ef4d81b7aadb22182dd5e359fb0ca4b389ddc794a27e8638eb89d037014dac93

Analysis

max time kernel
103s
max time network
103s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
27/12/2022, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

plutonium.exe
Size

4.5MB
MD5

1099bac1c472456ee3bf037ce6813dc6
SHA1

12416f16ccfb09ba7a1750881f7edb97be79351d
SHA256

ef4d81b7aadb22182dd5e359fb0ca4b389ddc794a27e8638eb89d037014dac93
SHA512

dcbd271b66c16efc82876938e94f6694f1269e311d6d2c8f8024af683457f74c1f30d674f2df9c6662fdf54b477615dd722604bd94603c15273a1da6962f5826
SSDEEP

98304:TUaMwIBAo2rY+MTMl3iggf2Gb76ySfqjUivCEkUNzjCeip/FYAhvj:oa+Ao2rnSMd/gvmLqjUdEkpeRuj

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4888	plutonium-launcher-win32.exe

Loads dropped DLL 4 IoCs

pid	Process
4888	plutonium-launcher-win32.exe
4888	plutonium-launcher-win32.exe
4888	plutonium-launcher-win32.exe
4888	plutonium-launcher-win32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\DefaultIcon	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe\" \"%1\""	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\shell\open	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\shell\open	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe\" \"%1\""	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe\" \"%1\""	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\shell\open\command	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\shell\open	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\URL Protocol	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\shell\open	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\DefaultIcon	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\shell	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\shell	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\ = "URL:Plutonium protocol"	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\URL Protocol	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\DefaultIcon	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\shell\open\command	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\shell	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\URL Protocol	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe\" \"%1\""	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe\" \"%1\""	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\shell\open\command	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\URL Protocol	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\ = "URL:Plutonium protocol"	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\URL Protocol	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe"	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\ = "URL:Plutonium protocol"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\shell\open\command	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\DefaultIcon	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\shell\open	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\ = "URL:Plutonium protocol"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\shell\open\command	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\shell	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\shell	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\DefaultIcon	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701418377595453540\shell	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\ = "URL:Plutonium protocol"	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-702542332943269990\shell\open	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\DefaultIcon	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283498652270612\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Plutonium\\bin\\plutonium-launcher-win32.exe\" \"%1\""	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\plutonium\URL Protocol	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-701437548177915934\shell\open\command	plutonium.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098	plutonium.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-791283545502253098\ = "URL:Plutonium protocol"	plutonium.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4888	plutonium-launcher-win32.exe
4888	plutonium-launcher-win32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4152	plutonium.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4888	plutonium-launcher-win32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 4888	4152	plutonium.exe	67
PID 4152 wrote to memory of 4888	4152	plutonium.exe	67
PID 4152 wrote to memory of 4888	4152	plutonium.exe	67

C:\Users\Admin\AppData\Local\Temp\plutonium.exe
"C:\Users\Admin\AppData\Local\Temp\plutonium.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Users\Admin\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe
  "C:\Users\Admin\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4888

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Plutonium\bin\AppCore.dll

Filesize
230KB

MD5
80c3806a12959987ac012e28f63ad150

SHA1
3a43f2989903bede21c4f599c86f3e10403e4bf1

SHA256
b5338b858e5c65f9c36bbc817673ba5e1a05eed8f4dcf007b6bc4ff6140fc8f8

SHA512
67c682a2e3dc0e5cc9f768bdd276d2b927739344620d6fd3000412c449da1fe12939e83246e1f01263930619a61b554f6b0401c0e508e34e648ce9f25dcfb9ff

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\bin\Ultralight.dll

Filesize
126KB

MD5
6c2949787d48f3b0c0cbd4a872253f12

SHA1
01cd853173dca709c6a9c3ec8c68e5cb1ce7802a

SHA256
758ca54bac8288487cfa6ea276c724fc4ad29c6d6a4294d74ea34e0726ce8661

SHA512
7c8978f7ac5d0db7cbdfc8d78bc992463f132497f84b132be3ece1db926990dce27c0a3d642c3c5c2d04a862f0a30afdbd9fe5c6881f8523e0c9347d84448aef

