hxxps://drive[.]google[.]com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing

Resubmissions

12/07/2024, 21:07

240712-zym9gssene 7

12/07/2024, 21:03

240712-zwcd7ssdqc 7

Analysis

max time kernel
292s
max time network
257s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing

Score

7^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 5 IoCs

pid	Process
2268	setup.exe
1976	setup.tmp
2288	Vasyapersky.exe
1052	javaw.exe
456	MRT.exe

Loads dropped DLL 17 IoCs

pid	Process
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
1052	javaw.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	MRT.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\MRT\E699964F-EDD3-6D64-91E5-5256B3076050\MPGEAR.DLL	MRT.exe
File created	C:\Windows\system32\MRT\E699964F-EDD3-6D64-91E5-5256B3076050\MPENGINE.DLL	MRT.exe
File created	C:\Windows\system32\MRT\E699964F-EDD3-6D64-91E5-5256B3076050\MRT\4F9D9BB8-DAE6-4F3C-B2B0-4C461C52C120\MpGearSupport_20240712_211749ACC5228A-3EE6-4AA6-3988-CDA2A164B998.log	MRT.exe
File created	C:\Windows\system32\MRT\E699964F-EDD3-6D64-91E5-5256B3076050\MRT\4F9D9BB8-DAE6-4F3C-B2B0-4C461C52C120\01dad4a106acf5ed	MRT.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\mrt.log	MRT.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open\command	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe\SupportedTypes	setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32	MRT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\Vasyapersky.exe\SupportedTypes	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe\SupportedTypes\.myp	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.myp\OpenWithProgids	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\DefaultIcon\ = "C:\\Vasyaperskiy\\Vasyapersky.exe,0"	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp\DefaultIcon	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp\shell\open\command	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open\command\ = "\"C:\\Vasyaperskiy\\Vasyapersky.exe\" \"%1\""	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\ = "Vasyaperskiy File"	setup.tmp

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
4412	msedge.exe
4412	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe
4500	msedge.exe
4500	msedge.exe
1976	setup.tmp
1976	setup.tmp
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe
456	MRT.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	2428	7zG.exe
Token: 35	2428	7zG.exe
Token: SeSecurityPrivilege	2428	7zG.exe
Token: SeSecurityPrivilege	2428	7zG.exe
Token: SeDebugPrivilege	456	MRT.exe
Token: SeBackupPrivilege	456	MRT.exe
Token: SeRestorePrivilege	456	MRT.exe
Token: SeSystemEnvironmentPrivilege	456	MRT.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
2428	7zG.exe
1976	setup.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1052	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 3756	4412	msedge.exe	83
PID 4412 wrote to memory of 3756	4412	msedge.exe	83
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 1452	4412	msedge.exe	84
PID 4412 wrote to memory of 3608	4412	msedge.exe	85
PID 4412 wrote to memory of 3608	4412	msedge.exe	85
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86
PID 4412 wrote to memory of 4548	4412	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90f5b46f8,0x7ff90f5b4708,0x7ff90f5b4718
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=180 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1395719348129576680,15337785253559327744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap4939:86:7zEvent25793
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2428

C:\Users\Admin\Downloads\Vasyaperskiy\setup.exe
"C:\Users\Admin\Downloads\Vasyaperskiy\setup.exe"
1⤵
- Executes dropped EXE
PID:2268
- C:\Users\Admin\AppData\Local\Temp\is-756TP.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-756TP.tmp\setup.tmp" /SL5="$50284,112694259,734720,C:\Users\Admin\Downloads\Vasyaperskiy\setup.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1976
- - C:\Vasyaperskiy\Vasyapersky.exe
    "C:\Vasyaperskiy\Vasyapersky.exe"
    3⤵
    - Executes dropped EXE
    PID:2288
  - - C:\Vasyaperskiy\jre\bin\javaw.exe
      "C:\Vasyaperskiy\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar" org.develnext.jphp.ext.javafx.FXLauncher
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Vasyaperskiy\MRT.exe
        
        C:\Vasyaperskiy\MRT.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Drops file in System32 directory
        Drops file in Windows directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:456

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Vasyaperskiy\Читать перед установкой!!!.txt
1⤵
PID:5796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
725106455e4a41d25aff598ecf7b5bfb

