Overview

overview

7

Static

static

3

SSDRM_for_...le.exe

windows7-x64

3

SSDRM_for_...le.exe

windows10-2004-x64

3

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

PCWProtect...ce.exe

windows7-x64

7

PCWProtect...ce.exe

windows10-2004-x64

7

GDISpyB.sys

windows7-x64

1

GDISpyB.sys

windows10-2004-x64

1

PCW.dll

windows7-x64

1

PCW.dll

windows10-2004-x64

1

PCW64.dll

windows7-x64

7

PCW64.dll

windows10-2004-x64

7

PCWProtectorB.exe

windows7-x64

1

PCWProtectorB.exe

windows10-2004-x64

1

PCWProtectorDummy.exe

windows7-x64

1

PCWProtectorDummy.exe

windows10-2004-x64

1

PCWProtect...64.exe

windows7-x64

1

PCWProtect...64.exe

windows10-2004-x64

1

PCWProtect...4B.exe

windows7-x64

5

PCWProtect...4B.exe

windows10-2004-x64

5

PCWProtect...eB.exe

windows7-x64

1

PCWProtect...eB.exe

windows10-2004-x64

1

PCWUpdater.exe

windows7-x64

7

PCWUpdater.exe

windows10-2004-x64

7

PCWUpdater64.exe

windows7-x64

7

PCWUpdater64.exe

windows10-2004-x64

7

PscMng.exe

windows7-x64

1

PscMng.exe

windows10-2004-x64

1

RDUtil.dll

windows7-x64

1

RDUtil.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-04-2024 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PCWUpdater.exe

  • Size

    423KB

  • MD5

    f3b1b338ce6cbb2b2b2de1b5e6b7c49d

  • SHA1

    6d9c9564a0c5784017f32bc2881d955c73c6155b

  • SHA256

    481fe01d12228ecd30410f09e0390f1876ff3baec7ebde5ccb1d2165a01582b8

  • SHA512

    f524fa1804cbcb31e008cc0ae6d1854ed21e40cd2f192dd300354a01203d112ef7711de30973a06e0b691e9b3236f1aab17ec247d63bff79a43df817c4489313

