Analysis
-
max time kernel
207s -
max time network
208s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
22/02/2024, 20:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/
Resource
win11-20240221-en
General
-
Target
https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 2 IoCs
pid Process 2708 netsh.exe 2632 netsh.exe -
Executes dropped EXE 16 IoCs
pid Process 2808 MentalMentor.exe 944 MentalMentor.tmp 3080 7z.exe 2408 7z.exe 3000 7z.exe 4336 7z.exe 404 mentalmentor.exe 1108 mentalmentor_crashpad_handler.exe 736 luminati.exe 4276 test_wpf.exe 3896 net_updater32.exe 4912 QtWebEngineProcess.exe 800 net_updater32.exe 1304 test_wpf.exe 1480 idle_report.exe 804 brightdata.exe -
Loads dropped DLL 54 IoCs
pid Process 944 MentalMentor.tmp 944 MentalMentor.tmp 3080 7z.exe 2408 7z.exe 3000 7z.exe 4336 7z.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 1108 mentalmentor_crashpad_handler.exe 1108 mentalmentor_crashpad_handler.exe 404 mentalmentor.exe 736 luminati.exe 736 luminati.exe 736 luminati.exe 736 luminati.exe 736 luminati.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 404 mentalmentor.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mental Mentor = "\"C:\\Users\\Admin\\mentalmentor\\mentalmentor.exe\" silent" mentalmentor.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 13 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 net_updater32.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log test_wpf.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_488E097E1A6B1768143D54114E281A12 net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache net_updater32.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrightData net_updater32.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\idle_report.exe.log idle_report.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_488E097E1A6B1768143D54114E281A12 net_updater32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 net_updater32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz net_updater32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 44 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates net_updater32.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531089400406082" chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust net_updater32.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs net_updater32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs net_updater32.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ mentalmentor.exe Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier chrome.exe File opened for modification C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\lum_sdk_session_id:LUM:$DATA luminati.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 404 mentalmentor.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4256 chrome.exe 4256 chrome.exe 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 652 chrome.exe 652 chrome.exe 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 944 MentalMentor.tmp 404 mentalmentor.exe 404 mentalmentor.exe 736 luminati.exe 736 luminati.exe 736 luminati.exe 4912 QtWebEngineProcess.exe 4912 QtWebEngineProcess.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe 800 net_updater32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe Token: SeShutdownPrivilege 4256 chrome.exe Token: SeCreatePagefilePrivilege 4256 chrome.exe -
Suspicious use of FindShellTrayWindow 54 IoCs