SHA1
f7782da229253d79cc699682e2ea8ed65c094fcb

SHA256
a8cb4229a66d04f5168ed9165ca6edb7b3450d3ab349563f86d5f4f20d7d4027

SHA512
330470b6b0e79d7b3b2b407f6cdc95cf501f13efc40a780d36f65526ea8b03a80d7a75de4d896a0825d155ab006293d7535ec26915fe42492ea2eaa9df947280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bb83dbb54be78d3e6a943285525d7741

SHA1
347e09032d18f99482b28aa4aa360bd65dc795f7

SHA256
f994a7d25cf25cd0f7719820fee21ccce26dcbacf99e2e1a9f8a8949246232ab

SHA512
7f3e25c39eee1f7b6ed3ca45020a02a6c3309acd71d41bea6aaa2190cc98db40735bedfdb20f0f6e0cc4d0e12ab8b036602d98aa5a1f8bd22ec46568c836fef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70d305f7c7df76271701cb031f7f9ab5

SHA1
454048565ddcacdf3f7a0c0f5e1ab6d16fc61174

SHA256
6038eb6fe3addba8f76adea3996071a0f9a0755dfe791dbd1bd69174d823b3a9

SHA512
9f0caf33f95ec1adf129ea91e236c7e044522a8a8ed944cc979483131ee8cfab2bfc7f0794e23735c2e8dc4ee10bee08fe7b930a68c9d1ad3aff373e2baf2452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8cce60d8ef3c1408cfa2b6688d7bf9b9

SHA1
f31b7790a8854fa23f393b7a8ea82309af217c0c

SHA256
eaa03fb0c54a2ed53c092431d9e78d4680d19984e3c4453a25b1f70971463f54

SHA512
e1efc0a99b89e2d1f9104489f34e30f3c6017e3ce5f573a3c27f0cf2ea403c69b26667de0a802e5aee19b189e1d727dd58393d738940e21997b5fad4d1027bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
67d05af73dfc2f776eb3890ae0625cb7

SHA1
5ef6833c9a7d609539be85520748cf9d9afa17b7

SHA256
e970d40d65688a2f5516c7b4e5291f1bec1f3a7e2ddcd2edfbfea7fa6a8f587f

SHA512
02d5bd97d8bfac99715f820ef3e4b2a99edc7aa1a70bdcb8308e5a4f708fef5135909ddf92d5db34d12aaff005ce9eff7a88dafafca4e61aadc2d0e5f1acf7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61a1f5d3d7348ea9895e1eaa3a4e9de6

SHA1
3351f114cf7be982e14fe085a29b6ee0ec60c274

SHA256
345c11a19a3c53c7a53b346561526a63213033a199fec56633c9f795979b0b75

SHA512
0b598338835d3a5b35c02161ed007b2bd11a05a9a30417d21b1b3435f631d5ebaea385dd91198b07feac314d7759ae64adc22292e75e1a8d9a22d4d0be88d429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2594d49893de4759f90b0fe34d6984a6

SHA1
ecb88a474453dab35addcb87e30e27cc584aba45

SHA256
956963ebdd506d49fd608ac81d751a43fea327747d2d66ac364b53806838fc3c

SHA512
98130ad22a70d2d5b3eb12844312156beed6a7f9db2d9588ea8b2a0a26afd8dd00b4ad7a7645dbabf85ab1f3b9cce2e27dcb7433f425042a513d335f401dfaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f84b385692d4a10adf778991a1da5a6e

SHA1
b266a68fc73e00357712e9f79c64231183761196

SHA256
3448d2e466b30aa9cf47bc86f1980923f8f61eeeec4d0430c4ccf9242b7a193b

SHA512
b5cce337b2d6fed7fe3fa363643d79be41a43ad04099282a6eed124af92178bb3a3e2bd182a07d757c7b4cacc1160c786666210fbf9a5ea72b3044b4ba7e0bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c1efa63cb93b42683677373ddfea31f

