hxxps://drive[.]google[.]com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing

Resubmissions

12-07-2024 21:07

240712-zym9gssene 7

12-07-2024 21:03

240712-zwcd7ssdqc 7

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
556	setup.tmp
968	Vasyapersky.exe
1060	javaw.exe

Loads dropped DLL 14 IoCs

pid	Process
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe
1060	javaw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\ = "Vasyaperskiy File"	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp\DefaultIcon	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open\command\ = "\"C:\\Vasyaperskiy\\Vasyapersky.exe\" \"%1\""	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\DefaultIcon\ = "C:\\Vasyaperskiy\\Vasyapersky.exe,0"	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp\shell\open\command	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open\command	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\Vasyapersky.exe\SupportedTypes	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe\SupportedTypes\.myp	setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.myp\OpenWithProgids	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe\SupportedTypes	setup.tmp

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
1616	msedge.exe
1616	msedge.exe
4344	identity_helper.exe
4344	identity_helper.exe
1516	msedge.exe
1516	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
556	setup.tmp
556	setup.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
556	setup.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1060	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 220	1616	msedge.exe	83
PID 1616 wrote to memory of 220	1616	msedge.exe	83
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 1536	1616	msedge.exe	85
PID 1616 wrote to memory of 5016	1616	msedge.exe	86
PID 1616 wrote to memory of 5016	1616	msedge.exe	86
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87
PID 1616 wrote to memory of 4048	1616	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff977db46f8,0x7ff977db4708,0x7ff977db4718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3703520645882830887,10503146454671160482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4844

C:\Users\Admin\Desktop\Vasyaperskiy\setup.exe
"C:\Users\Admin\Desktop\Vasyaperskiy\setup.exe"
1⤵
PID:4848
- C:\Users\Admin\AppData\Local\Temp\is-J4280.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-J4280.tmp\setup.tmp" /SL5="$B02CC,112694259,734720,C:\Users\Admin\Desktop\Vasyaperskiy\setup.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:556
- - C:\Vasyaperskiy\Vasyapersky.exe
    "C:\Vasyaperskiy\Vasyapersky.exe"
    3⤵
    - Executes dropped EXE
    PID:968
  - - C:\Vasyaperskiy\jre\bin\javaw.exe
      "C:\Vasyaperskiy\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar" org.develnext.jphp.ext.javafx.FXLauncher
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
11cb49c9e4f797e9b9c35a749bddd5c0

SHA1
65a99699bc88abef137ea08f5438d0b9571f495a

SHA256
a72cb3920d9d69e5d9b6ffa403f61b3cf240c3b5880312741f848ec55ddcb3b1

SHA512
bd9f7fdd817122517b1e39932e0d3bd1649c7c74874664f1dc4aa1ef7914a0c04a49c62f6b650826c023f127f7a0b413546813aaf3474d4b907f5a4c5d1e0c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
12828c38cf9f0d0945aea72220b2b183

SHA1
258edbce5753cea4563a8521262d126a3841745e

SHA256
57ff86b1144e340ed358a8b566c94c9f4856d54e90c0b9bc7e48df8401fc7b2e

SHA512
473ed1d90bed28960d61310d3043f98c15bfe82a7deb7dd2f564eff723f5073779a44fb57dd6e6c7603e580eb89248d395d15bf04750ef7b67c1aa8946ad2d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bbfaba6e98a9e784b7e6ba7dc48c92df

SHA1
0bffa83c0b9fc9c51f55a31ded6dc32459dc4507

SHA256
d84b6d20c9f2e3aeb693f1ac2503da124c9fb4ee5e3e66e06a0b7f5a1035f21c

SHA512
64a18ba09909209d19e00caaa9e7695ef3e194a5655aa845de70690b709d09e2f564eb97f0534c6b541b04a8dffd10fc165ba219dab38279249dadd623e302fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7a4b84ef126a16d45754bbaff8b4cc2