pid Process 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 944 MentalMentor.tmp 804 brightdata.exe 804 brightdata.exe 804 brightdata.exe -
Suspicious use of SendNotifyMessage 15 IoCs
pid Process 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 4256 chrome.exe 804 brightdata.exe 804 brightdata.exe 804 brightdata.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 404 mentalmentor.exe 3520 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4256 wrote to memory of 1244 4256 chrome.exe 41 PID 4256 wrote to memory of 1244 4256 chrome.exe 41 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 3776 4256 chrome.exe 83 PID 4256 wrote to memory of 2176 4256 chrome.exe 87 PID 4256 wrote to memory of 2176 4256 chrome.exe 87 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84 PID 4256 wrote to memory of 2704 4256 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamunlocked.net/cbb91-tomb-raider-legend-free-pc-download/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3e149758,0x7ffa3e149768,0x7ffa3e1497782⤵PID:1244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:22⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:1028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4752 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:1988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4000 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:1360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=928 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5844 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:3388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5980 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2144 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6092 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2204 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5176 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:3320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6028 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:1880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵
- NTFS ADS
PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:3396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:2104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:82⤵PID:1764
-
-
C:\Users\Admin\Downloads\MentalMentor.exe"C:\Users\Admin\Downloads\MentalMentor.exe"2⤵
- Executes dropped EXE
PID:2808 -
C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp"C:\Users\Admin\AppData\Local\Temp\is-OAGJT.tmp\MentalMentor.tmp" /SL5="$15022E,2483341,845312,C:\Users\Admin\Downloads\MentalMentor.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:944 -
C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3080
-
-
C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2408
-
-
C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3000
-
-
C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe"C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-1EFJF.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4336
-
-
C:\Windows\SysWOW64\netsh.exe"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes4⤵
- Modifies Windows Firewall
PID:2632
-
-
C:\Windows\SysWOW64\netsh.exe"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes4⤵
- Modifies Windows Firewall
PID:2708
-
-
C:\Users\Admin\mentalmentor\mentalmentor.exe"C:\Users\Admin\mentalmentor\mentalmentor.exe" install4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:404 -
C:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exeC:\Users\Admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\mentalmentor\sentry --metrics-dir=C:\Users\Admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/Admin/mentalmentor/sentry/log --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-event --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\mentalmentor\sentry\63c1a362-d711-49bd-3367-68aef6aef7c3.run\__sentry-breadcrumb2 --initial-client-data=0x574,0x578,0x57c,0x55c,0x580,0x72a27b7c,0x72a27b90,0x72a27ba05⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1108
-
-
C:\Users\Admin\mentalmentor\luminati\luminati.exe"C:\Users\Admin\mentalmentor\luminati\luminati.exe" switch_on5⤵
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:736 -
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exeC:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe6⤵
- Executes dropped EXE
PID:4276
-
-
C:\Users\Admin\mentalmentor\luminati\net_updater32.exe"C:\Users\Admin\mentalmentor\luminati\net_updater32.exe" --install win_global_microtrading.mental_mentor --no-cleanup6⤵
- Executes dropped EXE
PID:3896
-
-
-
C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe"C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=3776 /prefetch:15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4912
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5684 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:3736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3196 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:2892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6172 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5416 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:12⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1764,i,13113588402391593588,3003610985527945613,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:652
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5016
-
C:\Users\Admin\mentalmentor\luminati\net_updater32.exe"C:/Users/Admin/mentalmentor/luminati/net_updater32.exe" --updater win_global_microtrading.mental_mentor1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:800 -
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exeC:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\test_wpf.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1304
-
-
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exeC:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\idle_report.exe --id 32300 --screen2⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1480
-
-
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exeC:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\brightdata.exe --appid win_global_microtrading.mental_mentor2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:804
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1252
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3520
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\BrightData\d1bab175a2a8d47f9b561f4c58dc046b93194db0\20240222_205841_once_07_service_stop_1.429.308.log
Filesize1B
MD568b329da9893e34099c7d8ad5cb9c940
SHA1adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA25601ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
-
Filesize
4.4MB
MD55d9299cba510d80d033bea87295ffb14
SHA1d422a5f80da5d6ef253d60a886045043d153f438
SHA2564975db58feedf38b0010b33d4370d3f0a19474891f3de625f0b5f65427bdcefc
SHA512fe07eab604d229d4cde004df41619900be008fba57bff6fd46b0035dc649c1533ec1ba409042e66e02b1e61eda526fff4c5ea77d1ecd5eaee13a3019ce7508dd
-
Filesize
3.2MB
MD5ad027044465902bc8a6e85056d3e2011