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\bin\UltralightCore.dll

Filesize
578KB

MD5
cd3768e013636a12e6ce7937a7f69365

SHA1
405be77c308b4aeb678dd9235ceee201da8babb8

SHA256
9ed2701ba7c3349ecbbcf276c280a09262b4da72be9fdcddd81a8bac9c9b3d69

SHA512
40b5ca33ab11fa9076516b9c3061626487107e3af196f56bcdecf2cec6640f87916faefe1ef14c1127dfa70752c7bcd5c9371a70660c8d175c3c924bd279aa47

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\bin\WebCore.dll

Filesize
22.0MB

MD5
90b16abe7f82dcae822174b4503f4e1b

SHA1
ebd5792c38e598e09de2e87f435c809927400e25

SHA256
b4d361bf13f98c96c21c3dec94d14914ff80c3515a48cd3df974378cd6052082

SHA512
8dfc06402f92a9ff278f7d94cb369d90a92509d9e6b6d106cce2bb454ddeac0bdf9f906e8ab91c4c1aaee0ce5d950b713a2df4be2c713b7d1222bf7cdc23269d

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe

Filesize
3.0MB

MD5
063265d8cdb6cf2ad4e1ddbfa799d1ef

SHA1
560a4440e25bce2acbb437a4b3c781824664ca34

SHA256
f8bb7c78cef4b7b67a314fed506a406dd49a50f29da069dd2396ce3040334f65

SHA512
2ca217d7004276d19004a8ff2faa8c269ae0fb900a7446bb09501d502a6ed955cae55bda43f93a79b63b008822b79b5d58ff0324499a19da31f527be9b9170d4

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe

Filesize
3.0MB

MD5
063265d8cdb6cf2ad4e1ddbfa799d1ef

SHA1
560a4440e25bce2acbb437a4b3c781824664ca34

SHA256
f8bb7c78cef4b7b67a314fed506a406dd49a50f29da069dd2396ce3040334f65

SHA512
2ca217d7004276d19004a8ff2faa8c269ae0fb900a7446bb09501d502a6ed955cae55bda43f93a79b63b008822b79b5d58ff0324499a19da31f527be9b9170d4

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\css\app.5b0a1e7d.css

Filesize
7KB

MD5
00f587477d8a3fd35a52c671b8f818aa

SHA1
ae9910ba14b5300e9154c8b48ec10ac8511552b6

SHA256
c8cd47da7c84dc7e8a6c7d301c3bc244b293347ea8e8e0d5e97cf0237c6c6259

SHA512
539a4836e451ab4d0b7339c88443e42f1ba20c8d374b0bed7c507b122f1e5c0779e268933ecf821b0411519533a62893904919271242b20aee113a4756739477

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\css\auth.4a6b27be.css

Filesize
2KB

MD5
c75d03fc0d981d51d725e4f3975aa022

SHA1
43da8931d9d012a69407f4a355098d7be14f3b8f

SHA256
fd736be6ab05c5f73cb657c3f0e106e0d3931382001e669320de7af35e5fb011

SHA512
de6c59498d5f77bb8a3249d68230da1219fd3417456491e43f11580aa163f5e9de90040c4cf2d7f4dbe3678f12812df5640b990933681a5443efb0fd5c08bc74

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\css\chunk-4f6208b2.def6a674.css

Filesize
1KB

MD5
3bc58ca1a072a0acafefc8c474daf52e

SHA1
7eb87741359da03f871f46c9d01acec7f06c6789

SHA256
953c9fa90cc8e1bf4f22c16c1cc1f2351a034c57082a260440f079018d7ca3b8

SHA512
6606de098e90bdbeb62af89257bd3dd015dd416c4784855a26d8d555fda1796931968fb2dc8ccc1b3d188bcfe619aa64bf78461e9e4dc55d530e661c79ef4d6d

