Analysis Overview
SHA256
329d442b6323544dc639d3b9f39a91780d925f22d8bc221666a6938c32932952
Threat Level: Known bad
The file OwnCheat.rar was found to be: Known bad.
Malicious Activity Summary
RedLine payload
RedLine
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-16 12:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 12:38
Reported
2024-05-16 12:42
Platform
win10v2004-20240426-en
Max time kernel
71s
Max time network
80s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603368730035947" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OwnCheat.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02a1ab58,0x7ffc02a1ab68,0x7ffc02a1ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff758c1ae48,0x7ff758c1ae58,0x7ff758c1ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4264 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5040 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5340 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5352 --field-trial-handle=1900,i,18142115684683261677,13333250825718704779,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 216.58.214.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1516_QECGGCMPNVODBQDC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2eefe0a0dac61097c016a197e426a578 |
| SHA1 | 1770a540f714213a070b77a7c9d9206a21bef371 |
| SHA256 | 37d959eeb3ff5e746053e2e903e7ab968453078a9bcebcec747e737e5e88ebc0 |
| SHA512 | f40da93ea05ae81cf99e131a968c1ffd96eb8ab3664f008b26d07f9cfeb75135dc3226af3d1fe3f7069a3a3cb2d02a0d365cebfd6ad34edac72fd6c142cbb4ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\64a1a776-83f6-4082-8824-d6e38040fc15.tmp
| MD5 | 5c73e3e1b5b2d8885432bfb570a0a95f |
| SHA1 | 231aea34589a7971df8837523328a25474332c9c |
| SHA256 | 539c7ba12ddc5b4b0f45ff799c45f62b9be69a420e8c2f06c5d402042e551bf7 |
| SHA512 | 2eb19b4a916d4a349d1363983cd4d4446e89e0b0664c654465bb7a7619ccfa3e97aa7e7a3403807c971a4f270ebcc870b7967d84c0685b8dcb495a1cdfa72898 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47c60dcc98f5caf9359871a249b772d4 |
| SHA1 | 3ce6f3ab0da2ec2d45688a0fe1abfdc3b01379f8 |
| SHA256 | c37a375b96a09a6646f29d100d624db79b264866026f5b5ceff14e7eeac4404a |
| SHA512 | 30e6cabccc4d57c457808e25fba309c0cb4aee8f41ab10110682a6f1207e9b7fa16973fe58f742c6a63bf2a57f4ec219131dae65a0ccf40ec33361c4a98748c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 12dfceea19e90b1d58652c145eb16a07 |
| SHA1 | 2e55ecad6bce6ad0b8cee3d67e443e5f8e37ba3a |
| SHA256 | bcc1f4e79d7f240e0cfefafe0d43e4957a181dc455ed16ae8ac11097fcf7e5a8 |
| SHA512 | 2f2da54f610ac118e26e7c6ba6a1d28d0f6cd2ff98c42704d50c348130e3d09d14bcecb52e22121e6bd6a2ae9ecaf711ba9b6d15a877adaeb959b35fbe669421 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a165103282bcf3b13bde58cc71670f25 |
| SHA1 | bd98cb0d780654705162c5bb08f35afa8025c83f |
| SHA256 | 00106fef6f93ba72ebb5026090d73d7f77f20d193defcbb438c1837fed9688a8 |
| SHA512 | ccf1d8a5c2e8b4a0fd2f1706e0e5d433393fa9c0a209082bf4abeae09061983d5b2211d5c4e7df32656ad02de57f194d59c9995a7a64e1b24c244562bea33f55 |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a331a1fa937de069741bf58e84292b9 |
| SHA1 | c1fc7e558b57d40bf6b47c15cda0fb86cecddb39 |
| SHA256 | 6a4b9eb5616a879658b6765734217b4f50e699f92df83bf46bbddbee07ac67b2 |
| SHA512 | 1f86fb24ba46bd5aa7061edcfb88bb11c6fa2dc069c8f6c4f80ed14b05c25cfc97c0aa5921d5cf72a468a7f25082b99e9ad9e55683a1d4268571b14263c1f0f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b5584a043bbd5c12fd7c21cae8121c19 |
| SHA1 | ce21c9684c4688ef7486d1ccd6235eea6fdd0be5 |
| SHA256 | a9ec5c11c101d2f6a1d6f470377cbb4ecc077601c978745459bf0ddab0a9769e |
