec17ac5ddb8744a8e6fe990a |
| SHA1 | 616653170971932e2bc21597d81e792c5dc75d1e |
| SHA256 | b4bf63e786644c74e298350ab512fc06151621d786f1f3e707cd181e0117a5b2 |
| SHA512 | 2e5247ff8693f7a168d7492c0dd526bec901e0764f8659c69afa53bd8c819957e402bccba5c71c1c7f0d578e902f2a8797b0b5be771ea48ce1b599388f0a63a0 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\65199d85-3ff3-4568-b391-d7423cf529b1.tmp
| MD5 | ac953707db93595fcb41e8a5341ed168 |
| SHA1 | 43980b7f16c01a427a8c76aa71ac39f9da7ab4a7 |
| SHA256 | 44fec3bc80a1ecce7957b4931ad134016d6acf99ec51a26c0c7d79febeddcfb5 |
| SHA512 | a4990a69be2bee697473c9ea6202c9e23b5773d2a9c47f3db91a48ac7d6ccd6dee45fdb33f9e81bf91acab02ec487aa61fd191fcb23e0f2bbdc3e79c4feead6d |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\f77e4634-7d15-486a-abe6-a3d5d4e5d571.tmp
| MD5 | b6260f064506fb4bd1271b108fcd72e9 |
| SHA1 | 89eb11e39cf61ceab6cfd86cd78061c9f051fe94 |
| SHA256 | e5765d94249e91cc80289ec03ea78e39c5fc318b9ca99de4fa335437cf08fe6b |
| SHA512 | adea3056b295d5b47312f9bb93927e7ac855ac98d91bd94fcf6af42f8280d50c31f2e2380d148c6816a639c0e9550193ff61092c4579122a0ffce72f2c38cf73 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\e56b98d2-fed3-41ad-913a-8ca848b0fb07.tmp
| MD5 | d30049c6499544c5b0568a5984df777d |
| SHA1 | 3ac9c88f92e8c8669d0d1c0d2036093ff782c901 |
| SHA256 | 2192a76c022593c90b26f9dad5bfbe9251c6a9598ba361ab77b6d22a4cd238f4 |
| SHA512 | c832414c4e302bd66eceb35e4752e45bd1ec0b917b423cb8407e92f840e52905be5f5426fd645e05458d9b7b469cee3df0fe0ded88d46ad2ae7e9b7e189b5af1 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\0fb4a884-2e21-4b7d-9fe0-40b126a4c3d7.tmp
| MD5 | 0fb0f870752591d1db52cd1616adfba1 |
| SHA1 | 1330853ace9839d935459d6bbc6f2db33400d72c |
| SHA256 | 5abbb0e7a7f8dfea6649fdea7277e126969172624db928cfa099fc14893ac124 |
| SHA512 | 4bd8d6b0b17a7d5cfbcabdbe4caaf5afbd3cabcc3c7908c68e68f01472ae68f489a02ddd404671526a0a1c841bd95ceb8f9c1d55dbcc0e510fa63596e501e901 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\57f71056-495b-4b69-9fa7-f1e8a83fc05d.tmp
| MD5 | 9042f9a4f7f190ee0ad383e0a8d33425 |
| SHA1 | a847036cbe24c59fcc1369f0876533f45378861c |
| SHA256 | eaf19e7888ae9d459a8918012756ab8cf8de6339e8f107563703b7a08e7c2ccc |
| SHA512 | bcd7c1740343c4ae2bd1399fddd85eb863df03a266c9059369ce54546c675ac65599e6ae4d9ea5688373aa8202f8858e7be2144ed515dd3f9d83a1251deb1b7f |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\e6ae8f62-19bf-4ed8-9931-bceabc4f000e.tmp
| MD5 | 118ce9ddd6139706ac64986a3c99f71d |
| SHA1 | 1533e80629cd45f5b4dd767ba2de56fe8291a55f |
| SHA256 | 4ec33ceec383191187c8f9dd309e08563724910ec030eca5b1a077af5ace3ce6 |
| SHA512 | 383f401989af7d0b10c9415cfa1e659bf88b443879461f62a8749ae0c685af9678e89be0d946a2c58fe3c68a27aecdf443e123942dd9950f035c892c2017df6e |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\ce982963-bdac-40a7-a3ec-d8032143d02b.tmp
| MD5 | 4a842b38712604936f7e0421a353db84 |
| SHA1 | fc5841e10aba515e468592ea96b408dc53a2e6b4 |
| SHA256 | bfe38869bb05544e32afd5cf1e55aeb96aed0d50c3e254aa457ded80d7106c2a |