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\css\chunk-d15685cc.29ddedaf.css

Filesize
7KB

MD5
6c204b6df38bb5768fbfba3064c767a2

SHA1
7f94546b323e725b6f880bc908fe201259747986

SHA256
3f2d5cb811d3452b155433042ab6f4b8a3e74befeb16af079847ffa1873fe618

SHA512
ed3ee750930d61cb8a85acff7dd789101712e90fddec01eec98d89a12e2a038f4c4512b87c2f1443beb05a692923f59af6925e352dcc437a05efae118802399d

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\img\login_bg.62db7e11.png

Filesize
2.8MB

MD5
62db7e114bbcdb7eddb6aac2bce0ec51

SHA1
6bbc9f11b7bf412a12bb37b3a848e64682efe7a9

SHA256
332084113a9a741d32c138ce2a2b463f4ab90b8cb9f877e7165e6ec4be41c31b

SHA512
ec6b3f533257521b99ed8a7d33277626a9af8a27b0dc940b98398fa6bb7fbca21d569b9ce860b8cc2db5e5059c3722cc1239bd706be275b0b40d0f86df4486b4

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\index.html

Filesize
927B

MD5
e6895437c81c833e5073a31db682f945

SHA1
c1678298ee4692c1d888f9b9384582cac331510b

SHA256
2c0eac9d4b9dcfe1b0a225af142c04f3e7c6e901e0d35083b0a7c0b3fda3aa61

SHA512
fea1c241cbdc3b9e5915a6cec848d55816de1e95232d530bc5ce9a8f1fd072fab3666ef7418501ec6870fc5f0a140ff6487cd0464972a48a8420fc226ef5e1d3

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\js\app.454f4f9e.js

Filesize
25KB

MD5
7131b8d7837f2375d19b6ba7908116a4

SHA1
3c859ada609c41f13439277fc1c3951205d1bab8

SHA256
5d8f47705e82ca34cbaa023edf3a616dd8c5016919d19c61b732de6cc3a75582

SHA512
caef556b866a73b72d0cf262c37c111e03e26f473f5675d73ab0d0624d974419a238a7cb4d24f34bb4ff54cadee2173efdab4e2ca1c1fbc78c8fd0d279363f45

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\js\auth.688202d0.js

Filesize
2KB

MD5
678d287843585bbd97477933bb01d031

SHA1
73f9a067d2e5c1db85505f144bcb4ed8f0772548

SHA256
8235dd733014ea6e7d0e63f1727f5a90e2351a632a5e53504314b3c01bf2f7f5

SHA512
1bd9c5768659a997050984cb1bebfcf2b5c55a70e53a7d00da26dd9d2b5330545dc91c06cda563e6894c6f709e5cc2f023abc4a54752aa04a67dbb24f0f2c513

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\js\chunk-4f6208b2.22635986.js

Filesize
673B

MD5
08620ea9abc464066f2a29234f8a8ae1

SHA1
044003ef022d078fcb144560a9a386850a733364

SHA256
27af3d4cce7f2651f8e4a203ddfa0904d8be4ff4c383c5e7da51394d008042dd

SHA512
78c9221937cc8249c518e1033140e50406738710cbe1635dcc1b0c1ddefdd795e79b271c6b35febe9181c0ff738f1ffac9a506133d474475d871e7850e28df2a

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\js\chunk-d15685cc.589056ed.js

Filesize
3KB

MD5
347d5f9186f0da387dd82e5b2bfe430c

SHA1
f3aa2eddb1426aba3729ab9776b881c1864c25c0

SHA256
82f981818af4196835443430b678b524fe539b9707b7f8a56e567f7b53f4cd53

SHA512
335dc774359db2a5de7ea083d0d3f3c5ae7adaef4f56ec0e6dbf81e33590b632cfed9b638130d1e684d588d7a0fe6a232fc392288a618ce28e8864bb084bc3fb

