hxxps://drive[.]google[.]com/file/d/1VbYsHi04DAUm5yBazNP0tsWhGXK0I3_7/view?usp=sharing

Analysis

max time kernel
289s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
30-10-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1VbYsHi04DAUm5yBazNP0tsWhGXK0I3_7/view?usp=sharing

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
2428	7z2408-x64.exe
5320	7zFM.exe
1204	PlantsVsZombies.exe
5420	popcapgame1.exe

Loads dropped DLL 5 IoCs

pid	Process
3492	Process not Found
5320	7zFM.exe
1204	PlantsVsZombies.exe
1204	PlantsVsZombies.exe
5420	popcapgame1.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\Desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\Desktop.ini	7zFM.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2408-x64.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe
File opened for modification	C:\Windows\INF\display.PNF	svchost.exe
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe
File opened for modification	C:\Windows\INF\display.PNF	svchost.exe
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlantsVsZombies.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	popcapgame1.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747228503974115"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{E5B63932-55C6-4229-A85C-46B17765D669}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{ADBD95D2-529E-4FB5-88E7-09C8867494E1}	svchost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5900	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5836	OpenWith.exe
1204	PlantsVsZombies.exe
5420	popcapgame1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
5320	7zFM.exe
5320	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2428	7z2408-x64.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe
5836	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 404	2644	chrome.exe	86
PID 2644 wrote to memory of 404	2644	chrome.exe	86
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 4840	2644	chrome.exe	87
PID 2644 wrote to memory of 1864	2644	chrome.exe	88
PID 2644 wrote to memory of 1864	2644	chrome.exe	88
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89
PID 2644 wrote to memory of 4496	2644	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1VbYsHi04DAUm5yBazNP0tsWhGXK0I3_7/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae84ecc40,0x7ffae84ecc4c,0x7ffae84ecc58
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1608,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4844,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5300,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5512,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5520,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5776,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5780,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6112,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5800,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5808,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5444,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6072,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5748,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3312,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5484,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1136,i,2516921056387305342,8881782276606407010,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:548

C:\Users\Admin\Downloads\7z2408-x64.exe
"C:\Users\Admin\Downloads\7z2408-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5836

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\PVZ reparado y sin contraseña.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of FindShellTrayWindow
PID:5320

C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\PlantsVsZombies.exe
"C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\PlantsVsZombies.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1204
- C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe
  "C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe" -changedir="C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
PID:5416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2ec
1⤵
PID:5824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
PID:5428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
963KB

MD5
004d7851f74f86704152ecaaa147f0ce

SHA1
45a9765c26eb0b1372cb711120d90b5f111123b3

SHA256
028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

SHA512
16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
10KB

MD5
ed230f9f52ef20a79c4bed8a9fefdf21

SHA1
ec0153260b58438ad17faf1a506b22ad0fec1bdc

SHA256
7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95

SHA512
32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Base\_common_assets\images\common\modal_bg.png

Filesize
9KB

MD5
ae5f8d9877614ac3a7e3552a167d3f04

SHA1
5fd81ac32935d095ee06e267f517737294076404

SHA256
7177552516e355f70ebbebcb6e5f4dde8a51fbc5ec044c8102daf6baaad3ebdc

SHA512
7787236779bcf33fb9de2fb75f8b3b0cf297a256b4be4075e116e914818f8fa749380bb5950b1629e9fde916a49e17d54f1232d9cb676fcbe081958b8037dfe5

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Base\_common_assets\images\common\modal_overlay.jpg

Filesize
5KB

MD5
b2e5b30cd29663a4df3d7b2d2c1afe71

SHA1
007ea58cff6261597bf055ce2034f6081e9cce80

SHA256
d345252a86b9f675182a41a185d56c61307d151fc7d862741a1326c470c601ec

SHA512
da871c3d3ada66f27185eaf2301430ddb0fcb968b77653b1146033cbc2f05b0aee9081d23c14cde95c37735da8954875ac068d8430d1a367118f1e36017f837b

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Base\_common_assets\images\common\modal_overlay_.gif

Filesize
1KB

MD5
03e96848d3aa4f85380f2cd9ffdff7c9

SHA1
9861fbecd8b37667f655cd4fbb72cb1877a6236e

SHA256
00a3d5897587b1f99d730dd9bed606db45732bbcaa507a914cb067e3a0b28e71

SHA512
f4c548062399988d37060e094a133d5a65fb18cfb04041962fa47168c2fc45c835b8a71c64979a26a596c3e8d2d6343dac8e811af26da1cf448a3200d7c1a38f

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Base\_common_assets\images\playtrial_down.png

Filesize
5KB

MD5
2eb0879b278fc89778207e1eab472434

SHA1
5ceceac7ee7573aff700e56569b07d35bc76df6a

SHA256
7cfe938b6b152dd66b892c239a506f807eb7340c2022324ee1a1a878f41cbb4a

SHA512
844aebd19f2fcb30c02371817731e7c713cc2b7cdc82bd4466c0b05d8934b63fda293ceed5434b97896a3f485a4e055e000795198fa60d1a637df7f7850f752b

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Purchase\_common_assets\images\registration\connecting_.gif

Filesize
670B

MD5
f28a825eb180dcf0f03b2de1f18e7035

SHA1
3e173066c3729576fb7c89a86c0ec6c5f6bda9d6

SHA256
65bb55c562f3b5bd1de03a6f7f83f0ddf533211855a42bbd826c3f654e53a71b

SHA512
61b574807b4b9819cb6bec4db07bf2dd63d71467706c3cbbeea0e995b4f1c55109502071cfa4a1e937a55d99b7d3af7613722d2d3d3da61833f18a6b550ddd44

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Screens\purchasedendscreen\control.xml.bin

Filesize
230B

MD5
b66c17c5b76c2117f2d9282bc6a070cb

SHA1
3bb09ce13248af2d7260abdb455286c1b64a6ec9

SHA256
d9843f754948fb6f09ac1e0294d2ce76b890b4724de70287caf15f14173d373f

SHA512
8bffac981ed3765630cab23e9d9937a5b4dc5835dc5ec0e85531bd64920d5a96b76068614c0ede8c37df090411cc5ad2869bf36d2e8a62160e9c3be503e3847a

