hxxps://drive[.]google[.]com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing

Score

7^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
3404	setup.tmp
3416	Vasyapersky.exe
3588	javaw.exe
872	MRT.exe

Loads dropped DLL 16 IoCs

pid	Process
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
3588	javaw.exe
872	MRT.exe
872	MRT.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	MRT.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\MRT\DAB93AF5-F03B-DDB8-E752-C0D91A56DA04\MPGEAR.DLL	MRT.exe
File created	C:\Windows\system32\MRT\DAB93AF5-F03B-DDB8-E752-C0D91A56DA04\MPENGINE.DLL	MRT.exe
File created	C:\Windows\system32\MRT\DAB93AF5-F03B-DDB8-E752-C0D91A56DA04\MRT\4F9D9BB8-DAE6-4F3C-B2B0-4C461C52C120\MpGearSupport_20241112_201424BF74DDC4-D31D-722A-AA18-D7321E5E533E.log	MRT.exe
File created	C:\Windows\system32\MRT\DAB93AF5-F03B-DDB8-E752-C0D91A56DA04\MRT\4F9D9BB8-DAE6-4F3C-B2B0-4C461C52C120\01db353f8a6cce5d	MRT.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\mrt.log	MRT.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vasyapersky.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javaw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759160007969598"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe\SupportedTypes	setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open\command\ = "\"C:\\Vasyaperskiy\\Vasyapersky.exe\" \"%1\""	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\Vasyapersky.exe\SupportedTypes	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32	MRT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp\DefaultIcon	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\DefaultIcon\ = "C:\\Vasyaperskiy\\Vasyapersky.exe,0"	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\shell\open\command	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp\ = "Vasyaperskiy File"	setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VasyaperskiyFile.myp	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.myp\OpenWithProgids	setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VasyaperskiyFile.myp\shell\open\command	setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Vasyapersky.exe\SupportedTypes\.myp	setup.tmp

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
3404	setup.tmp
3404	setup.tmp
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
872	MRT.exe
6280	chrome.exe
6280	chrome.exe
6280	chrome.exe
6280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
3404	setup.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3588	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 2828	4508	chrome.exe	85
PID 4508 wrote to memory of 2828	4508	chrome.exe	85
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 1952	4508	chrome.exe	86
PID 4508 wrote to memory of 4832	4508	chrome.exe	87
PID 4508 wrote to memory of 4832	4508	chrome.exe	87
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88
PID 4508 wrote to memory of 2288	4508	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1ETtWcUTwNzoWPdz0sU5eAlOAl4r1ww00/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3ac1cc40,0x7fff3ac1cc4c,0x7fff3ac1cc58
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4700,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5180,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,11645101592124961657,7789067838443234282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6280

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2364

C:\Users\Admin\Downloads\Vasyaperskiy\Vasyaperskiy\setup.exe
"C:\Users\Admin\Downloads\Vasyaperskiy\Vasyaperskiy\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4056
- C:\Users\Admin\AppData\Local\Temp\is-578T7.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-578T7.tmp\setup.tmp" /SL5="$20306,112694259,734720,C:\Users\Admin\Downloads\Vasyaperskiy\Vasyaperskiy\setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3404
- - C:\Vasyaperskiy\Vasyapersky.exe
    "C:\Vasyaperskiy\Vasyapersky.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3416
  - - C:\Vasyaperskiy\jre\bin\javaw.exe
      "C:\Vasyaperskiy\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar" org.develnext.jphp.ext.javafx.FXLauncher
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3588
    - - C:\Vasyaperskiy\MRT.exe
        
        C:\Vasyaperskiy\MRT.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Drops file in System32 directory
        Drops file in Windows directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3c1fa44eeb86e47ac9c1271e41c7c424

SHA1
759296332d11a44085930a75cee75b64995cdb07

SHA256
ccd2391c0406c7501cfdc93b898e09f9168cf82161b9b108ea504b9e4bfed310

SHA512
42928dbb2bd2d69172515607bd3050b1c4df72982d081f6dc944db53743f0b45df56b4f2f6306bdeadaacf9a6e790842757b93a90e645510e48d3856b46b6425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
33cb173f4ab6be2a335259145b756866