| SHA512 | 75734a4a4681733d857513b830e5b4fd37c96e2e367df53420cac92471021eba9294c4632ebcc986d300dd7322b0faaceea49f6b81260b3d88964d9bc4bc2184 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\b8ddb0ac-06b8-48a7-a947-e3cd943c1d72.tmp
| MD5 | faf0da4c92ef57228c421d8b1bc9c34c |
| SHA1 | b2d10821cf9f0aa4436945045c3142f737084153 |
| SHA256 | 308c9c82e89a449414b237309ddb4d692c3d54d84fc67ffd93591d1345d740cc |
| SHA512 | 3d06dbb2c553e8c6592d37389d06a5b85894c6a0f57fc61d6d8d0123d7f5234de2e009d86464ea3893d1c5d50ef5089ebe231805e7854fbc766ab9570d860a9f |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\1276b9e7-2bfc-44f7-9c8c-174ad5747d8f.tmp
| MD5 | 250b6f82d3a19c17a5d6949c3e92bcde |
| SHA1 | 026f30bb3f2f9f956ba9326b226e0f072559f0c3 |
| SHA256 | c5b3c6edab1a66e461ed318c016ea1ddc3df8dd9f5d25580d3e63a9b08f10afd |
| SHA512 | 87c0f55de2c2b1e8effbcd9736014f54af2c2534ee27ac0f102dec93a9104a69e97c6d0bd0a956459ca6975a33b3d71b8bdcdd83f9c797ebb3d0351d3a41ce37 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_inst\5483d6aa-6e92-4865-83c0-528ef86be6b0.tmp
| MD5 | 230987de069c22c99a206dfce781afd1 |
| SHA1 | da05b104ede1fd79e896098f8d92e8d93822d574 |
| SHA256 | 12b68fc6e479f9964df77d38dbfe7df5ba93dbc975851ddfda5ecdcd248c823c |
| SHA512 | b59bf5aaf2c7fef59a155cfc1f6ac834b7973bf04ccfae67e35ca612ca13f40bb57aae9becf6036edcb4ccd152c78d1aad3f883c02e31351632ba2748dec29c1 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_inst\user_prefs.json~RFe5d64f6.TMP
| MD5 | f800a48bfea6e28a7eea1fad252a1034 |
| SHA1 | 13a0b78ca023a4f17b626a8a85636a83e43cca11 |
| SHA256 | e61562ed7fb8d074e0787be3f941a441598348eae1a54eb5f48e0f40a0a4e1e5 |
| SHA512 | 454993fe7d6381007fec52e54ca866e155c096a0a6dc2d47d2d6abf0a0ff12e9fb4f39a7afd33654e55098aeefe29b813ccf9e0fac8f473e8807bdbb3c98766a |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\user_prefs.json~RFe5d64f6.TMP
| MD5 | 9306e6bb208058f77caa55239d6cccc1 |
| SHA1 | 22ac05608d25253a92df306ce2f4298787b347dd |
| SHA256 | 6efdfb9f4eded6b1f9cee86b0040cf062131413fe0cf736a22f5fefa4e4e66ee |
| SHA512 | 62948fe2ed48568f6fa9054b686d4dcec5cdcc814cc10187b23022d201e36ce6e6ec095ba126296e9516a6febc5014827b2751bc14f1703a931ab38e6c607943 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\8026dfe0-f8a4-4b42-a6d4-cc52fd139d9a.tmp
| MD5 | 93ef18f752efbd03763a14be17a9c20f |
| SHA1 | dfc305d2daec8b4febb2b3d34522523ab6f8b9a1 |
| SHA256 | a992e6fc8dd35f1b32c58c8e2656577de43ea4d9a0fd5c4b6ba0816d3c4a13a5 |
| SHA512 | 36bea91f66b2e7dce0759a1d72d465a3cc6fc4abce9f4573a46a2af1befceb534ab3c1929c3a6ed9ad1c8352b950f73c2695f54316c4b357f1ca8d14203796ab |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\fdcde7ad-7229-475c-a6ff-2d6a17549e06.tmp
| MD5 | 81908e5f82d49e787a4b6ee1315d98bd |
| SHA1 | 8e48e58691c0e20515ab9c57b7f43a08558e74d0 |
| SHA256 | 120d7081de1d50d3c625a17f63f5283a2cf0bc120d609b4f846f1faaace0efc1 |
| SHA512 | c46cf1a5a58d39408dd68a722ea1c2e22b4ed29515ff8c555fdbc840a098e299f9aec94ea0bac5007eb586f911e7615ce09abf1b896ebe12cac6cdbb13f82027 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\f8f27eb3-ec5c-4ab1-8522-2b97e0e54cb3.tmp
| MD5 | 3fb3bf0de185ceea20825a868ae3c8d4 |
| SHA1 | 5414afa646333ae9bb91e504b965fe76a62cba9e |