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\Screens\purchasedendscreen\control.xml.bin.sig

Filesize
18B

MD5
99ab81da0b597fec657ea1d28b06eeb6

SHA1
7f4faaa60dcec82ec6c8ac0c027109ed3f4c83b9

SHA256
816b8c84f2bc98ee3f49a93622249dfb5a37125feed1013d785f350a6557e7f1

SHA512
9d6c11a291870683ce1c18b66926072d60d4bb01b0442965ad8c3fdc2a58da4523c1099810f2fa9856d2914c6c89b63cf4c8e03f623bbbe3e9c1facd74b2a45b

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue3_.gif

Filesize
1KB

MD5
ccc3fa869b368e7103cfe36b80d1f386

SHA1
9679a307310aa3ba259ab28f9ff9bebb454aba11

SHA256
1569003e7a07a4ef3f7e0d4508a44f169ef8a04fc085189517520b1ea2dab0ca

SHA512
5f35c1a9a64fff6267bc217e5be829617bc45cf4a363b9a48e0355287a1be5183bcacd9a5563b1e4bbe29904f5b747ddd252917acd8150c79f4c85315905cb1f

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow3_.gif

Filesize
1KB

MD5
15ce10a289982ce0e874303223e1f54e

SHA1
1354add2333915a045b4eec5d69f785ea988d6be

SHA256
6c0a84f29604b0e0f5d0270b6a6b5da484c08ad7df510449a32a07dee666ed22

SHA512
3533cfb3bec41b5685863130a53a46920dfaa170ea70f143f12aeb1e6de2c899b1c7a0918367ed303283c5921c62367973b9ad6df95e8efba736db6d3d0b3bcd

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\drm\content\contentdb.xml.bin

Filesize
894B

MD5
7d2f9b425b0ea9be23b99de02f819352

SHA1
2fca3d2426adf5bf4265bebc064a58bde5ccbcc7

SHA256
c98159d83a0db921190694358f1c4d5f46bad82cab4754c69b96c95a42d1361d

SHA512
adfb5df8ae2e8477662bc7594fff54ef354cbc5da7da08a96d1662a2dfeeefa5d497e4d34e0abb333bcefee8df879a11087ea5139bcc2d591057f5e60bcaea27

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\userdata\user1.dat

Filesize
886B

MD5
1177cda7cd29c7a5d7c73301e172f62d

SHA1
9a804e10939961996a91878820068aff203abe6e

SHA256
10cd4360c11e2cd54fa440a1b05892fe836be552c71b59c7258d086f1e95719f

SHA512
bea8d69dc25ff58b0b476b83d4a2386a2a114d63f3c798a30693a7c856b93a6c688ab70725b3aeefe8213cfd8b145c70a1d0034abcd77ceb5b0306fbdcf55f7d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
78bd91d2537cf0e61e5e50a5372d3452

SHA1
a139484b49ad9ff9afa4c3a311fae3aace6a702e

SHA256
0b85a3dc31d93e17605d6b4fec5f633135ebe7e0adf81563fa1f5476353721b0

SHA512
6485900ddc01c92f444c3d025e6e88412b09cf52aa073c87e8b0b4019e3b93f780cf0e35e782d198d4900ce798a20236bea62f02d5d64de06859f5bcc51e60e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a4241140d5b565f84c76b40adde180ba

SHA1
5d713375f9e09bd13751367900aa1c885df9928f

SHA256
55a35c90cc0bc1d6237d4c92a118d0e32e03e0b5dca2f9457038ba513e44f3ba

SHA512
940a65f1eb42149231a359c59de917fafc0a94793c98f67a911570d007eaef21a57d2dc0f30b676dde2824a1232414459fa364a4a90dbfd2c6b6c52bed6ba7d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
7cb12ec599056593083d03cf25c16c49

SHA1
e302960c43f36f8a44ca707b195d7e16503f4a91

SHA256
0498a4a2bb990ac82b68015b03a07bc91b3d5b1f6c45f628a54d80467749b1a4

SHA512
90587b52e50e7f2919fed52f25a38ddfc7bc7b35fae2036fbbb51dd562637cf2e878a0de0b765d613d86140d698e069363d94ce064870c80ad5ae563fd634e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
85d12ed7a1d88e0779eee48a75e9c8de

SHA1
3bdbdab6961cc4d74e24c9c10f2f4ab409aa572b

SHA256
45dd6aa34fbf270d8e8405789afca147ed02dcea67b66a633b6a3eeb3186c1bd

SHA512
aa006fd24b4702612c52b6a9a0911255d7642866d3e9fd6a8607f59714d25b1440fc567e67302a4acbf83be8102f3b5571902ca30ce80c742d19f6fd3f17deb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
97a49c1f2131d4d03af1e53c074af51e

SHA1
642d2cf3e0d10ae04e9c505b694a6e712ac428a1

SHA256
6ea4646824087424427c8a25b20e12872db72a0ed91913a0dd1751e9ca4b3337

SHA512
a883d57d379c13f399d777067b6953e46a46d9c8323d175031783ee9bc0596b37a67131ed69f8163111c3cc3026c43eafa4b3b8ed0551b05cfd35de3bed3c799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9c3eb3ec738be82541932be2ce2e0bd0

SHA1
edc4936cc65825cd5c1675332d8282e226a57e79

SHA256
4487a94d446dea102ce6f804d749e85b8bca26066a175bd89faa4f675e3534fd

SHA512
8ccfe8a828ceff72d2ba300f7e4ad01c1e52a5d588d9255bfc53f1240af03e141351aeaf4d7cf421e1b86be181dc553cc30602d49facb6be7020584a8dad5e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
393243d375604df2451780b3971ffe91

SHA1
e9bdf04ce51aa07667b58b8eccf47a664b2b5232

SHA256
60f131738fb0e62a8ee5d5b868311e2284cf9d70c9eb100c9aa95a3a416f4a40

SHA512
abff31da8d27c0b574eda5af73af0d6aa52419e7d851650af1b03a65fe8353bf5d526b667938a2c22ba63c2dbe4bbd5b47a4af318e1fd290066411a50197b7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
972df78334ea4e01cd610b926ef22174