  • SSDEEP

    12288:50QOmCU/iH9CImgdH1C89qH0y9pGHNu4B2UipYB:T389CIm7826I4reYB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PCWUpdater.exe
    "C:\Users\Admin\AppData\Local\Temp\PCWUpdater.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4952
  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorService.exe
    C:\Users\Admin\AppData\Local\Temp\PCWProtectorService.exe
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy.exe
      C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy.exe 1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Users\Admin\AppData\Local\Temp\PCWProtector.exe
        C:\Users\Admin\AppData\Local\Temp\PCWProtector.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4584
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:736
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3284
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:924
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1400
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3852
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4152
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4048
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:8
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3772
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4804
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3996
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4916
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2972
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1840
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2036
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:552
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1616
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3128
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2856
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3888
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3748
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:3208
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4760
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1376
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4952
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:448
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4100
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2376
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4508
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3372
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:5048
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4048
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3996
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4916
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1840
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4864
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3388
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4856
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4388
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3204
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3556
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2252
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2984
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4564
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4788
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3156
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4552
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3004
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2376
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1104
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4152
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3772
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4620
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3560
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1840
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4668
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3648
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3748
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1096
        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
          PCWProtectorDummy64.exe 0
          4⤵
            PID:1516
          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
            PCWProtectorDummy64.exe 0
            4⤵
              PID:4788
            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
              PCWProtectorDummy64.exe 0
              4⤵
                PID:3156
              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                PCWProtectorDummy64.exe 0
                4⤵
                  PID:4552
                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                  PCWProtectorDummy64.exe 0
                  4⤵
                    PID:4264
                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                    PCWProtectorDummy64.exe 0
                    4⤵
                      PID:3356
                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                      PCWProtectorDummy64.exe 0
                      4⤵
                        PID:3852
                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                        PCWProtectorDummy64.exe 0
                        4⤵
                          PID:1756
                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                          PCWProtectorDummy64.exe 0
                          4⤵
                            PID:2140
                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                            PCWProtectorDummy64.exe 0
                            4⤵
                              PID:4544
                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                              PCWProtectorDummy64.exe 0
                              4⤵
                                PID:4832
                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                PCWProtectorDummy64.exe 0
                                4⤵
                                  PID:1752
                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                  PCWProtectorDummy64.exe 0
                                  4⤵
                                    PID:4468
                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                    PCWProtectorDummy64.exe 0
                                    4⤵
                                      PID:4628
                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                      PCWProtectorDummy64.exe 0
                                      4⤵
                                        PID:2520
                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                        PCWProtectorDummy64.exe 0
                                        4⤵
                                          PID:4448
                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                          PCWProtectorDummy64.exe 0
                                          4⤵
                                            PID:1064
                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                            PCWProtectorDummy64.exe 0
                                            4⤵
                                              PID:4868
                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                              PCWProtectorDummy64.exe 0
                                              4⤵
                                                PID:1244
                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                PCWProtectorDummy64.exe 0
                                                4⤵
                                                  PID:4412
                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                  PCWProtectorDummy64.exe 0
                                                  4⤵
                                                    PID:3936
                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                    PCWProtectorDummy64.exe 0
                                                    4⤵
                                                      PID:2752
                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                      PCWProtectorDummy64.exe 0
                                                      4⤵
                                                        PID:2368
                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                        PCWProtectorDummy64.exe 0
                                                        4⤵
                                                          PID:4848
                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                          PCWProtectorDummy64.exe 0
                                                          4⤵
                                                            PID:4120
                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                            PCWProtectorDummy64.exe 0
                                                            4⤵
                                                              PID:804
                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                              PCWProtectorDummy64.exe 0
                                                              4⤵
                                                                PID:3684
                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                PCWProtectorDummy64.exe 0
                                                                4⤵
                                                                  PID:632
                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                  PCWProtectorDummy64.exe 0
                                                                  4⤵
                                                                    PID:3128
                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                    PCWProtectorDummy64.exe 0
                                                                    4⤵
                                                                      PID:2856
                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                      PCWProtectorDummy64.exe 0
                                                                      4⤵
                                                                        PID:1416
                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                        PCWProtectorDummy64.exe 0
                                                                        4⤵
                                                                          PID:4788
                                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                          PCWProtectorDummy64.exe 0
                                                                          4⤵
                                                                            PID:3652
                                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                            PCWProtectorDummy64.exe 0
                                                                            4⤵
                                                                              PID:5000
                                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                              PCWProtectorDummy64.exe 0
                                                                              4⤵
                                                                                PID:2900
                                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                PCWProtectorDummy64.exe 0
                                                                                4⤵
                                                                                  PID:4852
                                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                  PCWProtectorDummy64.exe 0
                                                                                  4⤵
                                                                                    PID:4668
                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                    PCWProtectorDummy64.exe 0
                                                                                    4⤵
                                                                                      PID:3648
                                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                      PCWProtectorDummy64.exe 0
                                                                                      4⤵
                                                                                        PID:3668
                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                        PCWProtectorDummy64.exe 0
                                                                                        4⤵
                                                                                          PID:3936
                                                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                          PCWProtectorDummy64.exe 0
                                                                                          4⤵
                                                                                            PID:4020