SHA1
78ab5cc9acd7c9476a2d586a8376b27b31bd23f7

SHA256
ed6639f3a3cf5f2efcf79261af94be535e577236f2cb13b84190daaa5a8c34bc

SHA512
626dd01650321920c543b5a104cba13696b85e09342d9528bf5bf15759f3187fffc77e666a53f0430d11e25a77423aa92add8bd7d473f82d8d9ee507e6e1aefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0e451bf5-bb99-4dcc-af3b-9c60a20143e2.tmp

Filesize
6KB

MD5
28f992c0ffcdfc1f6cd8c37c04b9762f

SHA1
b66ed62e7f44c8d84f91aeb16a31a72add54bb15

SHA256
8c04619563ec9084ccf5769c0efca0f7a936a9b0aa7afcc5321246c59b324175

SHA512
f34ef0665181b20ef96b04109b454fcd8cc5db8673af3edef60bd804d3b008f9d26c0f365302a2d66b422fff188f1eb2973082286018b0bee8887e914529648d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1047697eb921f1cacc1ca8cefc7ad8db

SHA1
598aa213891cbc89211655898c2666dd58b3f5e6

SHA256
08a920408d1155f16aba922391d3f2f06086f5cdd433d693ca072d70fb735dfd

SHA512
c0fff83d45f88031c8ad76013f603c6ba1f2e4ecd83f2f6a5e1cc3d169b181f375ad69979b3d686818efc0a7f81a8a0224ade8c16e4f21178a50387f7efc8254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e38200cd646973724abb0c9994f4cd11

SHA1
9a32c54d440bf438c9b2795b6ff5b69613be77c0

SHA256
a354d86c077a3c30b462804aff1a6d4be2bdbb773cf243fe91536c8080da5368

SHA512
5ac0ad1653efe3cf5a8a871ab672a860296eede952362465f1d5bbcf6e3320be91b86abbe868cacb2827bb2416c77e922d99f91a99d08fa492380105f44e12bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b50f32be7e99470d274332aba684f5eb

SHA1
89a08cb27ce9d96b4b6c6aafdf2fe494cca3cf53

SHA256
1714ca3046eb6f1e4613d9ff2e67f2eb77bad2cbf68126e1135648330b690e2a

SHA512
fbc3c9f6ab302b9b03ad7ab32225ebe67344a9b7c31fa7682bfe2025983f65f89269b83adf20e462e37ec157bda68034c74ef75e0df7d6ac17be14cb93a9ba3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f39ce1ae6fdf888f25d6d1bef2aac3c

SHA1
aa09232e9c5cb803020ca7e78663927a983f9732

SHA256
62cf33ea5433913d8ada0fde27756a5b1c11a4d83184e0600f455f85667f6a3f

SHA512
3e507fe9dc4676ca840a15cee70a0d1a04dc980a6cbb6ebe843cafb972c115be0329b8b7fe192fb4a14e2b3c8aa1758b2c54b52130999d8c8485c273fe81b7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
46c113786a3673ef2ff30d1d3751d744

SHA1
a28712464ec93a48dcda02ef16fda446ebde5960

SHA256
2630c9d122ae16ecb6e3fff62de6cd21867781418556149965e17974fe6420c9

SHA512
a4f8d058605b81c765b867b2b75fcf80af71f969ad546c5c234ec63d478d0282624f0dceb8d92667c97fc31e9c088a891e5e99e114819bb1e709fa32046acc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b014d8ef2869de686d349cecdd0cf000

SHA1
4bbe202909a09a0ef126b035be2a649e435f77d9

SHA256
420c5d0c0767e9e450cf7110da9feba275b52b5b9a98e55dd27f1da7e38b4ffa

SHA512
cca882d0c9d78b3666a2ad2b618096089fade74524b5b660b20cb64a5cef6cd149bf80fb044e8aeb87dd8751c2af2eeb10480a020e23a61579985d65972d2b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c93fb6f1bfdd198c17d7165891922fa3

SHA1
36d9b610c8e502e76241253229fd39f22c588082

SHA256
61fa4c4878449e65ea599c18282c96ff3ac22f6de13299e4be7ca22d39d8ca5d

SHA512
6c5a4cefb6cc7417550cf4664c8fec30319caf8e7308d98198022c1bf9f90b159986077bab13d478837908917ed475266c0499914c810edde69f57896b92f921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f440b468f7fab1909a59ca949bf3525