SHA1
10034850e2ab0e095155cd7461e7db90ffa64690

SHA256
9ddc34d13c4dc2ece74388d1d55bc24aa95eac4ff3d1754b3d9a8c2c742e3387

SHA512
9836901c88a2f93053a4f6a76f024e0ab5cf13e0b89c535ad8a9c20a051d5bc9207ffbf5ba51c637281e3cdd0efeebdf3b2f5230cc23d7e490945f3e7858bef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe743784dac4d7f83ea666c785cdafa3

SHA1
d7f91284e7ed5204eb7d09d3b47955bad10bee9a

SHA256
e5d7eb918ef093eb9eb7ce51b675037e37830cd500c73e890661ab0236a5a96a

SHA512
4f089ce54b8f334cffaaf3ea22753ca668138ba3756d5707b774eb4c512cb242440bb70ea525582771f01740d3825f98e4f4349bf6ba65fbb482b30267b105e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
f70f0acd6593533f943af8582b8b67e6

SHA1
ecf0d269c9dfa90868ac81fa5fdff0db9f7d4673

SHA256
86ec3acb5483b1dade832768a0bf46f1ca16a994bfb6c84683b676c591243f39

SHA512
7725080053e4ee153ffbce9091b4ac72f6f41058a8347e4c635bee637321632e2c560fa5f561ad991de0b46c919ead0061223d2555a8c12e3ae8afadde322e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8f150bb1fc8c3bb30428e4fc66275f1

SHA1
acd18787cc82e6a5c60d2a82f0a96a58fd86f68a

SHA256
edbee11d030dcc94c18d0439685b7f92c18e6d1936be54d4b0ed7b844a91c08d

SHA512
2e1c207a26676a053e0165cb92a63be729097c65933c8c06ec034d4b61f003f4d97693b093f34a1366d6c9bdceeea9580c7999bbac8a535565349ba26141b705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0aec5eab7dcd1ffb48c90b153dc4d39e

SHA1
e6459ae049c8b0d9f8cf559a7e5b45ff157159f8

SHA256
3ec26ccdb14754c21f87c872e3700b3c98ace91a3252cfd1d66b09ee43b24cca

SHA512
9f9e426d645b48fa8c3b7a6fa93bc6912f50cf6caab9364de028d9d29babeccd4e77430764b2779f22d7b242c6360dc79fbd7698b57824e4d9d1f271e0897e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab9bc46eaa430fc8cfd371cc37df2b1e

SHA1
5c570666ee912f986f40f6aab19d63c73db04acf

SHA256
6bf61606fcd35e9fd67a909d8a0df5ca2840bd1530cc5accd86c0c96a60308aa

SHA512
6b0fdd900eb9c2fe2d0536d8290a1dfda33eb3a8dfb4ef99cb76688d3adb6afdfddf407621b4946d81e7756a3ac3339cfdb845ee23c6a6996d06199f0140347d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82ac711807f4a15b85c8350fcea2dafb

SHA1
fac864f97b353a30e98b36c0c603dfeefefdd07d

SHA256
e5fc782bfb5bf16579d4de9a478f70d10a67176638b1d547bf6b954f958cfc1f

SHA512
ffb3ca3d724bdbdf56f2464e3d2dc41030efc660e5c5a81af02c314c1cc1ff30721555340029adab8e8166fa2130da061d8cfb6c37ea84e6239ff373e174a0ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89281e93706c939be910a7d50c113faa

SHA1
09484a66ff55d60fb34f5a87717393aed657d2d2

SHA256
b934a386fdafa0134b51c61834411f5685754cdf3e4c2b2888b114c1f0863796

SHA512
16b8c22e9970f3004091ca5a1cc62330e6841857fdc1c9beb6b89f1b6b23c9b70d4f1636e38c8f06ddec8cb243d671e05cdc898ef3673446594f5cc75a414ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
19f1e48aa0f6095dffc1350c7a0120c7

SHA1
cd321e0482559a840a678845809d139c183975c0

SHA256
e2282a44bba52fa7fef178b6197c76f9f79870d6d92cb736d8fec7e0f1bb3ae2

SHA512
a05322e022c74cce7ec4fe7edc0e2ae82a153d236950d60dc4ca7d19067458168f151a785acdc7de4f4e326849463768b0f4989fe8bf1380401919c7fcf978ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55aba827a9b343cceee47d1e94e751dd

SHA1
441632bd7aabf84e0377709a9d6a6c7863f793f6

SHA256
0a2b1687c1e6debbdf632285c220e9c46d63c0c3cffc9f524fe9e32946bb8724

SHA512
653e9a1e6f1e54d7668a05e0af8dc9aab6a158b9e5aa39d15d6d40744befebfaa5a3a6b313ef76900413cb30c2867c27e6fd79e6f3c958c7b773f4fda6685e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
debf169c994967dfaaf9bfcd4569890c

SHA1
4dae36137193d5de2225f729957121f92ab23839

SHA256
3598e977d89f2810b150b754b30a244e4d8676df747bc59b36ec5230d269517c

SHA512
3f532a92318b6a799c892b75be2c7d99d47e5253e8c00f51bb71823fe3504307fc951495980e7a3386d3ae032befbc97df69a92ea03b894893e7a279520a11e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b675885b9af8d85b4bb9b8d96118c8a

SHA1
e68f806c6cae239ead4e5571bbd00bc622d5f642

SHA256
9ef00685dd48b40652f3561c6bbaba0843042a2cb40b8e3122582007ffa1063a

SHA512
a8867f898a66c7d40295f2e3c8c630c3be1fde18b69cf84a5f0423958922f1ad459221e9ded52a790e21c204f6d4613fd19e7074414bc25b9237a33522a32829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa8a72e1f22e0d67f61efff21de5099d