SHA1d7ae22a4988b2453c123953e03d0f44a4f2eb9c1
SHA256e7bc43667b3573755abbacb09e1b47168bff77b10387803b6f867d44645ed659
SHA5121a34d2a32b5146c9034d1cd08ddf6f250d1c81d3dd567094a138d8ff46ba18fcaa395f284e11ea565c24d48354ee125d231425ed870d2e848836a2d31ab80bf5
-
Filesize
30KB
MD5ddb7556b90d6b912cbc5b96ade855ba1
SHA11a6cd4dfb4549e94d2381827de64d58f4a49991c
SHA256db1b3dc9925acce3d02b620f1110a4ca8fc78813ac5079b3d40c95c56e686508
SHA5121bd48c043bc2aeb21d1937f92f4ffb3f02866ed74186b401c23af693b7c03ae3590c6ce8a5d1f3c597af36b00175ac9a88505295771e8ea98c4bb10516ed5b46
-
Filesize
33B
MD5e51908c75e6a66ae55b608aa362ee67f
SHA1d6b2aea050b5d2f3db6308a1ec7f54dbe4160ae1
SHA2569819bf9677c3b7ceb122c4bcd9e7066831f99fdece2c55830d9f6d855859f71f
SHA5120b534c62c53a23ce5d8283c6739c29e63eb0079396fa8666ba5a98555aeecde04143b07630bb416bd32c21393e908bc352ad11a98d49697bfab76b803ea61b63
-
Filesize
216B
MD57091aada970baa247262836084a5d170
SHA124c5f093850fcd35cd6792adbd9d3a3f366777d5
SHA256624c0b5f4b56328a3b7861a17f460d8e77a78c4329fa5e4c8ab9780b5a47401b
SHA51233d0fa9296248e01784730675a81ecc9bc1165e7a78b6132add6d53c1cd01b103d1f4b0751890f54509a54086968a25f0625d93d2e02785cf62c1d7afe48596a
-
Filesize
717B
MD5822467b728b7a66b081c91795373789a
SHA1d8f2f02e1eef62485a9feffd59ce837511749865
SHA256af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize192B
MD5d84c3d03d5349eb444b1b2fe779ef736
SHA1a8b386d08eda1ff87554b7e9ad6216907e666858
SHA256ffa6f45cf9a0d20c9c02b30d8f00183ea48fba8d5697c5b5c4b80138fc1ae3e3
SHA512e0fed90bfc28a487a5a3dce324fcdba35215a24810cae47e1362f48efdda444bfcc93233aff34a3d5f1405b955af5e300ec82d63f45ee8517d7c2d1cd60d32ec
-
Filesize
672B
MD505a6a066040c85236c3985313fe590fd
SHA12a341b0dcf22646f0677b5c4fac8be11991a2b86
SHA256984a948e7450607a73b5afe958f6b59a1781e67159d31325245d2c8de32c4944
SHA512db46d1412875f842bcf0af2155f3784fc2dc5a81532c6812b9b99b09835761d8c81d92493217812da1a36edc153047d032d9dc238f19966eaaf6e58476303298
-
Filesize
744B
MD5e112cad92e15c61cf23fdaa51a5ab053
SHA196c0fca24e2cfee9221d1e2a18e8cc54bff244a1
SHA2564cba6aebec88804f781931db3674397874d282ae78ce4c4759072594360d631d
SHA5121dd5268308ee6c0763b997c354a877418486a2659741fe2aabb05aa9c5be5912926b5b9ff8212c005dade57050acf922ca648c4c5cae5595c1500b87bf6fc05a
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_yourfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
6KB
MD520df97bfd7d89e42539f6cd2706fd6cc
SHA1037dc64e41961a085720b8f6ef31091ede129aa1
SHA2564d3440fa308a8574b62fb2e3769182d0c0c3c3c170e107cbb982930eed0ac41a
SHA512524d1ce5915ed7d8637fcebda51cf6cfef9557a71e6e80405f0d4924c2d21eac493ed5a22210fc922b33ab34c089ac327f82aa838927cfa564525a6b8f92a811
-
Filesize
6KB
MD51dfaafa2c016b19d8fb6ebcab6c5f9f3
SHA105a7867768264d772b6ba093507a8380cdb9f941
SHA2566a57e5669c40328378255d52a6cccece64c85277ede2b1811a4488e7e0a4942b
SHA512ff7e480568d466034d2d73b1f4883f4f565b2710ac223bfdda04c1735dcb67b64f823271a6edce5b5cee91dfa6def58be1a4b3c0c10d7915835417c136cd699c
-
Filesize
1KB
MD53ff817366106b066aec0d57569a09b35
SHA11b9bcd9bb564a28e0c900d00bab509139ac18644
SHA256c0a6a5eac348d1efc15b1af7c4d6d4d3999e6be2b5c9a68d61560cf60c1b7bee
SHA512f866804c8aa754347542088883becddbd9f80d4d1538867d177426c81ec75415853042e8c26656c4ce8074e27359da9cf292fbf66806be77f00f8ce69ecd163e
-
Filesize
2KB
MD5d6828a3a25fad8ed3d7cb46660f8fe4f
SHA1ae55281dd0f79795629c82c7f524db305a249895
SHA256718ea8f8c8654df3f5323a036fce04157dcaddaeace1ec243bcf5d7ef91ba170
SHA51240abbf6039ad3b19f14550578766c84939e15249fc438ebf4b7556fc465003cb9fce5434130867b5c8d39816f1de09f335c8e10938c7358bdb57ef5bb30e8a7a