SHA1
a5f1388f0741d05bc81a9fb99ad412bea2c1126b

SHA256
6041b1f97fbcbba482e7382b5abcc480993fc1d930c259fab77dc44576dacdbc

SHA512
3265533429b2b650edac7630fd0cb49d6b4f756a1258b5125c1607a14f79afe09d67a10d32e89b536df83371bf8d8dfa64c69c56341a9cd2fe58bfd0dc7d9763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6a8035e7fb0a21f3cd7a99ef3fa8c95

SHA1
374ac37ce7d6b58ba44cb1009d7b7b6b4d530afe

SHA256
cb3782ad1595958abbdd648eebfd94ca4015a35ae4cd09e8959315d713dc6d2c

SHA512
2e15664586972d6fdcdf95938aff51de5e351c4072dcb46cc6f81b34dde6b03357101a38bf670f18c1e44ce74161b3bbfea467e52e85e7f85960ccf38300a782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aaa162cfa6a901bb13db675aa8f3c5b5

SHA1
f635c4831646394ff4aaa230e0ce65c92ed554a7

SHA256
fce00adfb1448fd1214b1d7afe692dad3fd66ad63c7816cc7c388959053a55e9

SHA512
eebd6b61d73b1c73c14f873e4987c85f9b8afb6c0259950d214947292abf9f1eb5d4d98b69edaa78deed650a18cb7605b2baa342a0a3ef657e8d5b0658001fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28058706a44e2cd8d07260fce013712d

SHA1
e5557f3827e927fd734f275059ffc8044aad766b

SHA256
bb1dfedd03e8ef4a1f458acd8efd94fb4c54e51dfd9f5b6a853c9a7167b761d9

SHA512
862e6b064ac58a3772c602b9f0dc8ba337f0ef19ff2a43b9cd582607ab382d7f44b423e1562ac516be7ceaffbb65f1188423593538362fe3540a9195695a5041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3791682e16420422eec3f5b6f2d5404

SHA1
25df48d128877128ba662ea2839b9a751c90ccd5

SHA256
2175d48e8a2830c4a99e929336a1db3a3757b2f0afdc9c81a40fa5af8e897919

SHA512
81423b28aeb1801699e7db8c7d646c75bcdd69b44d835e9ed124dcdac0f4d7b1a9400422d5173c1e8312d2005091109ffd2fcf0d684d5bc8ffaa33cb7e0b02a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2310e3e9484f1e4e18bc2c6ff8a2af77

SHA1
f4df8498e8bf3b98334e5c2d0804df6289295312

SHA256
20c61e69ae7a1b7442d42ccec415a037eb02861472bc3f8ee42a96f00d4a6969

SHA512
e16c320ccbb784a2e42bf896a39b75b70758173cc98c04fe3ed36ba22c3c52a5ef7f22e0a45267975590ed440d564dc7f9a0f2b329230273e3462a04aaa2e5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d5570f8dfce723093377baa02bdea2a8

SHA1
0a783258106813ec8ff729a702380dd9d16a3636

SHA256
101119360cd6cabbf40ece15312f715e63cca4b0df7fecc4b0c2bb59525fcbc0

SHA512
fb92d4a8546d7653a08fa5ad278a472af9922ca73b49b844b38cbc7d0e5d2ac4cbdf7c4dabf8396a49cf9a52f4d773aa427d763f73921bbe284d8474c3505211

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-578T7.tmp\setup.tmp

Filesize
2.9MB

MD5
0191d1072d7701a28ec036b930c6d5fd

SHA1
8e1c191c0515278cac4a3d18633cbeb531380c37

SHA256
5e04270116cfb9f0b34679ce0be1d13369660b57bc9c11c37be0d620db5a2242

SHA512
652e7518ecb610102d603e733ce27a9b48d1ab1ee75203506972ad3b24e17b0ad2c9fbe3e679beb0f894640fdc65279bb9f7a2301724c800025e7d1bf6925e35