SHA1
505dfabace87a3047791ebb53dd22a9e30bed0d2

SHA256
55d10ac1b0beb1e8b749dec561c3cea3b93b3f185525820e992dc2817dc1981b

SHA512
3c71bed8d2b21793cfb2062906292dfeafe75a5434a4e3f2e113f98a2bb2b8ab17660bfbea29e82a8572096abeba2bfcdbef977100da403b967f2d9f27f98883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e7b679e443fa4a44340069f05233b8c

SHA1
9b03c34e67ca8f8ae0f121db5ae64b8fe20bd519

SHA256
c8ee115affb7470355dca42b3da4f68787f1b79ba8721852fd67ca844f472f07

SHA512
565adcce71f33fff1715d7d57dfe5d8b3e8ce3db34f31a1e957b868e11f906c6ad9283eb4ebb9f13407f2d879565c8a13d02e98772b198cd159949071699e235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83a3d57355986dd5ec57d1d170a664c2

SHA1
60dd008e0a50333fe4059495c02d99c18f5e0be3

SHA256
be6fe44ca057a57a604e847df3fe9872dc23c8a3ef4c49553b2e13d568e66bdf

SHA512
125124e86bb3ac2848d1c2e77ace6c96a97e8074df54119f7c7fea20fa349498d009e122b110f498f2d3d5e47a7d985c030979dfc7cee0a0af38f2c98b81d61d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3bdaf6ae99b7de3efa714330e840a7ee

SHA1
d0aa2d155fd94a035479432d1edc1f8a48ee4b3b

SHA256
ef0502f8734680a82f654187ebd28c72fdd3ff57d0b28154084d31f88df3de4d

SHA512
07f2431fe3bfe47ae8df53aecddb1471d0641f07e63f0084b6d5d1126641dcd32e482201b0282bfd824960f1d384161e63c3233d225972ca1bb2434816c717e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
491af80ec2c7fa3ce92ec1a033e0e6db

SHA1
0887d8c6007a2658ad52c5604e2eee0d2be8ec86

SHA256
673f65082069cc4b23c6052d63e8db9db740f19cc9da8f9c318228ad8509a3cb

SHA512
23ce6b4f583c506cfe7faccc9f7105c20115f74988d7700f9769333bdc3c5779c0b4699b07024787d338e0ccaf4dd79046b8b654b40094aafffa8c98310914c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4144510abd073f8bb5a78887b42601ad

SHA1
f990c4056b62a800e84582b65689a96c310de9dc

SHA256
f52c0fecc32d7bde178e35ae36fa694ee0c5f969923532ea6c5119bd97b606f8

SHA512
3e1e1bb25e0f532f6cac4c65d272357a179889281d2f06dfb942c59b340aa019e8f84df3083eedb0c2b3190a9b623212fb624a9c230d04fef1468375049d4dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e532520a45ed25f2fad283f5eb70b519

SHA1
6a02550a8c2a06635cd39852a53d5ff125a4eff1

SHA256
380649dbce92842356f4f71c8f851083e1c2bc92bb5f3eb58190b125f935af6f

SHA512
cb20770f17e5abbb4cfd8d53dd37be2224177335601ca8479287dcd51f57234c8900c5b57b8aa3395f6631f4e04f424abe64d3a9ec164b4fd91a3ac9becc2643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
676d043c92175105befcf27d386e9078

SHA1
77dd029361e6132620680297807f86ceabb3648e

SHA256
4fbd54bf932ee9f167f98938f04272410bbc8e7bdf088b06bc471cf9dc569fb1

SHA512
d9e3b7477e569c28bb35726f0aa66b79f02a0f2be8ed50467642ba19f362b7475f4baaf2b78c08eb4a1dbe655df5092bd74b11833feff9afd87e797afdb0d59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9fb2d2d463d38ae6d78eda0f9cf5f523

SHA1
f5deacd4699803d4f5dbd84d71e5aaa35be20597

SHA256
64197efb0be42ce4f664b6e8eda92dcb9ed30200c8f7491730a3972b866335e9

SHA512
4d6a8051a6ac1b3168e1b33ec3fd55e4ff0acc99ba2e2de65315ab9cf7131088330bf160d30e05e03d545cdd7ddec9491defb8a1a20ece9d979c9a0d2a2a5ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1118ae21810bd3c93b30720a92a220ec

SHA1
eee615a5d5858a0a24e9f8f497185983eb32b3dd

SHA256
a6dff2d848b06674a75452649156f781bf45ab36c90d47ccda05e7cad0141341

SHA512
6f09f64591fe0590dc4ab9d64f786dbddc8c0d3485f13cd1b5f10a3f94dd3c24da376562ca29b0e8a4c6a8429a830c8b33c2eb0c7fbecd486a59662fba74afc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
6055116da50beef7fc213d2702595970

SHA1
182cddc3cee1bbc3f6dba83797c1f4b7368cba00

SHA256
ea14a9d66b618e17b0f41a6bb637504862047defd269ea825f3a5a198c384646

SHA512
c6284e91856f8e75c3b934b994464bf6b081038a190bc02971c801b372b9d2f86538d55faa1055dae430ffd11d40190fd90eb9fc125b2189993bc0ae37a99fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d79b5a7cfaf39bd78433ef2c5b0ce236

SHA1
eacc4a840846f629aa0e5edd7ebcea2993d12ea1

SHA256
98c69299ff4062a3893929fb173f223e2ef379c636c6d3a38e995eb24ebfff5a

SHA512
db1515a75ca567cbd4a0b682d1389194eaaab93192ac2eca2edbba1475dd5acab18641767b717f45c66d78f417e69fb3e14f41fc948d4170959fb6bc660c387c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
91eecfbee0ed514517ea2554f8660eb9

SHA1
c03c57c91fb761c4c110c902a2a633706e5f3d7b

SHA256
88501c69f82169a8fb3ec3b21b41da610859213b1a5f2d6b48c1404205baf52c

SHA512
272a0be6e9421f294f43c6cd549a619ce08d60f683f339b88786579f78b7a999ef7b8596bc4aa63aeba9b5c6f3e2717b6e31609db163a347026a7c73f4578098

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Base\helpandsecurity\control.xml.bin