SHA1
0d4ce6721422eaa172fa0a24a69436a9f0a126c2

SHA256
6c6e98277b08fe788b5f4dd0cb18de48f7612feb9aa2a53b936b5ce2b8db940f

SHA512
acfa6421e2c030ca103c7292a78edcbdd6d9ac0968732e7f2b6ba745f9661bffffc46b84ff4cf5a7e56e88bf0280060f27c588d533138bb602677bfef0556451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
26017d27cbeaabc40b2829cbe3f8ee8a

SHA1
2ebf33089a80a2984d7cc179ede699f1ddeb79db

SHA256
7131f6a2fe12af3a3c0e54b2b1e6f819f02e39b22d5df250d711d3259c0fc36c

SHA512
77ed106de76d3b5143019d2bf3f9660ea9acd2d5b6bedaa5921f435142fe2ecac0b766e6268124dc9fd812692291420345580240ac213f274b316a630af84cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
91c870f918074680f9d851d80fd4a10e

SHA1
6a0a4d7bef42aba0c7cd6fecc2b547673f187248

SHA256
22a75fee0c32acd12947c5ffed965e92bcc905c84da8b9987a27d6e23c83504b

SHA512
a2609f9e6f1e65ef39c1086081d6a96c0ae0a306ce633d42b37e971f8ec78ec59d72e5ffe0e899fa94f003782cc668f7f23c97e0108e1f5ccecd5a22a80ff3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4759a3e93cc770aea4d3eeb3fb0eac4

SHA1
f6e724b19a754d66dfa58b0a170c81775e3f0a67

SHA256
70265c06e848b4c5ec169ae0686709e7e02e3cf8be80839e3e799dd9211bb1eb

SHA512
7d19d7f5ac2beb27a1e33aca4e4a8fc699cb6c4168e9fd7d7f66cfbc0d2dc7d4c27c617082cefb76be606ca7bd0e3cef0a728c45e463f352bc0b0f353bb7d194

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-756TP.tmp\setup.tmp

Filesize
2.9MB

MD5
0191d1072d7701a28ec036b930c6d5fd

SHA1
8e1c191c0515278cac4a3d18633cbeb531380c37

SHA256
5e04270116cfb9f0b34679ce0be1d13369660b57bc9c11c37be0d620db5a2242

SHA512
652e7518ecb610102d603e733ce27a9b48d1ab1ee75203506972ad3b24e17b0ad2c9fbe3e679beb0f894640fdc65279bb9f7a2301724c800025e7d1bf6925e35

Download Submit
C:\Vasyaperskiy\Vasyapersky.exe

Filesize
46KB

MD5
7b9aea8cfc0ea6217e62ba01dd570454

SHA1
a4226bb5b300ee85f5cc3fc4ee321ffb9db107f6

SHA256
44fce6313ca9fd107a616771bd96699c944dbb02b75aba0e764f92822ba05c8e

SHA512
188e2d3152dc578c0d30ad242271e58001b337a8cbf23247e06086a72de2b117129367343f7ae25271f54d9691be9152b27108c2afcdf893f67b4e83449f061f

Download Submit
C:\Vasyaperskiy\jre\bin\client\jvm.dll

Filesize
3.7MB

MD5
39c302fe0781e5af6d007e55f509606a

SHA1
23690a52e8c6578de6a7980bb78aae69d0f31780

SHA256
b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc

SHA512
67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77

Download Submit
C:\Vasyaperskiy\jre\bin\java.dll

Filesize
123KB

MD5
73bd0b62b158c5a8d0ce92064600620d

SHA1
63c74250c17f75fe6356b649c484ad5936c3e871

SHA256
e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30

SHA512
eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f

Download Submit
C:\Vasyaperskiy\jre\bin\javaw.exe

Filesize
187KB

MD5
48c96771106dbdd5d42bba3772e4b414

SHA1
e84749b99eb491e40a62ed2e92e4d7a790d09273

SHA256
a96d26428942065411b1b32811afd4c5557c21f1d9430f3696aa2ba4c4ac5f22

SHA512
9f891c787eb8ceed30a4e16d8e54208fa9b19f72eeec55b9f12d30dc8b63e5a798a16b1ccc8cea3e986191822c4d37aedb556e534d2eb24e4a02259555d56a2c

Download Submit
C:\Vasyaperskiy\jre\bin\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Vasyaperskiy\jre\bin\msvcr100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Vasyaperskiy\jre\bin\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Vasyaperskiy\jre\bin\net.dll