| SHA256 | 58acc632666a3e2c771eabdc0291e3699a9571bf1d83cc53321641515273823a |
| SHA512 | 96d9813e2385654a459270015afb36661315ade71aebf60d2076654a5577792967a2f4f0b8c382a185a3381806d4175df0c5570945ce00aa14b12ebd231236ad |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\f77d4110-debc-433d-bf2c-afe0a779e260.tmp
| MD5 | 1b95262f6783a85efcaf6166d304daa3 |
| SHA1 | f3a6e3b01c50f2aab861d53e2214b7f78f3eac1d |
| SHA256 | a22a67f7eeae180899586f2a9e58c3bfac59cae65d5a2aab8b078eefa5cfc809 |
| SHA512 | 4674072ab856410295b6f49a73ff4d45143dad11d2d3ac2da30e97b936c9b5818bf7aff56e4f6873e2e1168e2438248e1d4905c0398677c7efeda6aa42f655fb |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\551b059c-ff4b-428c-b367-9e3e86787841.tmp
| MD5 | 00c352ee04a318b6ea8830fcc9c05467 |
| SHA1 | 8643f40f6bca1dd547879f2e82463ab719c2d7f1 |
| SHA256 | 8d4d85804c2308a5bf4b0829d675b74d112f3ca56f45cd9909ea10a2b1daa380 |
| SHA512 | 538a46f834715a62da6d3e09d8a91fa943fbf534f10383d75af157fbee555b5aee75f65456eaf0612994b0a950c6bf808ae363d38e76d9d5506eb80462082cc1 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\07988938-f6fa-43d0-9d59-ab25b62fb6b3.tmp
| MD5 | bf47d8d7be42953cd1ca1e4da87b9f6c |
| SHA1 | 77693bc98124cd410cc8969555eecfc524d72bfb |
| SHA256 | 9e78eeab72a39dbdd4f08cdea9b1b8bb4d52c5e3a8797e339b51a771cf269703 |
| SHA512 | 643ff0f8a394dd26d0304a649a60a06af5e5f33ef475249615298b228ac0c9989d8fc6a04a871cd76329d715c13422534acf1b5ca645c5dee5a21706991a6b0f |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\801242da-102c-4dee-ae8e-39384ff4ba4b.tmp
| MD5 | 427695d1be346bb224f4b3cbf3606982 |
| SHA1 | b9303d97fd4a58d8819f2a5dafc95860b282b651 |
| SHA256 | be6ba498570cecd1354a9bd0731d1fc84be67f13a49bb2ac62025ffa381b55a5 |
| SHA512 | a13f1321bf69bc51eacf6f3472f7e5395a1324f803a2348fdc1ff46ba03d3db700771d8cb43a363f6eb97d499f668015fd0b2dcddae22e70d050373a71676c9b |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\caaa2e85-9d2f-428e-88c7-f4b7573e794d.tmp
| MD5 | b3721437baa09fba17870cf896ef5261 |
| SHA1 | f067c84ad7dc1ac7bc650b5487eab112fad0e3f7 |
| SHA256 | fcf24c00602482045503ac3ef5f673b51492e7bd32a23fa601e2f84abbd1951a |
| SHA512 | 3bf5f8d190a792ca447995d5b81671f8848bf9a41295b748f95cc0a945ddd1a3e1c055f7c92fba058804e90d33f764c2dbddf74d8bf243cad4aa6eb749e7a244 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\efb12643-6691-4b2c-a0f2-190cdb24adfb.tmp
| MD5 | e910213ac81b542b28c4f92abe5fcdba |
| SHA1 | 4770006114976e2d4a0621e8a3190f2abb8cc34d |
| SHA256 | 090c38897740334eb7549d2c709185a4aac8b6fafd9c54c535ace1f8b4588010 |
| SHA512 | e5374bb2be0fafbfe48ecf81436e556c3c25cdce6db73d93bfd92e6c1fa33c1713be3cf7aae213cbd77ed8af26cf889b618ff6462d88961d56301b5a2b41b4d3 |
C:\Users\Admin\mentalmentor\settings\webengine_profile_main\8b5a0aab-4a17-4675-a5ea-b2b02c19e798.tmp
| MD5 | 082a30ff461bbfd5cad7527bf537fa31 |
| SHA1 | 34927b7646817c463db0293acdcc80883c2140e7 |
| SHA256 | bdad6d3b586c38988e4d82b30797eef116ded2f8bfe333ef32a4ea9d0a914daa |
| SHA512 | dc06dc1a4baba64123c0b6fd0e60cc9b6e2cf0ca7177aa415c7f5cedb3938b3ec99a36ec591433d7c5dc23884e869b55beddeeb8aa648cab3dc727af1608cf62 |