Filesize
245B

MD5
15749b323907af53fbd61ea1ad87591e

SHA1
69f7c3f3b6559b7cac9f53a61b489ba69ec41b35

SHA256
a124bcad287347934cc2e492cca30cc91bf482945701649f50571ae0da672c53

SHA512
16c4ae8237f29ec114167fe0c7a81ce04bc321a892e49d393a1d25e2e04d1a1601ad4e6a4f015575269c60e625985bfbc70d5cecfd466280017d2f5e095912a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Base\helpandsecurity\control.xml.bin.sig

Filesize
18B

MD5
474e879e9d293652956db4009a966119

SHA1
c616fd13a382d8c40e0545467cdf85d4df3d3748

SHA256
ef0358b1eb7066d5365e54322bd9311a7bee236d1a2199b94489a8583950c9bc

SHA512
1439d0c168f7c67e1fb57b8dea13255abcbd1722617491ab137468a34670c8e526f1918e0c9dafd90f0a365503052e547a5d4fb9f1202222ad4a52f2520e9e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Purchase\RegConnectCheck\control.xml.bin

Filesize
264B

MD5
2a923ee9d528f12b5dc45e13461cad41

SHA1
78f33b4563612ed1191330a0b24c79240bde3da4

SHA256
4d36ad4733b7fe70927a4f83018e952d35cd183d0c77a8ee852e5b9e3343deb7

SHA512
966c777da6f84993f6da75455354488e44fcc2381d33464093846cf1c9b595e5bc3d1ddf5731bbd4430775a01d7b55fc2badec95891ea6be1c4907fa23ef6019

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Purchase\RegConnectCheck\control.xml.bin.sig

Filesize
18B

MD5
adb46bc057a3a1b9c9c71d44501494b5

SHA1
ed5f502f0a57ebaae2403bbb5f13907f7ed015ee

SHA256
016a0cdae2181a03ba11a5de2541ef57aa2e50e594f00dc24fbfd6fb6c6095fc

SHA512
da0a753a414fa933a194a9c9197a70deb3f11e0f6ebbb0845ec80e939afb45de831b8eb33a1027e6b0cef50511dce0c130a59064c8dd3c1410c5ead641073832

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Purchase\_common_assets\images\registration\btn_continue_.gif

Filesize
1KB

MD5
943ebee2eee206a8b78b94b8eebbd787

SHA1
763bd6e31da674023c76b47ed8e830da608a113d

SHA256
5c408618910f1a45d4d4eb99e4db689fd83b7d91a58a51c6a727dcd2aaeb34c4

SHA512
3076bfba41a09c0d6634b1c4944b08fc405f0560653136d045f69f27cf22903732be6314cfbb5a0a2632297633592ced52a6d0d7f62e93cea1657802a922269b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec_over_.gif

Filesize
384B

MD5
532f97e275e13e300b16bfce03d95f3a

SHA1
313f09908a4d500ec97a8d4457de4a9c00ea74ee

SHA256
e330472c8818ab5a162119e177242ead71f327f6216909e7a8106eb8efb768b8

SHA512
74281f32eb55d4cd9e8ba2d6914cc76d25a3879f9a46bafdbb26e55fe0e9662dab7074eac76c805ce183e7d129e2b24964e7148c9163087d12ebc0233e3a0c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\Purchase\_common_assets\images\registration\btn_receipt_down_.gif

Filesize
1KB

MD5
0468c709871f327e9e2b09c27af67492

SHA1
f6ffd7d23b0abf0ed382d324c01c9da80bd6240d

SHA256
a5a1ace79256acb058340f59a69f2b204e84b537ceaad263feaa7ab60dac5567

SHA512
55ab16dc2763b9f271a5e3cae1b56f275bbeb4dd101bb52c32dfd6b92637bdd2aad00aca4400f347ba6221170fe2281eb455e92bafbd4d3224cd4b3df6973c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\UpdateUI\UpdateDownloadedDialog\control.xml.bin

Filesize
152B

MD5
77afed255943906ce257619da19faf69

SHA1
05d2622a8bb9df268642ec91c107d1b2ad751c95

SHA256
18e70d21e7889825f7b96cf0ad16bb36e1655071f33681b62ca36871dbca1423

SHA512
436712bea120d3cc0994ccf595d94a5c6fc9212e9c44338968d4bc338ea1ebcc6f59d78a2ea06b691bb0779d37c486d84087e882fbfde9c82e2b5c5f0426575a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\UpdateUI\UpdateDownloadedDialog\control.xml.bin.sig

Filesize
18B

MD5
df419d399e266313db1e750e01180bf4

SHA1
68bc1bd79fc47eb8820f4ba7caa59806adc78433

SHA256
64da338a15c592da0b29a4b95f360b502cd675462a0c20c039e8e59723c83176

SHA512
e8338cf3c461abe867e2e043fcfa2050130ed29944aea2fec567e5e0cf974eedca0ce4efaa1a38d4bd8be4a124ba5163ada3f1755fbeb9f3736439c4d515dacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install2_.gif

Filesize
1KB

MD5
c2b937529c9d396b44712e7c46486647

SHA1
e7d7cd98a781061043733bb49ac8fc4fb57ffafc

SHA256
645a2c10db121c433a0b1a0824a3e61f9a6a5e8c55f0121ddc65e1dc0c3652c7

SHA512
05d1b3ab89ff448da3158c2c709bbb2982506c232341cdc5ed3afd4c4d8aef72ab4faf824f9cf777e894a8bc07b7b8782739bc3d655d56375055c8eb9c5504a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8C4C485A\PVZ reparado y sin contraseña\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks2_.gif

Filesize
1KB

MD5
2e801db3ba631a78ed984500b4e5092c

SHA1
8e6e1b573eeff6eefe90e061b2a49972d73464e9

SHA256
bf694ec9c86eaa191e3664fe06888475e67ddc6478c1a30d6ce4a115cc38f09e

SHA512
4f7ede1a8031dec593c02284bfd4e5a137288e2ccc145d5cbd45dfca0253d9772dd48eb51c164f0490f01a2cc33d077f87a56d7757675f09ed59bf585d42a3f2