Filesize
78KB

MD5
691b937a898271ee2cffab20518b310b

SHA1
abedfcd32c3022326bc593ab392dea433fcf667c

SHA256
2f5f1199d277850a009458edb5202688c26dd993f68fe86ca1b946dc74a36d61

SHA512
1c09f4e35a75b336170f64b5c7254a51461dc1997b5862b62208063c6cf84a7cb2d66a67e947cbbf27e1cf34ccd68ba4e91c71c236104070ef3beb85570213ec

Download Submit
C:\Vasyaperskiy\jre\bin\nio.dll

Filesize
50KB

MD5
95edb3cb2e2333c146a4dd489ce67cbd

SHA1
79013586a6e65e2e1f80e5caf9e2aa15b7363f9a

SHA256
96cf590bddfd90086476e012d9f48a9a696efc054852ef626b43d6d62e72af31

SHA512
ab671f1bce915d748ee49518cc2a666a2715b329cab4ab8f6b9a975c99c146bb095f7a4284cd2aaf4a5b4fcf4f939f54853af3b3acc4205f89ed2ba8a33bb553

Download Submit
C:\Vasyaperskiy\jre\bin\prism_d3d.dll

Filesize
113KB

MD5
5aadadf700c7771f208dda7ce60de120

SHA1
e9cf7e7d1790dc63a58106c416944fd6717363a5

SHA256
89dac9792c884b70055566564aa12a8626c3aa127a89303730e66aba3c045f79

SHA512
624431a908c2a835f980391a869623ee1fa1f5a1a41f3ee08040e6395b8c11734f76fe401c4b9415f2055e46f60a7f9f2ac0a674604e5743ab8301dbadf279f2

Download Submit
C:\Vasyaperskiy\jre\bin\verify.dll

Filesize
38KB

MD5
de2167a880207bbf7464bcd1f8bc8657

SHA1
0ff7a5ea29c0364a1162a090dffc13d29bc3d3c7

SHA256
fd856ea783ad60215ce2f920fcb6bb4e416562d3c037c06d047f1ec103cd10b3

SHA512
bb83377c5cff6117cec6fbadf6d40989ce1ee3f37e4ceba17562a59ea903d8962091146e2aa5cc44cfdddf280da7928001eea98abf0c0942d69819b2433f1322

Download Submit
C:\Vasyaperskiy\jre\bin\zip.dll

Filesize
68KB

MD5
cb99b83bbc19cd0e1c2ec6031d0a80bc

SHA1
927e1e24fd19f9ca8b5191ef3cc746b74ab68bcd

SHA256
68148243e3a03a3a1aaf4637f054993cb174c04f6bd77894fe84d74af5833bec

SHA512
29c4978fa56f15025355ce26a52bdf8197b8d8073a441425df3dfc93c7d80d36755cc05b6485dd2e1f168df2941315f883960b81368e742c4ea8e69dd82fa2ba

Download Submit
C:\Vasyaperskiy\jre\lib\currency.data

Filesize
4KB

MD5
f6258230b51220609a60aa6ba70d68f3

SHA1
b5b95dd1ddcd3a433db14976e3b7f92664043536

SHA256
22458853da2415f7775652a7f57bb6665f83a9ae9fb8bd3cf05e29aac24c8441

SHA512
b2dfcfdebf9596f2bb05f021a24335f1eb2a094dca02b2d7dd1b7c871d5eecda7d50da7943b9f85edb5e92d9be6b6adfd24673ce816df3960e4d68c7f894563f

Download Submit
C:\Vasyaperskiy\jre\lib\ext\jfxrt.jar

Filesize
17.3MB

MD5
042b3675517d6a637b95014523b1fd7d

SHA1
82161caf5f0a4112686e4889a9e207c7ba62a880

SHA256
a570f20f8410f9b1b7e093957bf0ae53cae4731afaea624339aa2a897a635f22

SHA512
7672d0b50a92e854d3bd3724d01084cc10a90678b768e9a627baf761993e56a0c6c62c19155649fe9a8ceeabf845d86cbbb606554872ae789018a8b66e5a2b35