-
Filesize
2KB
MD5c0653d0369621f3b77dcd7e2d458e987
SHA1baa81ebf82508ea2467e0f206d8b2b19fd1c0671
SHA2569d88ad0716c00d2f879ad708a98f2c7f99ea50159d99d355324154b5919d8668
SHA5129f7b36c24135cb744d7f710b1dcb05e89ed3d0ac6e94b92f1ef9a80b10fb40b9b4e51ec9ead3220008c1fc530dcf9de013f85ff6db474fce21407f4c0d2f4372
-
Filesize
3KB
MD52943faea6f7bca87ecb2342a58d06b38
SHA1b8728048f008e7b1d17bc3aa680ddb8d38167b80
SHA2563b12dfe8efecf9d5607eb6d093c979fe263698824de4dd63da58afb313885f0e
SHA5127b0bcff1a9dddd1781a1070fb58d1af79f7ce2c133d6d3c940fb1c9c526203a95ca0402246da75eaa1165105bbf9aa353d4b2779a8163c13927c9ec2deb27175
-
Filesize
3KB
MD5ae5bf0309706a1ae430d3b70ca1e7823
SHA19626e0f1a7df375ce01659a5807939695dcbeac4
SHA256e0b34af216b77af006dbebd68f533d877c61124d385ecc38a2adc78a2444eeb5
SHA512a1f0d7280ed019147b21b08c1dc68e857b3653b0e45e62dbd18150d405b892ff71dcab20422eff8a1f724d69e96f1de123cbb1d1f25cab2375ab696d03d45002
-
Filesize
3KB
MD584b2c5d5855a76d6cd8b0d97fe483b81
SHA139306cb0d707e958174e8831471bb20a919cee0f
SHA256320dae5484214587c89412a15536cf43676550b45eb143bc83d795dc06caaf65
SHA512c8bde205d6528b938e8b1660a19a6b7d1d13180d9195566ee94771c3ef49707d565205d9537b7f8a24c2fba25a4c76c96f888ff21e4f030ce732b32c5bb5786a
-
Filesize
3KB
MD50b66cb4c14dad6b7eec5451fdb00e470
SHA1a28939b1ee945fbe2efa16371acbae9a953ce089
SHA2568663cddbda1c48149ce7f7adcb93d4e9ff114e029b60618324468daeab9712c9
SHA5121581cffe91c562db0595b24187be4fb819795c2feedeb2651378a669672568f9fd0cedb71479f89c83ea4642f328f9dc50fa176808f5f7369963106b53a53a5c
-
Filesize
3KB
MD51d894302ddd9ab0dd66969848a2cff8f
SHA1df56157d7e163c04327d96a21b897ec63483ff4d
SHA25629b48b50d9812ba7a6170f09fe1c8cab87f90701016b94a2b255bd6ce03931fb
SHA512f16a699aa7457a9e37804a7cb12811ad4df0c8e28f4390b00fc16ab9f3413e05f62b5286679b7fba69caa6872460d53914e0e9dcf3fe95fd8d11daca74afb2bd
-
Filesize
3KB
MD5b7d7f04d6e1ffa569198e4301dcee465
SHA1ea60460f31c6262f277228cc5a20eeda12cc6383
SHA256c72064ca320563ad9df03c863d1ef9f42d96f9bc115f97412daf8be2e763d876
SHA5123bcf2c1a0a4ff338ee1313ed33984a9904c903b384a82a28bbfc3e314a8f5932504e6bd72220498c2e2deb533ca2b002f26eb049e16fb85fcef3f6ccbe6b0beb
-
Filesize
3KB
MD59f4dd5b097334b79f2296db9105b6ab7
SHA1aaaff27a714267068018b1598af670541d9d9e96
SHA2560d440468ced4bc0a9333250024da9e2e6349cb6fac505083fe7abcaf97ac38c1
SHA512d2fc15cb9c7e1c4200e8d9e19a694da9bd18069f9a6273d7ca18ee6a392c7398dd414bc7675de5caf0203e3e885ffc505d388b300d7ba491cafe2d312164752b
-
Filesize
1KB
MD59186855f23c388d71ae4bbbd5c5b46f8
SHA1209275297b032bc1279d0735432f750f65fd0d27
SHA256914873f1aba88761a96010e947aed62bd4cd682977d470c1ff967ca0ce1c5d8e
SHA512dadba2a458d7f552d0dff0522860ca672fd77a66b1c8d661bc7d23938ebe79e322ee42bd4eabb0024dd4d21cd659766940e9876e3038b9869cd58da6ee522446
-
Filesize
6KB
MD5910859670c3c0080baf46221263cd357
SHA142a6e7ce12cca28e162607ff627547520ec41529
SHA256869f64e593f0fae2cfde4bedac61e16877ae63a22694281aa329466b219ccf20
SHA5121702538cf19a659c066642b24b9ff3cca3c75ed9735be44ec71a1364e3dccff9616997405cc6ae3dfda1e6c0c8e263ad4fc78d25dbc1aa293cf70cfae218bd08
-
Filesize
6KB
MD50e0b5a25232baacd3fad294fb18a887f
SHA14aac3b1e7ea1fd47deb52efcb12f64e075fceed3
SHA256ba24eb803d0b1c69f08906239ecea63e5bb0b5c1861896f970ef10670beefa5a
SHA512cfaff714c6d3f6e560af80067fe2639c178be868f64f8a50a0045c0b1b9700d302aa61f6baf64c826cf2fb785148934c4149d4cb678ca54a50b7fcc3e30bd49a
-
Filesize
7KB
MD5c0d5a86b8567419483a3c8b73842219f
SHA1861b1b86bfd460517e5c83445d0335da9d1cefc7