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\DynamicContentLib.dll

Filesize
199KB

MD5
645b5d571f15b6a32a8c1f686e8ce6e3

SHA1
196e309a4d922af8e5c566378f21948bd28a9bda

SHA256
87df15bf2c082a9fbe7c09c6fe7edeb7bc33dab9ab8f784d24adf0e8b4892e00

SHA512
bf23237277019ee2cca4f072a6ea63eb392e22394a529cc8bdbc8a0a5beb7652fa5924e8cd07817728c3c3cae2bdbdff02a06350beb331ab937aba7c67c04c4a

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\PlantsVsZombies.exe

Filesize
1.5MB

MD5
7802660072c9277297d94ca474ea56ef

SHA1
1735d735e1e78ceeef6520994198bc8c84423e7a

SHA256
6a3de84b7e3b52548c6a98c1f912cc5b001e3040855132de0a53fc6e556260c7

SHA512
9d93f1bb5f430c4ce95d47edaff3338d64366d7109d8af03649f4a46e8090b0d06ce0f172895570d7ed13ffb06d9d5def093e348b768169669b306a4f8f3ce44

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\XLayout.dll

Filesize
673KB

MD5
5656daa6804556e633bf95c14d7ac7bb

SHA1
09ec2de7e72d3b0962876cd70459178020f59746

SHA256
c74c930cc24e1ae3418aad7cb2df5df87bad37f4f59aa3bdc03733e883783f3a

SHA512
6b2b4ae2d68877dd102ce04e3ae2c0d1fadf321a966e6da9ea27e912f3b5d8ed1ceb93303a6c28052728045b971c277a32cf6f76ccfeb3add54a313f36f66923

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm.xml.bin

Filesize
1KB

MD5
abe285f1ea7e6a51b1b2d47c255aa591

SHA1
1a08644874027afc6a02a5935af55b342f3bcf94

SHA256
7ac0b890940e7de89dea1cca3e01a276f9c2df13e94be81486a766fb3e1a5fb8

SHA512
918fcb25f891393c7b958ae3f88b0148fc87fd2d54f0b80feff7628be532bdcce512a597a9fb81a04af696ab9bf0475a3fdc7e95cd11c0e831ee05a8b87688e1

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm.xml.bin.sig

Filesize
18B

MD5
760588930cf1746010f973ad7a4ef6af

SHA1
4a66ab8b57704854a1686e87c29d9fd98d234c98

SHA256
ab05ee954b5f0ffa9547f9aa1c5dbdd45eba771454472e2381ab3634a3fd7f86

SHA512
d79bc6068aaf35fac49cd9abdcf0bab5ea8dc7a258491eeda9fbdc8375b032d82963bf09c685387804612fb7bd6720a8631bfeac4846b10f988c06cd0eca5e5f

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\allscreens\layout.xml.bin

Filesize
725B

MD5
fc8526ea2025ad618ebb5d604e14a643

SHA1
e0b46bc8b8324b2e7fbbbd7a472f0eac15269e93

SHA256
f99fa7733e786376dd6949e05cd518e78de05aeee366426f4d2b051d456ed78b

SHA512
39d04ad031481574cee56ccfe9b57c4ede89ae2140d1d2aedbbd7dcc1d400b18fc61282ff1cb5c3acb798bb9a2a4858f1f09a5e7d19a2ff76dfb24237fcabacf

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\allscreens\layout.xml.bin.sig

Filesize
18B

MD5
542ca928ab9284d3af9a201aa4341dda

SHA1
f42c4fe50053b65e2448c61524ddb687079b3e90

SHA256
f5fee384f623e9ef9dc223bde69988426c50260189cb57cb77fc1d838a1cab41

SHA512
9ae0ddaa8656be00402cf04f70b5e7ae6df171523164316aae0ef8bc4ebff1d2a98c4195243bbb742fb4399879f6340814fdc323b5bba5e1190f5d077c0e8c5c

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\allscreens\strings.xml.bin

Filesize
1KB

MD5
69b3a1830a9f951562bc2474fef66f0e

SHA1
9dda27a916aa65f9df6b41c20a07bf0925227966

SHA256
dd7564dfb391018ccd58f76990c552d2312b6a93ebdc358eb3a882aabcb44d6b

SHA512
0b754080acea06884074b568c4ff4b319cf2ae7b6c7de78b6891ce1e42218b550a6a5a6548b7cb0e771e7d9a8f16091c2e74472978ec1ffeb91d1a0e3193a73e

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\allscreens\strings.xml.bin.sig

Filesize
18B

MD5
8d87d30c46145fcf387d2dc59d0d5f4a

SHA1
3687cb1fafd0c7722b921dee930a717bce74c758

SHA256
d85ff8eb0022413a7d36077ad73221e179dfeb3c4e19b44079251eefcbe154b5

SHA512
20eb943431b10d03c5746afcb6a8cab584d131ec1e8934d9d58b5811c27b219111b353e8e079e6664f8a63684e7722bea6ad30e7426e7cf85c415d6193f116c2

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\LevelLockedCommonLayout.xml.bin

Filesize
472B

MD5
cee0d2a2202b6e396fdf4621e7780cd5

SHA1
0e76a1a20fd6335672c8f3aec6cdb9c4c835b831

SHA256
4bad49f61344cc058089a6e8f08be8b6b253e62ba40bcb3d0e2f5a6ab7a73c59

SHA512
8b2951664a07f474a04ed8db4fec0bb62623ff21adbb73e7a017086b1dd3b6aa789e5ff9882f2f75fd73bb482e950cd30f3b5617b21d37f9103be7b5de835cb7

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\LevelLockedCommonLayout.xml.bin.sig

Filesize
18B

MD5
85ebfeb042bcd3942593d6d4c878c3c6

SHA1
8b0cfaf589e713db3a12f551df3f867fee495792

SHA256
640596ea10f91bb8b48318a0e76aa17aa0285b19e6732c5030677dade7e580ba

SHA512
e74204f29296860548e3f8ddf6d642400e939815b8ed3efaf04f24ee88f5d73cfff1b6570e3451f87f6ed15336ad2498aae663c68ae4adf5d7b3b2e3f7841644