Download Submit
C:\Vasyaperskiy\jre\lib\ext\meta-index

Filesize
1KB

MD5
77abe2551c7a5931b70f78962ac5a3c7

SHA1
a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc

SHA256
c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4

SHA512
9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935

Download Submit
C:\Vasyaperskiy\jre\lib\i386\jvm.cfg

Filesize
657B

MD5
9fd47c1a487b79a12e90e7506469477b

SHA1
7814df0ff2ea1827c75dcd73844ca7f025998cc6

SHA256
a73aea3074360cf62adedc0c82bc9c0c36c6a777c70da6c544d0fba7b2d8529e

SHA512
97b9d4c68ac4b534f86efa9af947763ee61aee6086581d96cbf7b3dbd6fd5d9db4b4d16772dce6f347b44085cef8a6ea3bfd3b84fbd9d4ef763cef39255fbce3

Download Submit
C:\Vasyaperskiy\jre\lib\images\cursors\is-348M3.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Vasyaperskiy\jre\lib\jsse.jar

Filesize
619KB

MD5
fd1434c81219c385f30b07e33cef9f30

SHA1
0b5ee897864c8605ef69f66dfe1e15729cfcbc59

SHA256
bc3a736e08e68ace28c68b0621dccfb76c1063bd28d7bd8fce7b20e7b7526cc5

SHA512
9a778a3843744f1fabad960aa22880d37c30b1cab29e123170d853c9469dc54a81e81a9070e1de1bf63ba527c332bb2b1f1d872907f3bdce33a6898a02fef22d

Download Submit
C:\Vasyaperskiy\jre\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Vasyaperskiy\jre\lib\resources.jar

Filesize
3.3MB

MD5
9a084b91667e7437574236cd27b7c688

SHA1
d8926cc4aa12d6fe9abe64c8c3cb8bc0f594c5b1

SHA256
a1366a75454fc0f1ca5a14ea03b4927bb8584d6d5b402dfa453122ae16dbf22d

SHA512
d603aa29e1f6eefff4b15c7ebc8a0fa18e090d2e1147d56fd80581c7404ee1cb9d6972fcf2bd0cb24926b3af4dfc5be9bce1fe018681f22a38adaa278bf22d73

Download Submit
C:\Vasyaperskiy\jre\lib\security\java.security

Filesize
26KB

MD5
409c132fe4ea4abe9e5eb5a48a385b61

SHA1
446d68298be43eb657934552d656fa9ae240f2a2

SHA256
4d9e5a12b8cac8b36ecd88468b1c4018bc83c97eb467141901f90358d146a583

SHA512
7fed286ac9aed03e2dae24c3864edbbf812b65965c7173cc56ce622179eb5f872f77116275e96e1d52d1c58d3cdebe4e82b540b968e95d5da656aa74ad17400d

Download Submit
C:\Vasyaperskiy\jre\lib\tzdb.dat

Filesize
101KB

MD5
5a7f416bd764e4a0c2deb976b1d04b7b

SHA1
e12754541a58d7687deda517cdda14b897ff4400

SHA256
a636afa5edba8aa0944836793537d9c5b5ca0091ccc3741fc0823edae8697c9d

SHA512
3ab2ad86832b98f8e5e1ce1c1b3ffefa3c3d00b592eb1858e4a10fff88d1a74da81ad24c7ec82615c398192f976a1c15358fce9451aa0af9e65fb566731d6d8f

Download Submit
C:\Vasyaperskiy\jre\lib\tzmappings

Filesize
8KB

MD5
b8dd8953b143685b5e91abeb13ff24f0

SHA1
b5ceb39061fce39bb9d7a0176049a6e2600c419c

SHA256
3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272

SHA512
c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

Download Submit
C:\Vasyaperskiy\lib\asm-all.jar

Filesize
241KB

MD5
f5ad16c7f0338b541978b0430d51dc83

SHA1
2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a

SHA256
7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d

SHA512
82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a

Download Submit
C:\Vasyaperskiy\lib\dn-compiled-module.jar

Filesize
622KB

MD5
1fb2de3b484804f16b2f0a89eac799a2

SHA1
b7d51dbdf301bba44aa69b63c000a482768b9209

SHA256
7b48ab893a316725892e16e4c678a0837c5e1323b6dbeae716d1da5ea4104158

SHA512
9d506c00a779b879c8f4864a6133c4b2ab6a7ca50ab17f260af60e5d2238444f04543b17baac080b90bbf742e902fdca68b90c17d4770f8dacf8aecc51c54d53