SHA1
6ce1522242e307d1fff92e8bb5bf8cf6d874b2df

SHA256
0f139b13a9d1f1afe25fec7cb42f96085f6dd94b2949c0f1759e58e3f9d023fb

SHA512
3af7e12d7c0e09efaa0e3b65763ae272dd96312fd7239eb0ae051d26155c6d2793644afa3cdb1d5db2fc9283833d01398630f35d9ce26938424808ce46d96e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4317936933b8700213844134c0bae4f7

SHA1
a4f3463f7ca462c66f38a90a44269699367797e3

SHA256
2754f5588f1ada5dcace3f01115d7764ea13f77ad34fc23487cf47aeb632fde8

SHA512
276e75522348447a147f90e247d8a2f6d8bbfb5eac293e0e945014b1f27ec67bc2c0f311bd378a07858c42ca1c27751883b9f317029c4e94dea7ca57e404e67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
34f170101d8abb3eaf74f37a4015871a

SHA1
74a7e1776e1f1a0927df200f3247b46a3c70c593

SHA256
8d9faa52ca97047f6c1414e20ad9eeb78b23c664894c8780131ce02cb86bbd30

SHA512
6e45579d2a04a4f9d5a324bc500bf82eb7bd3af3ca66d552a8ff3170bbd2974d5c3c5b04bbd718b6c1580ab322dd38916048a0371ad24a3c7cb1dd9d5d97bd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf7a803da3513d01b116e419291cbb0b

SHA1
11ba73bc1ff121a4c1662b8d0f16a4ee91e713d9

SHA256
e7a8cc03bbe78ad869ce71969ea878df7fc72bac75e072e5a9d18d5f03260510

SHA512
ae7ec64c5d2b53cbc691e82e444db6e638b57f7b7ff474255522640afc4bf9b83e7bb16696d46817659d58900318b56186322953c8ad955ccf2516c5eb247322

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J4280.tmp\setup.tmp

Filesize
2.9MB

MD5
0191d1072d7701a28ec036b930c6d5fd

SHA1
8e1c191c0515278cac4a3d18633cbeb531380c37

SHA256
5e04270116cfb9f0b34679ce0be1d13369660b57bc9c11c37be0d620db5a2242

SHA512
652e7518ecb610102d603e733ce27a9b48d1ab1ee75203506972ad3b24e17b0ad2c9fbe3e679beb0f894640fdc65279bb9f7a2301724c800025e7d1bf6925e35

Download Submit
C:\Vasyaperskiy\Vasyapersky.exe

Filesize
46KB

MD5
7b9aea8cfc0ea6217e62ba01dd570454

SHA1
a4226bb5b300ee85f5cc3fc4ee321ffb9db107f6

SHA256
44fce6313ca9fd107a616771bd96699c944dbb02b75aba0e764f92822ba05c8e

SHA512
188e2d3152dc578c0d30ad242271e58001b337a8cbf23247e06086a72de2b117129367343f7ae25271f54d9691be9152b27108c2afcdf893f67b4e83449f061f

Download Submit
C:\Vasyaperskiy\jre\bin\client\jvm.dll

Filesize
3.7MB

MD5
39c302fe0781e5af6d007e55f509606a

SHA1
23690a52e8c6578de6a7980bb78aae69d0f31780

SHA256
b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc

SHA512
67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77

Download Submit
C:\Vasyaperskiy\jre\bin\java.dll

Filesize
123KB

MD5
73bd0b62b158c5a8d0ce92064600620d

SHA1
63c74250c17f75fe6356b649c484ad5936c3e871

SHA256
e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30

SHA512
eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f

Download Submit
C:\Vasyaperskiy\jre\bin\javaw.exe

Filesize
187KB

MD5
48c96771106dbdd5d42bba3772e4b414

SHA1
e84749b99eb491e40a62ed2e92e4d7a790d09273

SHA256
a96d26428942065411b1b32811afd4c5557c21f1d9430f3696aa2ba4c4ac5f22

SHA512
9f891c787eb8ceed30a4e16d8e54208fa9b19f72eeec55b9f12d30dc8b63e5a798a16b1ccc8cea3e986191822c4d37aedb556e534d2eb24e4a02259555d56a2c

Download Submit
C:\Vasyaperskiy\jre\bin\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Vasyaperskiy\jre\bin\msvcr100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Vasyaperskiy\jre\bin\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Vasyaperskiy\jre\bin\net.dll