Download Submit
C:\Vasyaperskiy\Vasyapersky.exe

Filesize
46KB

MD5
7b9aea8cfc0ea6217e62ba01dd570454

SHA1
a4226bb5b300ee85f5cc3fc4ee321ffb9db107f6

SHA256
44fce6313ca9fd107a616771bd96699c944dbb02b75aba0e764f92822ba05c8e

SHA512
188e2d3152dc578c0d30ad242271e58001b337a8cbf23247e06086a72de2b117129367343f7ae25271f54d9691be9152b27108c2afcdf893f67b4e83449f061f

Download Submit
C:\Vasyaperskiy\jre\bin\awt.dll

Filesize
1.1MB

MD5
159ccf1200c422ced5407fed35f7e37d

SHA1
177a216b71c9902e254c0a9908fcb46e8d5801a9

SHA256
30eb581c99c8bcbc54012aa5e6084b6ef4fcee5d9968e9cc51f5734449e1ff49

SHA512
ab3f4e3851313391b5b8055e4d526963c38c4403fa74fb70750cc6a2d5108e63a0e600978fa14a7201c48e1afd718a1c6823d091c90d77b17562b7a4c8c40365

Download Submit
C:\Vasyaperskiy\jre\bin\client\jvm.dll

Filesize
3.7MB

MD5
39c302fe0781e5af6d007e55f509606a

SHA1
23690a52e8c6578de6a7980bb78aae69d0f31780

SHA256
b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc

SHA512
67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77

Download Submit
C:\Vasyaperskiy\jre\bin\glass.dll

Filesize
196KB

MD5
434cbb561d7f326bbeffa2271ecc1446

SHA1
3d9639f6da2bc8ac5a536c150474b659d0177207

SHA256
1edd9022c10c27bbba2ad843310458edaead37a9767c6fc8fddaaf1adfcbc143

SHA512
9e37b985ecf0b2fef262f183c1cd26d437c8c7be97aa4ec4cd8c75c044336cc69a56a4614ea6d33dc252fe0da8e1bbadc193ff61b87be5dce6610525f321b6dc

Download Submit
C:\Vasyaperskiy\jre\bin\java.dll

Filesize
123KB

MD5
73bd0b62b158c5a8d0ce92064600620d

SHA1
63c74250c17f75fe6356b649c484ad5936c3e871

SHA256
e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30

SHA512
eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f

Download Submit
C:\Vasyaperskiy\jre\bin\javafx_font.dll

Filesize
56KB

MD5
aeada06201bb8f5416d5f934aaa29c87

SHA1
35bb59febe946fb869e5da6500ab3c32985d3930

SHA256
f8f0b1e283fd94bd87abca162e41afb36da219386b87b0f6a7e880e99073bda3

SHA512
89bad9d1115d030b98e49469275872fff52d8e394fe3f240282696cf31bccf0b87ff5a0e9a697a05befcfe9b24772d65ed73c5dbd168eed111700caad5808a78

Download Submit
C:\Vasyaperskiy\jre\bin\javaw.exe

Filesize
187KB

MD5
48c96771106dbdd5d42bba3772e4b414

SHA1
e84749b99eb491e40a62ed2e92e4d7a790d09273

SHA256
a96d26428942065411b1b32811afd4c5557c21f1d9430f3696aa2ba4c4ac5f22

SHA512
9f891c787eb8ceed30a4e16d8e54208fa9b19f72eeec55b9f12d30dc8b63e5a798a16b1ccc8cea3e986191822c4d37aedb556e534d2eb24e4a02259555d56a2c

Download Submit
C:\Vasyaperskiy\jre\bin\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Vasyaperskiy\jre\bin\msvcr100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Vasyaperskiy\jre\bin\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Vasyaperskiy\jre\bin\net.dll

Filesize
78KB

MD5
691b937a898271ee2cffab20518b310b

SHA1
abedfcd32c3022326bc593ab392dea433fcf667c

SHA256
2f5f1199d277850a009458edb5202688c26dd993f68fe86ca1b946dc74a36d61

SHA512
1c09f4e35a75b336170f64b5c7254a51461dc1997b5862b62208063c6cf84a7cb2d66a67e947cbbf27e1cf34ccd68ba4e91c71c236104070ef3beb85570213ec