SHA256f50fb764d87b3738c5216f493b5e3c9b044fc4e78426595023cf422daa6573dc
SHA512a20070330b608524e681bfdb9abb7356b240eb7c1b320ae6f713c5bbd1ad9fe495e6e293c89fb58b30837c096292febdeb1d5ab454e9acbc61528d7b77d92d14
-
Filesize
8KB
MD5b7176aeef878706fd5b5eb80bc1f8462
SHA187ed7a025a7efbd298e6c975bccf8c62fdc22d15
SHA2569d3baa19240996d6f53cf21ff2dc38e1d98fe32f6362edd44b4b28c2c52eda95
SHA512bc555d4e75f473870423cff47dcc995bf69f692fc5d4e1782274a166efce5bb05c52356139ef6dc6b2d058917575d82f004850f85f9392137986985c166cee5d
-
Filesize
9KB
MD5f5ec0cc3f3bced3cd0df3e706cb1fc88
SHA111328cbf4ef89be7f76ee861e912da42619e9c0e
SHA256e07f48fc60801d56f71a70a178158e95f0feb1a71ebdac4c817b559e0d2c6aa2
SHA51207b176e2dabf5f6e0dd0c46343535e3f4003062c76a2e6820d788a9be98c0718015aba9e6d80325ca57ad3f4142de73c11fe9b82d53feb63888bd2e95b2091d4
-
Filesize
8KB
MD545afdb6b030126280ae23fb562e17ad7
SHA15c51d16abd1ad798ac3eb036d61c921fe892feb7
SHA25677c154cb779b7a52d8887737d930f2e82f9599f4bc1b2b8fe788d3b74b2b83df
SHA5126da10a01d7ea413d92d92a91b167b61a3c45421109eb4575f578f2ba07f62d56e85cf641149ce7aafabef282dc8c1b2de7f3f5c7a9b5837f969f58d945cc6e19
-
Filesize
8KB
MD528b19f4d8f16beaf95edb577691e6d34
SHA14f9e2e62ae7b6b9bfbf1df33ad9af7ee3b7ab55f
SHA256e23453485c350f57ac50665e941c2b8e364af9bdd000c583fe3198aedeb296eb
SHA5123c349bf5f6401848e2f142eb0295632be71b210d2e368bf59521def70cd47cd0f30ebeca1bfb60a428db593caca48c5d72fb98cf935ceaa0df1c34ce8c3a9204
-
Filesize
6KB
MD5f8da1f8b7b6409e08fb0fba43fd76f79
SHA147dfe8df57e0ed6ca193a3770c6b239e3189c374
SHA256216687b12a25c54876f6d02eb323f72c15a4bf1e4b8de079195ce9969d1ab9ac
SHA512eff1e46d2e22d3a26b6d6eaa4b15d06d4afb491875a0eeac52587ff7de14cdb17d8f8290d8b33460c566157be72a66a0fb82cf27fdef4575fa797c5ea2f28cb9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize144B
MD5833fe66cd05e2dac98139e660e0ab9e1
SHA13d146dea30c73988fc65ca57c638fbe39bde88ad
SHA2565afc2b5b429541076c122dd6c390d328c0344ab0618717e585c4672769c9ce57
SHA512117aa5323e4cca1a4d81621937b7f8db4092c6318d6f1e3e076d8f47c72d95852e74723898dee77bea08c629efbb780907e16ecec696441ecfaa5ca75613fb8a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize192B
MD57b4a589c9ae4699c587947a3c6054fa7
SHA10a6625f621f2125b0501cf44fc8a9cf78305e65e
SHA2564e5b71af2c7510d9d99c383c299852eea0d6a9d514f8d664b6e96a39e05388b4
SHA512634903463178f3d02f9aee4d5ad5177bae370338503622e8f776fe209d43463090019aeac19b21b266da4ea29ed70e350ad4ec4193b80564d3d2e6725b023587
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5895a4.TMP
Filesize48B
MD56cdbd0ca12649a1f706f88a8de16834c
SHA10ba5d9a63647ee1c9da89e8aa34298bf53c74d5a
SHA25628ac27e0b6eff241bd939d792d1baafeaf60562645e16d109b858ae2ef7d1512
SHA512e557f540697e2bc1a4ec2514c9c73566a11cc38ce79df371c6c9be492deee25f7e3295fd89e346547fec9bfc36dfe17905417ecbb8f06932315e90b345330031
-
Filesize
130KB
MD51b6bcdf9157d548d4a8c521a01735c40
SHA120defc826b3b81dd2c42b0aceddd6699801c0d32
SHA256360645f729d683fcd708422af9fc40fe0455e69fc47dca1a8f22cd86b61bb5b9
SHA51257d4a324aedc702a5b41273f22bde92cd77086798158a1c077d62e5cf090ee264d4d0432288ba9ea92ac09eadff930706a26f699bd0164afb3df37f4c5c7bdc9
-
Filesize
130KB
MD5cba454b7f4070f27069ccb90e13f46f6
SHA10f2be00a744dcbe6798fbae2664c13b490d9076a
SHA256e10617a233253373eedea117f2175871064a7cbb84eeb29ff54b8d916e23a677
SHA51299b9d4605d69c9bbb7686b00c33cac1f0da7c7320aedb76710d3e979c633b0e2d9183115c081135777059da19f3e1a9c96858fc567dad646ce15a73fd471c320
-
Filesize
130KB
MD5df32490278ee02a0c7d22fe55c4b1cd1
SHA1d4bdadc156eeec025d152f826153e3a69cd94a6d