Filesize
78KB

MD5
691b937a898271ee2cffab20518b310b

SHA1
abedfcd32c3022326bc593ab392dea433fcf667c

SHA256
2f5f1199d277850a009458edb5202688c26dd993f68fe86ca1b946dc74a36d61

SHA512
1c09f4e35a75b336170f64b5c7254a51461dc1997b5862b62208063c6cf84a7cb2d66a67e947cbbf27e1cf34ccd68ba4e91c71c236104070ef3beb85570213ec

Download Submit
C:\Vasyaperskiy\jre\bin\nio.dll

Filesize
50KB

MD5
95edb3cb2e2333c146a4dd489ce67cbd

SHA1
79013586a6e65e2e1f80e5caf9e2aa15b7363f9a

SHA256
96cf590bddfd90086476e012d9f48a9a696efc054852ef626b43d6d62e72af31

SHA512
ab671f1bce915d748ee49518cc2a666a2715b329cab4ab8f6b9a975c99c146bb095f7a4284cd2aaf4a5b4fcf4f939f54853af3b3acc4205f89ed2ba8a33bb553

Download Submit
C:\Vasyaperskiy\jre\bin\prism_d3d.dll

Filesize
113KB

MD5
5aadadf700c7771f208dda7ce60de120

SHA1
e9cf7e7d1790dc63a58106c416944fd6717363a5

SHA256
89dac9792c884b70055566564aa12a8626c3aa127a89303730e66aba3c045f79

SHA512
624431a908c2a835f980391a869623ee1fa1f5a1a41f3ee08040e6395b8c11734f76fe401c4b9415f2055e46f60a7f9f2ac0a674604e5743ab8301dbadf279f2

Download Submit
C:\Vasyaperskiy\jre\bin\verify.dll

Filesize
38KB

MD5
de2167a880207bbf7464bcd1f8bc8657

SHA1
0ff7a5ea29c0364a1162a090dffc13d29bc3d3c7

SHA256
fd856ea783ad60215ce2f920fcb6bb4e416562d3c037c06d047f1ec103cd10b3

SHA512
bb83377c5cff6117cec6fbadf6d40989ce1ee3f37e4ceba17562a59ea903d8962091146e2aa5cc44cfdddf280da7928001eea98abf0c0942d69819b2433f1322

Download Submit
C:\Vasyaperskiy\jre\bin\zip.dll

Filesize
68KB

MD5
cb99b83bbc19cd0e1c2ec6031d0a80bc

SHA1
927e1e24fd19f9ca8b5191ef3cc746b74ab68bcd

SHA256
68148243e3a03a3a1aaf4637f054993cb174c04f6bd77894fe84d74af5833bec

SHA512
29c4978fa56f15025355ce26a52bdf8197b8d8073a441425df3dfc93c7d80d36755cc05b6485dd2e1f168df2941315f883960b81368e742c4ea8e69dd82fa2ba

Download Submit
C:\Vasyaperskiy\jre\lib\currency.data

Filesize
4KB

MD5
f6258230b51220609a60aa6ba70d68f3

SHA1
b5b95dd1ddcd3a433db14976e3b7f92664043536

SHA256
22458853da2415f7775652a7f57bb6665f83a9ae9fb8bd3cf05e29aac24c8441

SHA512
b2dfcfdebf9596f2bb05f021a24335f1eb2a094dca02b2d7dd1b7c871d5eecda7d50da7943b9f85edb5e92d9be6b6adfd24673ce816df3960e4d68c7f894563f

Download Submit
C:\Vasyaperskiy\jre\lib\ext\jfxrt.jar

Filesize
17.3MB

MD5
042b3675517d6a637b95014523b1fd7d

SHA1
82161caf5f0a4112686e4889a9e207c7ba62a880

SHA256
a570f20f8410f9b1b7e093957bf0ae53cae4731afaea624339aa2a897a635f22

SHA512
7672d0b50a92e854d3bd3724d01084cc10a90678b768e9a627baf761993e56a0c6c62c19155649fe9a8ceeabf845d86cbbb606554872ae789018a8b66e5a2b35