                                                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                            PCWProtectorDummy64.exe 0
                                                                                            4⤵
                                                                                              PID:4636
                                                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                              PCWProtectorDummy64.exe 0
                                                                                              4⤵
                                                                                                PID:4848
                                                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                PCWProtectorDummy64.exe 0
                                                                                                4⤵
                                                                                                  PID:4816
                                                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                  PCWProtectorDummy64.exe 0
                                                                                                  4⤵
                                                                                                    PID:3684
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                    PCWProtectorDummy64.exe 0
                                                                                                    4⤵
                                                                                                      PID:4956
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                      PCWProtectorDummy64.exe 0
                                                                                                      4⤵
                                                                                                        PID:2244
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                        PCWProtectorDummy64.exe 0
                                                                                                        4⤵
                                                                                                          PID:1872
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                          PCWProtectorDummy64.exe 0
                                                                                                          4⤵
                                                                                                            PID:2452
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                            PCWProtectorDummy64.exe 0
                                                                                                            4⤵
                                                                                                              PID:1416
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                              PCWProtectorDummy64.exe 0
                                                                                                              4⤵
                                                                                                                PID:4212
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                PCWProtectorDummy64.exe 0
                                                                                                                4⤵
                                                                                                                  PID:1932
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                  PCWProtectorDummy64.exe 0
                                                                                                                  4⤵
                                                                                                                    PID:1052
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                    PCWProtectorDummy64.exe 0
                                                                                                                    4⤵
                                                                                                                      PID:2688
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                      PCWProtectorDummy64.exe 0
                                                                                                                      4⤵
                                                                                                                        PID:1104
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                        PCWProtectorDummy64.exe 0
                                                                                                                        4⤵
                                                                                                                          PID:3320
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                          PCWProtectorDummy64.exe 0
                                                                                                                          4⤵
                                                                                                                            PID:3932
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                            PCWProtectorDummy64.exe 0
                                                                                                                            4⤵
                                                                                                                              PID:4680
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                              PCWProtectorDummy64.exe 0
                                                                                                                              4⤵
                                                                                                                                PID:4896
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                PCWProtectorDummy64.exe 0
                                                                                                                                4⤵
                                                                                                                                  PID:2520
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                  PCWProtectorDummy64.exe 0
                                                                                                                                  4⤵
                                                                                                                                    PID:4248
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                    PCWProtectorDummy64.exe 0
                                                                                                                                    4⤵
                                                                                                                                      PID:3540
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                      PCWProtectorDummy64.exe 0
                                                                                                                                      4⤵
                                                                                                                                        PID:1840
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                        PCWProtectorDummy64.exe 0
                                                                                                                                        4⤵
                                                                                                                                          PID:1060
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                          PCWProtectorDummy64.exe 0
                                                                                                                                          4⤵
                                                                                                                                            PID:3888
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                            PCWProtectorDummy64.exe 0
                                                                                                                                            4⤵
                                                                                                                                              PID:1508
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                              PCWProtectorDummy64.exe 0
                                                                                                                                              4⤵
                                                                                                                                                PID:4844
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                PCWProtectorDummy64.exe 0
                                                                                                                                                4⤵
                                                                                                                                                  PID:1256
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                  PCWProtectorDummy64.exe 0
                                                                                                                                                  4⤵
                                                                                                                                                    PID:3748
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                    PCWProtectorDummy64.exe 0
                                                                                                                                                    4⤵
                                                                                                                                                      PID:2408
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                      PCWProtectorDummy64.exe 0
                                                                                                                                                      4⤵
                                                                                                                                                        PID:2496
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                        PCWProtectorDummy64.exe 0
                                                                                                                                                        4⤵
                                                                                                                                                          PID:3424
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                          PCWProtectorDummy64.exe 0
                                                                                                                                                          4⤵
                                                                                                                                                            PID:2264
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                            PCWProtectorDummy64.exe 0
                                                                                                                                                            4⤵
                                                                                                                                                              PID:2920
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                              PCWProtectorDummy64.exe 0
                                                                                                                                                              4⤵
                                                                                                                                                                PID:3388
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                                PCWProtectorDummy64.exe 0
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:4996
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                                  PCWProtectorDummy64.exe 0
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:1384
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                                    PCWProtectorDummy64.exe 0
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:1084
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                                      PCWProtectorDummy64.exe 0
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:4064
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\PCWProtectorDummy64.exe
                                                                                                                                                                        PCWProtectorDummy64.exe 0
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:4780