SHA2561e11b001fe96d2c4494ed8f65813faffcea0304547519ce6684db3a87b84dfbc
SHA51251793da74c096437c90e5317d439933ca4e0f45becfddf4f940d9d2eb32a6993c192f1aee96a0c95d04c5e5e0cc0d44a628cd3abc14862d44ff61189f1fba751
-
Filesize
93KB
MD5b92079d71222733490c451e2c3ab3f67
SHA1377d6cfeac9670d684bb84876a3c9bdd0f0dfcf4
SHA2567a779240c5b71753cbc97ec18934111027db2bf32112e1c44b7c2079a6c495f4
SHA512918826b64ddf79ef1771681fcb53ae1c8c2d32df042ee2fc771ebb01932c30b15d091c0e1fde573d7c6c1d404956bc1cad4f7d451561579293cd5f082eea8005
-
Filesize
109KB
MD52f1460494065aac45520c3066670c297
SHA131e06e6c3a4bbba93c2faeef770e23c19677d50b
SHA2561c7f8abc6f56d3a54cb983b3fd4e92b08e60f28257b34dfb2d63470dfe036ba4
SHA5122e579bfba09c5599ff28010c9eada085de2d877519b1b781c26454918c4849ae555c45f16abb01a21429e16f384f3c3e9054174111a933dbf4463cae4800200c
-
Filesize
90KB
MD58b06d372a6e6760fac8d17a107b62e21
SHA129fec1c84e65d0a4736331cfcf6f0cab0869886b
SHA2568f27173f120f6b81a11ee5f6bb1553f69db00c9f453abfa92904fb52348c6aa6
SHA512f23414260caca148c13d0660291175621274091902343eb63f21837e09bd4f36f4bae3874da9dadfd0f9c54c694fd39c51808b9bc5bd4eb7aa3ee3141abe6647
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD582678367fa4297a26727ccc84e0b2f60
SHA10c65ab90390566f7d2f5b4751b9027f6bac1d22a
SHA256fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29
SHA512e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5
-
Filesize
893KB
MD504ad4b80880b32c94be8d0886482c774
SHA1344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
SHA256a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
SHA5123e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
-
Filesize
160KB
MD5a51d90f2f9394f5ea0a3acae3bd2b219
SHA120fea1314dbed552d5fedee096e2050369172ee1
SHA256ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f
SHA512c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6
-
Filesize
2.6MB
MD559fd376f6e67cf49bfb0ac6724140e72
SHA1e02a4185b9272ae6a3b5eaa4333905fc989698e2
SHA25688d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5
SHA5129510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb
-
Filesize
260KB
MD57d992de7a01b53b3e243241d4a6df978
SHA15cbabf55b43201ecdbeb0350a8a29989c4b8847d
SHA2562f647a8dc42804459d6aca834e532d407fd69f93a7fcd908e3bfda5faafcd665
SHA5120919937fc42b5a1c383fbce76e3627107b242d5394f20ab8204b2651f01bfaf1c94cbe4fbc950f192eae7949637dd6b7aab661b47e999f6f8625ea49f5a67b2c
-
Filesize
116KB
MD538e6b4e9710bd68a5d6708e89e96cf0a
SHA1bf1ec92fef909965d22b7a0c36a412018cb4051f
SHA2569019570b0e815f10077fe42c1f807cbf29afb26e38123453d80a457501f74467
SHA5120d8e2c491513c9c2f09880c8ca57ae283a98baf53832702612fc5d5bd34fc2201d88eedce66984d4ec185fbf8521dd0ea3b2151d4cc9d5f724bed2cffe04e889
-
Filesize
270KB
MD56a348b9bbde447ab1a829f9e07bf3abb
SHA13bf9cde74b081044649b2a0d46c4fef72770c478
SHA25694ec3aa4d0485c049963817449f07a9d1c6675536dfd0d54a05edbf89c471c68
SHA512fc362bc07bf170ee7f06ff20d35709ffcf1537736c11feaf39ee113b7aa760cc41fa97f41e6cf1871387af324ecd14f10b4a883821662e716599d984f2c5c931
-
Filesize
39.5MB
MD5b4d9d066b511b841e0697a421904a261
SHA136390477fa043baa19b5c345e626ff57f823b420
SHA25610ffc5bd3add651a6e84fbfaabd9d430b66f8484931f722ac54d91adf538a69a
SHA512daf115bc7bbf4eba0b7124bd13409d2ea8edfac55dd004eb3f1efe51de4a7ba010ecb01bacaf927674b00d0581d3beccfe116f88ab68ddf1de93aaec9c45b0d2
-
Filesize
3.3MB
MD5aae7bd94dd15b8dfdcc9538d2005b86d
SHA13ae4e609eeecd871a2c2a9cfb0ccbf8fa987ae73
SHA256e78c1b6693dbe7e9bc8c22865207269231bf34b68b2e3df86c46a379a9c07c15