| SHA512 | b3b80aff7dc24b3e370b9367c2ef6f503770327e3f49cdc59985fd9205c3b01085e142116f8667e8f0076f418fa0a21359c781d802407020e6a8fc3567fd70ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5809a0.TMP
| MD5 | 8fc8d268a5121b3a6401b7c8b3117308 |
| SHA1 | 946370af88c0001bafccc4276cc7728183844222 |
| SHA256 | 87428af7e2d48932e88b52ee9ee6a09504632832b94f7b619113c55b51a22ca7 |
| SHA512 | 0a739f511cbd8e9a666ff56098396a8436e83dc521165e8843260e0706abfca9c6b9c5915bf37f3c59013f3feec60343253bf71f6c1f4fe4943f9e3a7a88af41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de70055005240a92a5b3c25b3826e522 |
| SHA1 | 1f3c0b4f07e8aebe0315a5258d62c163d66c5b50 |
| SHA256 | 82a0b623e3b21023bcc52a091abb151994412011fb790569ec0b063367fe29c8 |
| SHA512 | 103c9746f6bec3368e0d3fb80b68500b821788c29629e3fa29f3a1888cfd541594677bdfdd3c1bf8e864a098af8e085738121773a7cfab97639f1751269739a1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 12:38
Reported
2024-05-16 12:45
Platform
win11-20240508-en
Max time kernel
284s
Max time network
294s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\jp2launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1604 set thread context of 4700 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3008 set thread context of 1612 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2096 set thread context of 3704 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3896 set thread context of 2004 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2908 set thread context of 3528 | N/A | C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1 = 8c00310000000000a858096e110050524f4752417e310000740009000400efbec5525961a858096e2e0000003f0000000000010000000000000000004a00000000000e0d5a00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\NodeSlot = "5" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OwnCheat.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap23676:74:7zEvent22141
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
"C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\jp2launcher.exe
"C:\Users\Admin\Desktop\OwnCheat\Addons\bin\jp2launcher.exe"
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe
"C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 147.45.47.64:11837 | tcp | |
| RU | 147.45.47.64:11837 | tcp | |
| RU | 147.45.47.64:11837 | tcp | |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| CZ | 104.64.113.235:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 235.113.64.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 95.101.143.218:443 | tcp | |
| US | 20.42.65.93:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| BE | 2.17.107.120:443 | r.bing.com | tcp |
| RU | 147.45.47.64:11837 | tcp | |
| RU | 147.45.47.64:11837 | tcp |
Files
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\ext\cross.ext
| MD5 | dada5d3d71d97009275fe266381bd52b |
| SHA1 | be421b5c86767be813811869acf569a1ad1dbf3d |
| SHA256 | 63c3d033bfd95795a555e1ad0b9233c1547cfd7682cca803b31c2a985615d91b |
| SHA512 | 99d5fb30378029dac8980a902848bbbd0f638b0a5bf058537aa27a21a64dafa9c39674273af4a0d15793065c543d358f1a75559ab9c354d9f7754ca03fde4c51 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\Desktop\OwnCheat\OwnCheat.exe
| MD5 | 912358f984f87614dbedb09490dcacfd |
| SHA1 | a867edcd5cb5151b2d7ec36052d6299c6bab2029 |
| SHA256 | 0094e98a9f21a84e831ec6a4dccd2d912c5f5d78a1ae3c9339acf799e80280d4 |
| SHA512 | 4decc1655c5f477d10d5e583f9ed1a0874cb1a8974d2a8aa3a68ab3a886cbecc07d654c73e5764f1257d25cb0fce5e5d2f707119d0da7d96dbe099ac4e75ea36 |
memory/1604-412-0x0000000001400000-0x0000000001401000-memory.dmp
memory/1604-414-0x0000000001400000-0x0000000001401000-memory.dmp
memory/4700-413-0x0000000000400000-0x000000000044A000-memory.dmp
memory/4700-415-0x0000000005F90000-0x0000000006536000-memory.dmp