Download Submit
C:\Vasyaperskiy\lib\dn-php-sdk.jar

Filesize
12KB

MD5
3e5e8cccff7ff343cbfe22588e569256

SHA1
66756daa182672bff27e453eed585325d8cc2a7a

SHA256
0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4

SHA512
8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522

Download Submit
C:\Vasyaperskiy\lib\gson.jar

Filesize
226KB

MD5
5134a2350f58890ffb9db0b40047195d

SHA1
751f548c85fa49f330cecbb1875893f971b33c4e

SHA256
2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32

SHA512
c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a

Download Submit
C:\Vasyaperskiy\lib\jphp-app-framework.jar

Filesize
103KB

MD5
0c8768cdeb3e894798f80465e0219c05

SHA1
c4da07ac93e4e547748ecc26b633d3db5b81ce47

SHA256
15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669

SHA512
35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106

Download Submit
C:\Vasyaperskiy\lib\jphp-core.jar

Filesize
464KB

MD5
7e5e3d6d352025bd7f093c2d7f9b21ab

SHA1
ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57

SHA256
5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a

SHA512
c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad

Download Submit
C:\Vasyaperskiy\lib\jphp-desktop-ext.jar

Filesize
16KB

MD5
b50e2c75f5f0e1094e997de8a2a2d0ca

SHA1
d789eb689c091536ea6a01764bada387841264cb

SHA256
cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23

SHA512
57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0

Download Submit
C:\Vasyaperskiy\lib\jphp-gui-ext.jar

Filesize
688KB

MD5
6696368a09c7f8fed4ea92c4e5238cee

SHA1
f89c282e557d1207afd7158b82721c3d425736a7

SHA256
c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4

SHA512
0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76

Download Submit
C:\Vasyaperskiy\lib\jphp-json-ext.jar

Filesize
16KB

MD5
fde38932b12fc063451af6613d4470cc

SHA1
bc08c114681a3afc05fb8c0470776c3eae2eefeb

SHA256
9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830

SHA512
0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839

Download Submit
C:\Vasyaperskiy\lib\jphp-runtime.jar

Filesize
1.1MB

MD5
d5ef47c915bef65a63d364f5cf7cd467

SHA1
f711f3846e144dddbfb31597c0c165ba8adf8d6b

SHA256
9c287472408857301594f8f7bda108457f6fdae6e25c87ec88dbf3012e5a98b6

SHA512
04aeb956bfcd3bd23b540f9ad2d4110bb2ffd25fe899152c4b2e782daa23a676df9507078ecf1bfc409ddfbe2858ab4c4c324f431e45d8234e13905eb192bae8

Download Submit
C:\Vasyaperskiy\lib\jphp-xml-ext.jar

Filesize
19KB

MD5
0a79304556a1289aa9e6213f574f3b08

SHA1
7ee3bde3b1777bf65d4f62ce33295556223a26cd

SHA256
434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79

SHA512
1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e

Download Submit
C:\Vasyaperskiy\lib\jphp-zend-ext.jar

Filesize
95KB

MD5
4bc2aea7281e27bc91566377d0ed1897

SHA1
d02d897e8a8aca58e3635c009a16d595a5649d44

SHA256
4aef566bbf3f0b56769a0c45275ebbf7894e9ddb54430c9db2874124b7cea288

SHA512
da35bb2f67bca7527dc94e5a99a162180b2701ddca2c688d9e0be69876aca7c48f192d0f03d431ccd2d8eec55e0e681322b4f15eba4db29ef5557316e8e51e10

Download Submit
C:\Windows\System32\MRT\E699964F-EDD3-6D64-91E5-5256B3076050\MPENGINE.DLL

Filesize
18.6MB

MD5
394f8bc026b2bb8aeae7205a07bbd667

SHA1
bbdfd551bb916616af524cc0e8ddba4de7b2961c

SHA256
c22200e499fb2d7cef1a3092773221ad89b0627fe5b2c244bcbb41895b76d6d0

SHA512
041213ec76a53083b8cc5f45b5d676d159523b6b7d86939437aff2376aa13fed1c6592ab3e17808df06abe60109ed8fc0a30bdca47767f54d6fc8dccaf58f2e8