Download Submit
C:\Vasyaperskiy\jre\lib\ext\meta-index

Filesize
1KB

MD5
77abe2551c7a5931b70f78962ac5a3c7

SHA1
a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc

SHA256
c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4

SHA512
9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935

Download Submit
C:\Vasyaperskiy\jre\lib\i386\jvm.cfg

Filesize
657B

MD5
9fd47c1a487b79a12e90e7506469477b

SHA1
7814df0ff2ea1827c75dcd73844ca7f025998cc6

SHA256
a73aea3074360cf62adedc0c82bc9c0c36c6a777c70da6c544d0fba7b2d8529e

SHA512
97b9d4c68ac4b534f86efa9af947763ee61aee6086581d96cbf7b3dbd6fd5d9db4b4d16772dce6f347b44085cef8a6ea3bfd3b84fbd9d4ef763cef39255fbce3

Download Submit
C:\Vasyaperskiy\jre\lib\images\cursors\is-ECT60.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Vasyaperskiy\jre\lib\jsse.jar

Filesize
619KB

MD5
fd1434c81219c385f30b07e33cef9f30

SHA1
0b5ee897864c8605ef69f66dfe1e15729cfcbc59

SHA256
bc3a736e08e68ace28c68b0621dccfb76c1063bd28d7bd8fce7b20e7b7526cc5

SHA512
9a778a3843744f1fabad960aa22880d37c30b1cab29e123170d853c9469dc54a81e81a9070e1de1bf63ba527c332bb2b1f1d872907f3bdce33a6898a02fef22d

Download Submit
C:\Vasyaperskiy\jre\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Vasyaperskiy\jre\lib\resources.jar

Filesize
3.3MB

MD5
9a084b91667e7437574236cd27b7c688

SHA1
d8926cc4aa12d6fe9abe64c8c3cb8bc0f594c5b1

SHA256
a1366a75454fc0f1ca5a14ea03b4927bb8584d6d5b402dfa453122ae16dbf22d

SHA512
d603aa29e1f6eefff4b15c7ebc8a0fa18e090d2e1147d56fd80581c7404ee1cb9d6972fcf2bd0cb24926b3af4dfc5be9bce1fe018681f22a38adaa278bf22d73

Download Submit
C:\Vasyaperskiy\jre\lib\security\java.security

Filesize
26KB

MD5
409c132fe4ea4abe9e5eb5a48a385b61

SHA1
446d68298be43eb657934552d656fa9ae240f2a2

SHA256
4d9e5a12b8cac8b36ecd88468b1c4018bc83c97eb467141901f90358d146a583

SHA512
7fed286ac9aed03e2dae24c3864edbbf812b65965c7173cc56ce622179eb5f872f77116275e96e1d52d1c58d3cdebe4e82b540b968e95d5da656aa74ad17400d

Download Submit
C:\Vasyaperskiy\jre\lib\tzdb.dat

Filesize
101KB

MD5
5a7f416bd764e4a0c2deb976b1d04b7b

SHA1
e12754541a58d7687deda517cdda14b897ff4400

SHA256
a636afa5edba8aa0944836793537d9c5b5ca0091ccc3741fc0823edae8697c9d

SHA512
3ab2ad86832b98f8e5e1ce1c1b3ffefa3c3d00b592eb1858e4a10fff88d1a74da81ad24c7ec82615c398192f976a1c15358fce9451aa0af9e65fb566731d6d8f

Download Submit
C:\Vasyaperskiy\jre\lib\tzmappings

Filesize
8KB

MD5
b8dd8953b143685b5e91abeb13ff24f0

SHA1
b5ceb39061fce39bb9d7a0176049a6e2600c419c

SHA256
3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272

SHA512
c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

Download Submit
C:\Vasyaperskiy\lib\asm-all.jar

Filesize
241KB

MD5
f5ad16c7f0338b541978b0430d51dc83

SHA1
2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a

SHA256
7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d

SHA512
82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a

Download Submit
C:\Vasyaperskiy\lib\dn-compiled-module.jar

Filesize
622KB

MD5
1fb2de3b484804f16b2f0a89eac799a2

SHA1
b7d51dbdf301bba44aa69b63c000a482768b9209

SHA256
7b48ab893a316725892e16e4c678a0837c5e1323b6dbeae716d1da5ea4104158

SHA512
9d506c00a779b879c8f4864a6133c4b2ab6a7ca50ab17f260af60e5d2238444f04543b17baac080b90bbf742e902fdca68b90c17d4770f8dacf8aecc51c54d53