memory/4700-416-0x00000000059E0000-0x0000000005A72000-memory.dmp
memory/4700-417-0x0000000005970000-0x000000000597A000-memory.dmp
memory/4700-418-0x0000000006FF0000-0x0000000007608000-memory.dmp
memory/4700-419-0x0000000006B20000-0x0000000006C2A000-memory.dmp
memory/4700-420-0x0000000006A30000-0x0000000006A42000-memory.dmp
memory/4700-421-0x0000000006A90000-0x0000000006ACC000-memory.dmp
memory/4700-422-0x0000000006AD0000-0x0000000006B1C000-memory.dmp
memory/4700-423-0x0000000006D20000-0x0000000006D86000-memory.dmp
memory/4700-424-0x0000000007690000-0x0000000007706000-memory.dmp
memory/4700-425-0x0000000007630000-0x000000000764E000-memory.dmp
memory/4700-426-0x0000000008F80000-0x0000000009142000-memory.dmp
memory/4700-427-0x0000000009680000-0x0000000009BAC000-memory.dmp
memory/3008-432-0x00000000013F0000-0x00000000013F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
| MD5 | 661cf82d7ff5c760912b43f583c59aa5 |
| SHA1 | 924bacd9bb4e0f5f985b4f98bcd4a83a46775497 |
| SHA256 | e85f98a486bee3b77e4c15d304d2209d3944ec6e3ac2faadf68ba176edfa64ae |
| SHA512 | 44db890cc597390afd2b529af490e0835d14ef703eba6488720524666b76aedc02c7d17977f6c115474b6639ffcce409ebb205deb182b08a48fe5986109b616d |
memory/2096-437-0x0000000000990000-0x0000000000991000-memory.dmp
memory/3896-441-0x00000000009D0000-0x00000000009D1000-memory.dmp
memory/2908-445-0x0000000000950000-0x0000000000951000-memory.dmp
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\jp2launcher.exe
| MD5 | 5f85f7f2dfac397d642834b61809240f |
| SHA1 | eca28e8464208fa11ef7df677b741cdd561483d9 |
| SHA256 | b71e00adb77d87882d58993a5888955bdd62c57d364f60aaa0fa19d32a69c9da |
| SHA512 | 2bfe9fce450e57ea93deeaa85a746cb17ba946eeff866f10d67c74f7ea038b16910e0d8ef29e9f358af7daabd45e3983c370fef82a9647546819dcde3aee45bc |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\MSVCR100.dll
| MD5 | bf38660a9125935658cfa3e53fdc7d65 |
| SHA1 | 0b51fb415ec89848f339f8989d323bea722bfd70 |
| SHA256 | 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa |
| SHA512 | 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1 |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\keytool.exe
| MD5 | 9a4cf09834f086568df469e3f670bf07 |
| SHA1 | 594c4e0394475a6299c79e3a063c7d5ae49635f3 |
| SHA256 | 709e9e544434c52285a72f29ad6b99ce1e7668545f10ad385c87abf34d2052bb |
| SHA512 | cd551e7944461f3288b880b9d161f19f97eb4599a3a46cc93c4172b5112960fb0c040b9996f13cf0761fb85a283e2f20944135ec59660c807a59b29cddc44586 |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\client\jvm.dll
| MD5 | 39c302fe0781e5af6d007e55f509606a |
| SHA1 | 23690a52e8c6578de6a7980bb78aae69d0f31780 |
| SHA256 | b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc |
| SHA512 | 67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77 |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\java.dll
| MD5 | 73bd0b62b158c5a8d0ce92064600620d |
| SHA1 | 63c74250c17f75fe6356b649c484ad5936c3e871 |
| SHA256 | e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30 |
| SHA512 | eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\verify.dll
| MD5 | de2167a880207bbf7464bcd1f8bc8657 |
| SHA1 | 0ff7a5ea29c0364a1162a090dffc13d29bc3d3c7 |
| SHA256 | fd856ea783ad60215ce2f920fcb6bb4e416562d3c037c06d047f1ec103cd10b3 |
| SHA512 | bb83377c5cff6117cec6fbadf6d40989ce1ee3f37e4ceba17562a59ea903d8962091146e2aa5cc44cfdddf280da7928001eea98abf0c0942d69819b2433f1322 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\i386\jvm.cfg
| MD5 | 9fd47c1a487b79a12e90e7506469477b |
| SHA1 | 7814df0ff2ea1827c75dcd73844ca7f025998cc6 |
| SHA256 | a73aea3074360cf62adedc0c82bc9c0c36c6a777c70da6c544d0fba7b2d8529e |