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\TimeTrialCommonLayout.xml.bin

Filesize
566B

MD5
0ab66f9e42b6bda5f45eee6104269167

SHA1
d6c650a9698e3fdd21bd329c6823f432e96aadfc

SHA256
90d394a0edc75604eaca9f1267710824f9fe26ca92ebbaf5f6ccd0a9f59206f7

SHA512
7730f26c1b0f1b81cc2540c73589ffc673ec16816895264958791cd9a0e30076774bafc7ef2b707954bb41e831128a9484acc2bcbe02df2e27acea3a108df43f

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\TimeTrialCommonLayout.xml.bin.sig

Filesize
18B

MD5
6a3779bec4e50c347d62b65161d1b617

SHA1
e61cb2fb36c99eb927cd66dda31a4f2b62f9a47f

SHA256
89e5e130a8b295c8046ed07fc5b06659fb568bcff7dea63b617927e47c4e1ca9

SHA512
50e9374e70270d82ae4d40180f876ade23e63c233ecfec02daf44e66913692cf281c6e9edca0c97426820c73f20fde629058afc33547cd8f9461b5500ebc410d

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\commonLayout.xml.bin

Filesize
1KB

MD5
08b3c9a8ab80286a17a8d522ce243496

SHA1
d0a7b297cecc8e2bc24cceefb44235bc8d97f907

SHA256
065598aa7a0526f99f096f2e762dff814b4a0e8f443c955688af2fe1cb4a9790

SHA512
707493220c2ddfa91e18e986866e9f1bd3ac20e07b66e6ca98d0fc0ad9336f119a7c310cac97f121fc58eab13ae05dd84339e7126afafe31cad211e8cbf9b43d

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\commonLayout.xml.bin.sig

Filesize
17B

MD5
27bebf4cd819a7fb17dab7cc7348b441

SHA1
ff0504c61f80c102480f095ff9ff2b319afe9230

SHA256
fb4a1aa1899f04028ad7c992d858709b29149d614f589322fc84142b88c173db

SHA512
64564d21b26f3f1fea8f5913414ed6e70208b9c32bd32dc4b7d93ea9a0cca0800b1df7072bfa00df04e450a650567f53b6e7f5b405cb3a49127a3f7cf1c199f0

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\control.xml.bin

Filesize
461B

MD5
66439b8314fee2b898b276e3c1a82638

SHA1
5ec68dba744753affd385da39746acdb372ac72c

SHA256
ef013239a12ba03c6dcab902b25aa17044380e76e209723842539215e1e87ab3

SHA512
a348213eb690d1767e8de03521224fe84b8f60607ea423761eedeca74eede5b7450ba6533452c110cbd8bbb45fe8ef799033d24cff3c0065e6db9c8ea8f808df

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\control.xml.bin.sig

Filesize
18B

MD5
f3d023194f43dbe4c6078a5135830ada

SHA1
a67fb373aaea56c01c69c0709a48cc7d1dc8e0b4

SHA256
10e1e9c50394ee2023a83e334def5da87d5d359dcd4a95eca8c33410d505aec4

SHA512
216d5d7a6b6de1841e012cc7dbeaf429f243364310ac34447e16e46aca4ba0fd41edd0019ade3e0cdee705c0e05981a4dbb4eca634239b997423da2bd7c8e99c

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\strings.xml.bin

Filesize
672B

MD5
a0c9953488c2b8feb85352c4587f5b9d

SHA1
bc445b20955fc8a3a617a50021efbd03d32a5f9a

SHA256
716e9bf947be41df6da60c25851ea5f467e64df88f6afe5f1a51a4498c807d19

SHA512
68b236b75a5d7b079ffa02dbcbca95398c58b4565298191da63a892b992be1dd8fb3097c5352a327ad3ab4253877892e850046d634c0ffd482ea17f77cecc4ab

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\common\strings.xml.bin.sig

Filesize
18B

MD5
7d9d719f49b44777f0bb7a1923f8bbe7

SHA1
ad068beeebecb4ace8e0619c5fef589acec2c4d8

SHA256
45bc9a603930c5be678cbfd449feb8d2ea5eab986763f163e0a9f33211c91344

SHA512
3dc79ec180e1e4d2ef0ead577a02d3fb1bd8a9505b811ed25c3f5b2be90ed1f27ff4cc404884bab4cab3fd97de80876adf11ca95659fc0ea13d7fa466857afae

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\esrb\EsrbLayout.xml.bin

Filesize
497B

MD5
31510061a66434dcf93b790bd879fd96

SHA1
1d4dabeda9c997e59c0cd6d582a15e12369d55d2

SHA256
fd21da4efdf7042a765331362bdd535d2a8c074033dacb98b2ba99b023ee0bbb

SHA512
16d55350d868418c3d3680289e4c57d04da2eb1c6fa17e52fe697cc2469df7d343f2e5dbaaafb338ee1a3122e3216d4135a639d79a1f4d17398c43ee81858a3f

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\esrb\EsrbLayout.xml.bin.sig

Filesize
18B

MD5
c7e4e08378c3cd92b30e787d41aacc34

SHA1
51f161215b939690a697fab6be3382c288b51728

SHA256
89d5b784b8940bbea59e8000dc9332fd493bb93f379cef0aea3ae3ab4de3ef0f

SHA512
55f17c21e7512ab8271f8c7a440ce02cc7407e7e018d17a4117124c7fc594ca970c99a68047cef5be2e877e18a0dda90ca7c7bd4317e755691f2c66abe1efd87

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\esrb\EsrbWithDescriptorsLayout.xml.bin

Filesize
883B

MD5
c5eb0e742760c9203bc45d2ba2f2c692

SHA1
244550752003ec26b35f2ed790c7f3dfdce9d30c

SHA256
f9e22b533cd4519aee8aa681d8b96c1ef21c21cd81601ca91eb5722012cdaecc

SHA512
b2f0ae8bb83b86663a2d329fd6423a879ec5ded012184020bbebd5827a6533277469b72612c6729319f2a101cf6cc62c4bce0ce5c9f5c707fc940a0c90096496