                                                                                                                                                                  Network

                                                                                                                                                                  MITRE ATT&CK Matrix

                                                                                                                                                                  Replay Monitor

                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                  Downloads

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtector.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    567KB

                                                                                                                                                                    MD5

                                                                                                                                                                    6ce74b64aee3c89d3939bb15ecfe7888

                                                                                                                                                                    SHA1

                                                                                                                                                                    58ec5c6b43b90aaa6fa7919c1dbf46812378efae

                                                                                                                                                                    SHA256

                                                                                                                                                                    ccb0bd5f3e296c35b38348cf4f231f93ce9bb57af42c328b0aba9e29103ee391

                                                                                                                                                                    SHA512

                                                                                                                                                                    f39486655c3d58a62d5c310ce181da0f7dee61e2d3179571b6c1e25ceba3b20c9061565708b8e7c5c5232ca3210348ed82305a105b3b678fadef7b62a2be8c64

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtector.log
                                                                                                                                                                    Filesize

                                                                                                                                                                    1021B

                                                                                                                                                                    MD5

                                                                                                                                                                    fb4c7b1d08d7b716136629e17e71a316

                                                                                                                                                                    SHA1

                                                                                                                                                                    33d335d69de1fd664782ba4ff4d3cbd14786c2b8

                                                                                                                                                                    SHA256

                                                                                                                                                                    f9d24f9797accb9cdd6adc5929d7f597dd51f46938d741667fbe8b2ddd3c258f

                                                                                                                                                                    SHA512

                                                                                                                                                                    c81095f4a0aaa4019c387a3260ee0abfac455d36e9554770a7e7be5d4104ecc597cedb57851dc526efab79ff7875d34e9e65081e4d72fe5d5898c323d759b77d

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtector.log
                                                                                                                                                                    Filesize

                                                                                                                                                                    193B

                                                                                                                                                                    MD5

                                                                                                                                                                    8d5179fc885b8e8cbe985260b8b8667d

                                                                                                                                                                    SHA1

                                                                                                                                                                    acde11572795936efc065f3ebc447c53e1b27486

                                                                                                                                                                    SHA256

                                                                                                                                                                    b5c9021ec6d1ee3785d565ae35915cb1fca07453491e1f1b703770b847444c9c

                                                                                                                                                                    SHA512

                                                                                                                                                                    4c9101ef1795433dfb28748b07e839a46b28edae17323c048652c718a27dfd3c6493692bcb492f46b1118b773b50e325a134207a575eb73917c20759bd64ae1c

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtector.log
                                                                                                                                                                    Filesize

                                                                                                                                                                    764B

                                                                                                                                                                    MD5

                                                                                                                                                                    e88001b54cfc789bdd24407f1c57ac61

                                                                                                                                                                    SHA1

                                                                                                                                                                    10d5ad9535e01e65561a926c6c5e6fabee740c54

                                                                                                                                                                    SHA256

                                                                                                                                                                    f9a81addf0c7db193dd8a8fd8980e26308955f5ecf0c47425c952dc0e88aee40

                                                                                                                                                                    SHA512

                                                                                                                                                                    4f6178342410ee4f250ce2348967ca2cb31c5b121ec1a0dd3f6b2d980867d1791e28716a7d18c2e8b5f4ea8128c1e07f3c494565d4c62167efb66b78ec3de387

                                                                                                                                                                    Download Submit

                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\PCWProtectorService.exe
                                                                                                                                                                    Filesize

                                                                                                                                                                    242KB

                                                                                                                                                                    MD5

                                                                                                                                                                    f637513089742ab2d236a35941bf7140

                                                                                                                                                                    SHA1

                                                                                                                                                                    736335cb4963ffb93f282fd3ac6c8cba9acf8bd5

                                                                                                                                                                    SHA256

                                                                                                                                                                    31658ce6d0128abcebf3b135991a8e742b57de66f4d557d10106c0341b1413e7

                                                                                                                                                                    SHA512

                                                                                                                                                                    117cfa2fa1b6fb192be5679bfee1a8f55afbd920a8af50b636379c4a519f626745645d8ff94a2446a007b1c7dfd66070a3e22f9218b3f25dcb2fb8863b4c7d4a

                                                                                                                                                                    Download Submit