Download Submit
C:\Vasyaperskiy\lib\dn-php-sdk.jar

Filesize
12KB

MD5
3e5e8cccff7ff343cbfe22588e569256

SHA1
66756daa182672bff27e453eed585325d8cc2a7a

SHA256
0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4

SHA512
8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522

Download Submit
C:\Vasyaperskiy\lib\gson.jar

Filesize
226KB

MD5
5134a2350f58890ffb9db0b40047195d

SHA1
751f548c85fa49f330cecbb1875893f971b33c4e

SHA256
2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32

SHA512
c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a

Download Submit
C:\Vasyaperskiy\lib\jphp-app-framework.jar

Filesize
103KB

MD5
0c8768cdeb3e894798f80465e0219c05

SHA1
c4da07ac93e4e547748ecc26b633d3db5b81ce47

SHA256
15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669

SHA512
35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106

Download Submit
C:\Vasyaperskiy\lib\jphp-core.jar

Filesize
464KB

MD5
7e5e3d6d352025bd7f093c2d7f9b21ab

SHA1
ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57

SHA256
5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a

SHA512
c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad

Download Submit
C:\Vasyaperskiy\lib\jphp-desktop-ext.jar

Filesize
16KB

MD5
b50e2c75f5f0e1094e997de8a2a2d0ca

SHA1
d789eb689c091536ea6a01764bada387841264cb

SHA256
cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23

SHA512
57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0

Download Submit
C:\Vasyaperskiy\lib\jphp-gui-ext.jar

Filesize
688KB

MD5
6696368a09c7f8fed4ea92c4e5238cee

SHA1
f89c282e557d1207afd7158b82721c3d425736a7

SHA256
c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4

SHA512
0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76

Download Submit
C:\Vasyaperskiy\lib\jphp-json-ext.jar

Filesize
16KB

MD5
fde38932b12fc063451af6613d4470cc

SHA1
bc08c114681a3afc05fb8c0470776c3eae2eefeb

SHA256
9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830

SHA512
0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839

Download Submit
C:\Vasyaperskiy\lib\jphp-runtime.jar

Filesize
1.1MB

MD5
d5ef47c915bef65a63d364f5cf7cd467

SHA1
f711f3846e144dddbfb31597c0c165ba8adf8d6b

SHA256
9c287472408857301594f8f7bda108457f6fdae6e25c87ec88dbf3012e5a98b6

SHA512
04aeb956bfcd3bd23b540f9ad2d4110bb2ffd25fe899152c4b2e782daa23a676df9507078ecf1bfc409ddfbe2858ab4c4c324f431e45d8234e13905eb192bae8

Download Submit
C:\Vasyaperskiy\lib\jphp-xml-ext.jar

Filesize
19KB

MD5
0a79304556a1289aa9e6213f574f3b08

SHA1
7ee3bde3b1777bf65d4f62ce33295556223a26cd

SHA256
434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79

SHA512
1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e

Download Submit
C:\Vasyaperskiy\lib\jphp-zend-ext.jar

Filesize
95KB

MD5
4bc2aea7281e27bc91566377d0ed1897

SHA1
d02d897e8a8aca58e3635c009a16d595a5649d44

SHA256
4aef566bbf3f0b56769a0c45275ebbf7894e9ddb54430c9db2874124b7cea288

SHA512
da35bb2f67bca7527dc94e5a99a162180b2701ddca2c688d9e0be69876aca7c48f192d0f03d431ccd2d8eec55e0e681322b4f15eba4db29ef5557316e8e51e10

Download Submit
memory/556-194-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/556-215-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/556-727-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/556-190-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/556-711-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/556-198-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/968-651-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1060-708-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1060-712-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1060-767-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1060-777-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1060-780-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/4848-729-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4848-189-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4848-182-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download