SHA512860cae1b6c8b16d38649679766ad37ca360e220bcc0ef11a5828e3258ff34bcc7cc04e9c5b14028d3b96afe75be3271d905e7f66dad9634d7bb877456148ea41
-
Filesize
3.0MB
MD50d041f22d598f3a63bdf0e66c448bdab
SHA1591fc72ec32e7efe2e641dba38c3cd7b6d415450
SHA256e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563
SHA5125dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210
-
Filesize
2.4MB
MD5fc60d120aad87a071d7953fff7f003bd
SHA11b4c7dac191dc8c3ad7fa9df2622be3266df2c14
SHA256e85be484849c18dd6d89cf235a0327ba251b5c7a1ae53ec30ac92951819580a7
SHA512c1dab948e7c89fa29714c563d229e6cfce72036a2c175825b0c40047a70555e89b3a2ebdf55bb68d158bd9633c51786e909333cfd8794764a10897f30607bb47
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
3.2MB
MD5a069ee7b342973e07c28045e30e674cf
SHA10895e0e90beee9479839203e2475e6a08c725573
SHA2568445cc5aac6a306220789b46c6a5d3c9e9296edef13db36127007a7bbaf4bb5d
SHA512d4ac2f8d34f39d350f70ed3e709bc4721780679debda79b23ac5078486bd77c48928cfb7ef39d4948ab97ba3c01f65dec967618e30ac660d1071b24312c80e01
-
Filesize
3.6MB
MD56a5d4149d895edc5241e89dc3e87859e
SHA1902fdfdec9b373edda7911e989f15f354d2b6bdd
SHA2565cc194af116a265b703f36d43a94f3035b12661e36f611ee1f236aa11e9d193c
SHA5122b54a144334f40385b14e7daabdc6f3cd71ae03776577d965a0916db37d3136bfa1f340500d4b9b1a07455e0743acaf80f98986c9b6d9f0b01c1709392743c4b
-
Filesize
198KB
MD541a53eae6b03d8521b34b12ed71da21d
SHA1d4697400d43d2fba849cbe009bc7f26b0212df60
SHA256c93c46c5669dbea6c9959b16f384df8e2d34bc87cd7f8a4df04d79cf1311295c
SHA5120254f58f64f7ba935023f603240612f5aa5d37a92706e5f53b7ab18cc01feefc84baee6f3570e670f1227573b9e29b33b4505ad055600460d38bceb02b049e65
-
Filesize
3.1MB
MD57366cf9b69527d0d908d28d1644f9e17
SHA1200c0c8e566224a06d92f8b81ecb9ae1231b4405
SHA25667ab12aa1abcc696d4057a47807582fdd4be8728bbba1a3eebec2aa8e593c705
SHA512ab560cd665860a40370fa434b84f291b3d5a91c34b38217f49e0daa27b9649e1b0fddb91da0383bf040d9cb7d9153a6253e035201164d48a63d19f5804f95dfb
-
Filesize
2.6MB
MD552f04479d290b5c2b4b17969f4c36b71
SHA153b0758f5bf13283c4938bd17de7abfebe14c5ff
SHA256b424be233ae4ebacf3f51872e06645c4a04b7f5bf04aa73e3d3c4a60f57a0f7c
SHA5128767a6a0938f72d75612bde89c1c1838e4fa17ab9ec65fb001d103f8894cadc0f5afd8d884e9dd32eb0c70444afc02be526c1fe949dd3b36d9e7bf10c433b8d8
-
Filesize
2.4MB
MD5d5a5e2b8e937e31c881dafd4179f5536
SHA18e2fa5c30b71da58196c2033be847937b3d0ff0a
SHA2562e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3
SHA5121bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268
-
Filesize
429KB
MD544199ffc2941e2d27937f21932c73115
SHA1f34f09dc56038835191dc06e6d65681629c8814b
SHA2560a414f10d5bc7aefb6e32840da572eead21e758bf6c014549894f4061f46e37b
SHA512462001bb8decfed8351e04a85e656af00c07911dd65b9d00f6cdef2321a7bb643392c0e79f5d076a6966132b1ded451012f78475bce338d5e5d552025d196e05
-
Filesize
375KB
MD5231c11192fa58f32794dc7fa6fec9f8c
SHA17bf5f9364a4251b91a274188f504d839e9b4c428
SHA2569288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d
SHA5126699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5ff60337a8b65ff063927e689ca6718b0
SHA13b645a512d39e2f522497088125754baf19d77ec
SHA256a54331bce8745915205ea343392954445fe95c8e567835e368e19d58aad49790
SHA51285abef184a015322e8453b02c3371423f2923d3adfe4637de816a5b9ae1cc56ffdbe2d12db6bf589c1c6c71ee196470fcb117a03ad2d95ee1ffcd05e286a112b
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
84B
MD532b9dc9cc81d0682e78627c873fdd651
SHA146c486386d3e153c3e9b11d54cb52cf0064b71cf
SHA256712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c
SHA512f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811