| SHA512 | 97b9d4c68ac4b534f86efa9af947763ee61aee6086581d96cbf7b3dbd6fd5d9db4b4d16772dce6f347b44085cef8a6ea3bfd3b84fbd9d4ef763cef39255fbce3 |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\jli.dll
| MD5 | 73a76ec257bd5574d9db43df2a3bb27f |
| SHA1 | 2c9248eae2f9f5f610f6a1dfd799b0598da00368 |
| SHA256 | 8f19b1ba9295f87e701c46cb888222bb7e79c6ee74b09237d3313e174ae0154f |
| SHA512 | 59ecd5fcf35745bdadcdb94456cb51bb7ea305647c164fe73d42e87f226528d1a53ce732f5ec64ce5b4581fa8a17cfbfdc8173e103ae862d6e92eb3ad3638518 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\meta-index
| MD5 | 91aa6ea7320140f30379f758d626e59d |
| SHA1 | 3be2febe28723b1033ccdaa110eaf59bbd6d1f96 |
| SHA256 | 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4 |
| SHA512 | 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb |
C:\Users\Admin\Desktop\OwnCheat\Addons\bin\zip.dll
| MD5 | cb99b83bbc19cd0e1c2ec6031d0a80bc |
| SHA1 | 927e1e24fd19f9ca8b5191ef3cc746b74ab68bcd |
| SHA256 | 68148243e3a03a3a1aaf4637f054993cb174c04f6bd77894fe84d74af5833bec |
| SHA512 | 29c4978fa56f15025355ce26a52bdf8197b8d8073a441425df3dfc93c7d80d36755cc05b6485dd2e1f168df2941315f883960b81368e742c4ea8e69dd82fa2ba |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\ext\meta-index
| MD5 | 77abe2551c7a5931b70f78962ac5a3c7 |
| SHA1 | a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc |
| SHA256 | c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4 |
| SHA512 | 9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\resources.jar
| MD5 | 9a084b91667e7437574236cd27b7c688 |
| SHA1 | d8926cc4aa12d6fe9abe64c8c3cb8bc0f594c5b1 |
| SHA256 | a1366a75454fc0f1ca5a14ea03b4927bb8584d6d5b402dfa453122ae16dbf22d |
| SHA512 | d603aa29e1f6eefff4b15c7ebc8a0fa18e090d2e1147d56fd80581c7404ee1cb9d6972fcf2bd0cb24926b3af4dfc5be9bce1fe018681f22a38adaa278bf22d73 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\ext\sunpkcs11.jar
| MD5 | 2e33d8f1fbeb9239c6ffc0d36de772d1 |
| SHA1 | 3f881e3b34693a96cd3d9e20d6aeabae98757359 |
| SHA256 | 938c497e97e893d0b9325522475ad9fb2c365a4af832ed180b570c3e4e6fd559 |
| SHA512 | db9a5b0f269bbfc9cb712d8bf170414d649cd72f0deeccdc3a4d742430e2e29e203f7e462d2df8f9ec2c82723a8a56ff8fd409cdcbe66547c798b15370b8db65 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\ext\sunmscapi.jar
| MD5 | 2249eac4f859c7bc578afd2f7b771249 |
| SHA1 | 76ba0e08c6b3df9fb1551f00189323dac8fc818c |
| SHA256 | a0719cae8271f918c8613feb92a7591d0a6e7d04266f62144b2eab7844d00c75 |
| SHA512 | db5415bc542f4910166163f9ba34bc33af1d114a73d852b143b2c3e28f59270827006693d6df460523e26516cab351d2ee3f944d715ae86cd12d926d09f92454 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\ext\sunec.jar
| MD5 | a269905bbb9f7d02baa24a756e7b09d7 |
| SHA1 | 82a0f9c5cbc2b79bdb6cfe80487691e232b26f9c |
| SHA256 | e2787698d746dc25c24d3be0fa751cea6267f68b4e972cfc3df4b4eac8046245 |
| SHA512 | 496841cf49e2bf4eb146632f7d1f09efa8f38ae99b93081af4297a7d8412b444b9f066358f0c110d33fea6ae60458355271d8fdcd9854c02efb2023af5f661f6 |
memory/648-502-0x0000000000E10000-0x0000000000E11000-memory.dmp
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\jce.jar
| MD5 | a39f61d6ed2585519d7af1e2ea029f59 |
| SHA1 | 52515ac6deab634f3495fd724dea643ee442b8fd |
| SHA256 | 60724d9e372fbe42759349a06d3426380ca2b9162fa01eb2c3587a58a34ad7e0 |
| SHA512 | ac2e9ab749f5365be0fb8ebd321e8f231d22eae396053745f047fcbccf8d3de2f737d3c37a52c715addfbdbd18f14809e8b37b382b018b58a76e063efba96948 |
C:\Users\Admin\Desktop\OwnCheat\Addons\lib\jsse.jar
| MD5 | fd1434c81219c385f30b07e33cef9f30 |
| SHA1 | 0b5ee897864c8605ef69f66dfe1e15729cfcbc59 |
| SHA256 | bc3a736e08e68ace28c68b0621dccfb76c1063bd28d7bd8fce7b20e7b7526cc5 |
| SHA512 | 9a778a3843744f1fabad960aa22880d37c30b1cab29e123170d853c9469dc54a81e81a9070e1de1bf63ba527c332bb2b1f1d872907f3bdce33a6898a02fef22d |