Download Submit
C:\Windows\System32\MRT\E699964F-EDD3-6D64-91E5-5256B3076050\MPGEAR.DLL

Filesize
607KB

MD5
a0c4ac6378ce0313955dccfd2d9208a6

SHA1
7ee2f0f3bf4504f4f7bbc63cb5fa883711c13801

SHA256
abbe3285c58c830314f9f0ad2ddc769139c0d808e27893290adc69a535b996b1

SHA512
72ea9f0d7399fa5d6865f3f887ffa07098b883b1428b33dcb552a40bb22ca6a461a546736667ca1aa97e5f06dffd10dab765c7f6e3e827dd0335b562b27d2fb5

Download Submit
memory/456-817-0x000002754ACD0000-0x000002754ACD4000-memory.dmp

Filesize
16KB

Download
memory/456-828-0x00000275496A0000-0x00000275496A4000-memory.dmp

Filesize
16KB

Download
memory/456-818-0x000002754ACE0000-0x000002754ACE4000-memory.dmp

Filesize
16KB

Download
memory/456-815-0x0000027545FD0000-0x0000027545FD4000-memory.dmp

Filesize
16KB

Download
memory/456-819-0x000002754ACF0000-0x000002754ACF4000-memory.dmp

Filesize
16KB

Download
memory/456-820-0x000002754B710000-0x000002754B714000-memory.dmp

Filesize
16KB

Download
memory/456-813-0x0000027556370000-0x0000027556888000-memory.dmp

Filesize
5.1MB

Download
memory/456-814-0x0000027556890000-0x0000027556C17000-memory.dmp

Filesize
3.5MB

Download
memory/456-816-0x000002754ABA0000-0x000002754ABA4000-memory.dmp

Filesize
16KB

Download
memory/456-838-0x00000275497C0000-0x0000027549852000-memory.dmp

Filesize
584KB

Download
memory/456-839-0x0000027545FE0000-0x0000027545FE1000-memory.dmp

Filesize
4KB

Download
memory/456-836-0x0000027549720000-0x000002754976B000-memory.dmp

Filesize
300KB

Download
memory/456-835-0x0000027549710000-0x0000027549714000-memory.dmp

Filesize
16KB

Download
memory/456-834-0x0000027549700000-0x0000027549704000-memory.dmp

Filesize
16KB

Download
memory/456-833-0x00000275496F0000-0x00000275496F4000-memory.dmp

Filesize
16KB

Download
memory/456-832-0x00000275496E0000-0x00000275496E4000-memory.dmp

Filesize
16KB

Download
memory/456-831-0x00000275496D0000-0x00000275496D4000-memory.dmp

Filesize
16KB

Download
memory/456-830-0x00000275496C0000-0x00000275496C4000-memory.dmp

Filesize
16KB

Download
memory/456-829-0x00000275496B0000-0x00000275496B4000-memory.dmp

Filesize
16KB

Download
memory/456-821-0x000002754B720000-0x000002754B724000-memory.dmp

Filesize
16KB

Download
memory/456-827-0x0000027549690000-0x0000027549694000-memory.dmp

Filesize
16KB

Download
memory/456-826-0x0000027549680000-0x0000027549684000-memory.dmp

Filesize
16KB

Download
memory/456-825-0x0000027549670000-0x0000027549674000-memory.dmp

Filesize
16KB

Download
memory/456-824-0x0000027549660000-0x0000027549664000-memory.dmp

Filesize
16KB

Download
memory/456-823-0x0000027549650000-0x0000027549654000-memory.dmp

Filesize
16KB

Download
memory/456-837-0x0000027549770000-0x00000275497BA000-memory.dmp

Filesize
296KB

Download
memory/456-822-0x0000027549640000-0x0000027549644000-memory.dmp

Filesize
16KB

Download
memory/1052-755-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/1052-793-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/1052-764-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/1052-707-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/1052-705-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/1976-708-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/1976-212-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/1976-206-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/2268-710-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/2268-205-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/2268-198-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/2288-648-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download