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\esrb\EsrbWithDescriptorsLayout.xml.bin.sig

Filesize
17B

MD5
d7274bcbe96a94c09317217d6ee52285

SHA1
28e61bb1061e722617005d42b16120ac31587e2f

SHA256
61fcd4f5d7d768981b452b511a97a322d1873d57cdffbc4e62d18fd8a29d40c4

SHA512
6f56fb5ad46b9c4ba0c5bdab63ec7f377b62ed5014436392e01e52424e4898cba7467db853b0a676c8a4f00f9cf286b5bf817d7f17d4710af434e05f4a88f5fa

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\esrb\control.xml.bin

Filesize
450B

MD5
99de230ec3b3ef5b8bfdd8d5e2f5f421

SHA1
f1ed2381034f297f2067431e47d9671304bf7360

SHA256
f314b6639f05f4b7e21db5d3b966a6ee0329803f92358abbdb3b8e4a4115affc

SHA512
3c4e4f099783ce5d6ca6693327859030af8875d1d2ecb57fa6459602c90a72a5a1e1ad34053da8131a8f780cca3960a0db77cf04b6b8998187a6abd41ef6fc1d

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\drm\content\Base\esrb\control.xml.bin.sig

Filesize
18B

MD5
aa7b8bef14045ba30b4912bf12431c7b

SHA1
df4943c336c95ecb650e64fbe52ed952e694e06f

SHA256
c4db1e7f4dc8c3a73ed712bcf5fd524536a6e72e6065a5307db78b66df016d8c

SHA512
7026a0c67ada786e60ba0bbfb81cc2944d16832b6732cc4666b60b798975adafdc74833118ff86d09023cce86326f8e668580c5690cbbc70bb8c980f3b69f4de

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\gameversion.xml.bin

Filesize
117B

MD5
c4e71d2f90ed9d2b366b35a3a10c1106

SHA1
dff0cf0013f65b225dc3aa418ada7bc41c8eaca7

SHA256
ed4407b626077683ee8d4be5adfd012e489c7a873c27d0df84b4237e3138090b

SHA512
f185e1ab42c5258d2de1becfc9d67e51405cc7f44c6cd05857345d2b0d5d684de208fe28ba75cc825049bac2bb00bd0902a622d6939df0d0706a9d42af21ddd2

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\gameversion.xml.bin.sig

Filesize
18B

MD5
51836164fdf7cc9a7197d37fe63c13eb

SHA1
4a6f1bcafed0e9d0a6e015a8eaabb06f7af6f184

SHA256
fff3adcbfee2158fc2d42830ea2a22c44930248c1a5a8af351c7f1fbc4d60097

SHA512
1b078f5e8887c5a41593a57c27d386c73ca8b51374def77eab382f5a0efab012399e77306f92b9384d01a8f0fad5ff5f8cb20606a162006e2621f02e61f04cef

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\properties\partner.xml

Filesize
317B

MD5
4f41d7527d439fbda6a468d6abf41cd9

SHA1
563fcab775e5a1f5c05577f82e9594566c97b609

SHA256
69d1423cc849e3c4f231db6aa47038efc67bdea677ccee96200911720eadafc3

SHA512
e6cf09363a872a68acdeff2e5e79348e9f2c7bd663897a91d0f41457b71110333c13f4f92f72a406c2f545c92bd3d71def7c82cda4698a94edeaceba389c20cc

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\properties\partner.xml.sig2

Filesize
18B

MD5
ec947c116c2093408414bdc4adae7e85

SHA1
745c48b5b5183533c93bf926154583224e735cde

SHA256
5432fe4eb4bb110935a3ef05569ffb45f923168cc9d74aabf67e64492b90a513

SHA512
3cc66a2f83aca8b9d31a643593aa70a915515bd16a04312a70682c8c7d0f0c1f1d92bc7a993ff579bc4951871b18921f30c0806642aeee6f016863c675a11b60

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\systemversion.xml.bin

Filesize
120B

MD5
b3c4b983562a4e62df789db73cb57c97

SHA1
1e0d7b1d816a1c8f8f87f7de2243eb92d5c687bf

SHA256
901df3c9d0b2de11322c394cccb70ac931c3379a75fb2305aa8d8f7d3d4e7a1d

SHA512
b88c765da9b46b85637c784281e71170ad8a30abb8ceacc2497c3a6908c8bda0a1a199c49dc9356b59d229ad836900c814eaff27051895d088ae77029ed8033b

Download Submit
C:\Users\Admin\Desktop\PVZ reparado y sin contraseña\systemversion.xml.bin.sig

Filesize
18B

MD5
bb4bd575329a5acfc1f005e6d8c48eaa

SHA1
343742d9f5edc1553b5f1312eeaff30c60a1aacf

SHA256
35969e35d292f18337476ebb3f7eb155ecaf7d16a040a3e62b9308117bd923c1

SHA512
976c1dd64856391163365556a8d7c5d472ce4512f6313ad49953af933733c3b18b2304065301f32fbda8afe4d3019e429a8e07b42591c0794a0ba2f0a1476e07

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 979122.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\INF\display.PNF

Filesize
7KB

MD5
263a55133820c007c9f76877865d8c16

SHA1
60d9c82d572ae3b1d8973ac377f46394b927acc3

SHA256
9436af333fe7aab27eecc82dd5eb525afdbbd3a61e469268b0a7260223798820

SHA512
eec6b5a254012878ebc174800edecda02e1603a7c603c8f5a78f1f5eb7b7259d56fa78d3cbf5cb9b928adc2567645d2ed2d2a94b2a70f11fdacb953a1da991b8

Download Submit
memory/5420-2192-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2170-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2203-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2193-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2181-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2182-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2227-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2228-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2231-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2230-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2171-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2242-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2241-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2204-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2253-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2252-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2255-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2254-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2164-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2266-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2265-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2163-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2279-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2278-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-2165-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/5420-2286-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/5420-1971-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download