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\js\chunk-vendors.d77b8b8e.js

Filesize
247KB

MD5
bd010c8bec1abf8bd7265526e0865f28

SHA1
736376d60681d410ee649083e0ed26bd54954bdf

SHA256
4a91eafbf4851dae58fea600f3349f9dfaa04ae92a8dcaf17cd2191ec9b0a189

SHA512
09284b3d1f764efc9e7e4ec1c001b3eb06b96f8be8a6f9091013c7b6b7457e43034599a16599fe99eccee78f6085b223fc4c3993007cdf133d02e78da5182227

Download Submit
C:\Users\Admin\AppData\Local\Plutonium\launcher\assets\nix-bridge.js

Filesize
965B

MD5
644c032e7a0f872e8f1b34598b3db70d

SHA1
cde26f98a6d04fc5d0e2df698cc6aaaf46d534ce

SHA256
3050dc899b974ac475823bcf1ab18075cbc68979f1f3ed2708fc4a032d577628

SHA512
0a0767b40198cfc82562f1aa19606a52e4c2e9b0158b7b9082e8511dc518c2c3bdd94486a2e38c060462b93f7cde6f746d6f19596972dde5eb4d6ae53841361a

Download Submit
\Users\Admin\AppData\Local\Plutonium\bin\AppCore.dll

Filesize
230KB

MD5
80c3806a12959987ac012e28f63ad150

SHA1
3a43f2989903bede21c4f599c86f3e10403e4bf1

SHA256
b5338b858e5c65f9c36bbc817673ba5e1a05eed8f4dcf007b6bc4ff6140fc8f8

SHA512
67c682a2e3dc0e5cc9f768bdd276d2b927739344620d6fd3000412c449da1fe12939e83246e1f01263930619a61b554f6b0401c0e508e34e648ce9f25dcfb9ff

Download Submit
\Users\Admin\AppData\Local\Plutonium\bin\Ultralight.dll

Filesize
126KB

MD5
6c2949787d48f3b0c0cbd4a872253f12

SHA1
01cd853173dca709c6a9c3ec8c68e5cb1ce7802a

SHA256
758ca54bac8288487cfa6ea276c724fc4ad29c6d6a4294d74ea34e0726ce8661

SHA512
7c8978f7ac5d0db7cbdfc8d78bc992463f132497f84b132be3ece1db926990dce27c0a3d642c3c5c2d04a862f0a30afdbd9fe5c6881f8523e0c9347d84448aef

Download Submit
\Users\Admin\AppData\Local\Plutonium\bin\UltralightCore.dll

Filesize
578KB

MD5
cd3768e013636a12e6ce7937a7f69365

SHA1
405be77c308b4aeb678dd9235ceee201da8babb8

SHA256
9ed2701ba7c3349ecbbcf276c280a09262b4da72be9fdcddd81a8bac9c9b3d69

SHA512
40b5ca33ab11fa9076516b9c3061626487107e3af196f56bcdecf2cec6640f87916faefe1ef14c1127dfa70752c7bcd5c9371a70660c8d175c3c924bd279aa47

Download Submit
\Users\Admin\AppData\Local\Plutonium\bin\WebCore.dll

Filesize
22.0MB

MD5
90b16abe7f82dcae822174b4503f4e1b

SHA1
ebd5792c38e598e09de2e87f435c809927400e25

SHA256
b4d361bf13f98c96c21c3dec94d14914ff80c3515a48cd3df974378cd6052082

SHA512
8dfc06402f92a9ff278f7d94cb369d90a92509d9e6b6d106cce2bb454ddeac0bdf9f906e8ab91c4c1aaee0ce5d950b713a2df4be2c713b7d1222bf7cdc23269d

Download Submit
memory/4152-122-0x0000023EFD760000-0x0000023EFD768000-memory.dmp

Filesize
32KB

Download
memory/4152-128-0x0000023EFDD30000-0x0000023EFDD80000-memory.dmp

Filesize
320KB

Download
memory/4152-134-0x0000023EFE8B0000-0x0000023EFE8B8000-memory.dmp

Filesize
32KB

Download
memory/4152-135-0x0000023EFEAD0000-0x0000023EFEAE4000-memory.dmp

Filesize
80KB

Download
memory/4152-136-0x0000023EFEAF0000-0x0000023EFEB0E000-memory.dmp

Filesize
120KB

Download
memory/4152-137-0x0000023EFEB10000-0x0000023EFEB38000-memory.dmp

Filesize
160KB

Download
memory/4152-138-0x0000023E80050000-0x0000023E80096000-memory.dmp

Filesize
280KB

Download
memory/4152-139-0x0000023E82620000-0x0000023E82640000-memory.dmp

Filesize
128KB

Download
memory/4152-140-0x0000023E84C80000-0x0000023E84CB8000-memory.dmp

Filesize
224KB

Download
memory/4152-132-0x0000023EFD890000-0x0000023EFD89A000-memory.dmp

Filesize
40KB

Download
memory/4152-131-0x0000023EFDDC0000-0x0000023EFDDE6000-memory.dmp

Filesize
152KB

Download
memory/4152-130-0x0000023EFE6F0000-0x0000023EFE74A000-memory.dmp

Filesize
360KB

Download
memory/4152-129-0x0000023EFDD80000-0x0000023EFDDA2000-memory.dmp

Filesize
136KB

Download
memory/4152-133-0x0000023EFE8C0000-0x0000023EFE8C8000-memory.dmp

Filesize
32KB

Download
memory/4152-127-0x0000023EFDEB0000-0x0000023EFE6F2000-memory.dmp

Filesize
8.3MB

Download
memory/4152-126-0x0000023EFDDF0000-0x0000023EFDEA8000-memory.dmp

Filesize
736KB

Download
memory/4152-125-0x0000023EFDD20000-0x0000023EFDD28000-memory.dmp

Filesize
32KB

Download
memory/4152-124-0x0000023EFD850000-0x0000023EFD892000-memory.dmp

Filesize
264KB

Download
memory/4152-123-0x0000023EFD9B0000-0x0000023EFDD1C000-memory.dmp

Filesize
3.4MB

Download
memory/4152-121-0x0000023EE4F10000-0x0000023EE4F1A000-memory.dmp

Filesize
40KB

Download
memory/4152-120-0x0000023EE4EF0000-0x0000023EE4EFA000-memory.dmp

Filesize
40KB

Download
memory/4152-119-0x0000023EFD8A0000-0x0000023EFD9A2000-memory.dmp

Filesize
1.0MB

Download
memory/4152-118-0x0000023EFD5F0000-0x0000023EFD60A000-memory.dmp

Filesize
104KB

Download
memory/4152-117-0x0000023EE3500000-0x0000023EE350A000-memory.dmp

Filesize
40KB

Download
memory/4152-116-0x0000023EE4E60000-0x0000023EE4ECA000-memory.dmp

Filesize
424KB

Download
memory/4152-115-0x0000023EE2D70000-0x0000023EE31F6000-memory.dmp

Filesize
4.5MB

Download
memory/4888-168-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-196-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-161-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-163-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-164-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-165-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-166-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-167-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-160-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-169-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-170-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-171-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-172-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-173-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-174-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-175-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-176-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-177-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-178-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-179-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-180-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-181-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-183-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-182-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-159-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-187-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-191-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-194-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-195-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-158-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-157-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-156-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-155-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-162-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-197-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-198-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-199-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-200-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-201-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-202-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-204-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-203-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-205-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-206-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-207-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-208-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-209-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-210-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-211-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-212-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-213-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-214-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-215-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-154-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-153-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-152-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-151-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-150-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-148-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-147-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-146-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-145-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-144-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download
memory/4888-143-0x0000000077700000-0x000000007788E000-memory.dmp

Filesize
1.6MB

Download