Download Submit
C:\Vasyaperskiy\jre\bin\nio.dll

Filesize
50KB

MD5
95edb3cb2e2333c146a4dd489ce67cbd

SHA1
79013586a6e65e2e1f80e5caf9e2aa15b7363f9a

SHA256
96cf590bddfd90086476e012d9f48a9a696efc054852ef626b43d6d62e72af31

SHA512
ab671f1bce915d748ee49518cc2a666a2715b329cab4ab8f6b9a975c99c146bb095f7a4284cd2aaf4a5b4fcf4f939f54853af3b3acc4205f89ed2ba8a33bb553

Download Submit
C:\Vasyaperskiy\jre\bin\prism_d3d.dll

Filesize
113KB

MD5
5aadadf700c7771f208dda7ce60de120

SHA1
e9cf7e7d1790dc63a58106c416944fd6717363a5

SHA256
89dac9792c884b70055566564aa12a8626c3aa127a89303730e66aba3c045f79

SHA512
624431a908c2a835f980391a869623ee1fa1f5a1a41f3ee08040e6395b8c11734f76fe401c4b9415f2055e46f60a7f9f2ac0a674604e5743ab8301dbadf279f2

Download Submit
C:\Vasyaperskiy\jre\bin\verify.dll

Filesize
38KB

MD5
de2167a880207bbf7464bcd1f8bc8657

SHA1
0ff7a5ea29c0364a1162a090dffc13d29bc3d3c7

SHA256
fd856ea783ad60215ce2f920fcb6bb4e416562d3c037c06d047f1ec103cd10b3

SHA512
bb83377c5cff6117cec6fbadf6d40989ce1ee3f37e4ceba17562a59ea903d8962091146e2aa5cc44cfdddf280da7928001eea98abf0c0942d69819b2433f1322

Download Submit
C:\Vasyaperskiy\jre\bin\zip.dll

Filesize
68KB

MD5
cb99b83bbc19cd0e1c2ec6031d0a80bc

SHA1
927e1e24fd19f9ca8b5191ef3cc746b74ab68bcd

SHA256
68148243e3a03a3a1aaf4637f054993cb174c04f6bd77894fe84d74af5833bec

SHA512
29c4978fa56f15025355ce26a52bdf8197b8d8073a441425df3dfc93c7d80d36755cc05b6485dd2e1f168df2941315f883960b81368e742c4ea8e69dd82fa2ba

Download Submit
C:\Vasyaperskiy\jre\lib\accessibility.properties

Filesize
155B

MD5
9e5e954bc0e625a69a0a430e80dcf724

SHA1
c29c1f37a2148b50a343db1a4aa9eb0512f80749

SHA256
a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e

SHA512
18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67

Download Submit
C:\Vasyaperskiy\jre\lib\currency.data

Filesize
4KB

MD5
f6258230b51220609a60aa6ba70d68f3

SHA1
b5b95dd1ddcd3a433db14976e3b7f92664043536

SHA256
22458853da2415f7775652a7f57bb6665f83a9ae9fb8bd3cf05e29aac24c8441

SHA512
b2dfcfdebf9596f2bb05f021a24335f1eb2a094dca02b2d7dd1b7c871d5eecda7d50da7943b9f85edb5e92d9be6b6adfd24673ce816df3960e4d68c7f894563f

Download Submit
C:\Vasyaperskiy\jre\lib\ext\jfxrt.jar

Filesize
17.3MB

MD5
042b3675517d6a637b95014523b1fd7d

SHA1
82161caf5f0a4112686e4889a9e207c7ba62a880

SHA256
a570f20f8410f9b1b7e093957bf0ae53cae4731afaea624339aa2a897a635f22

SHA512
7672d0b50a92e854d3bd3724d01084cc10a90678b768e9a627baf761993e56a0c6c62c19155649fe9a8ceeabf845d86cbbb606554872ae789018a8b66e5a2b35

Download Submit
C:\Vasyaperskiy\jre\lib\ext\meta-index

Filesize
1KB

MD5
77abe2551c7a5931b70f78962ac5a3c7

SHA1
a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc

SHA256
c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4

SHA512
9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935

Download Submit
C:\Vasyaperskiy\jre\lib\i386\jvm.cfg

Filesize
657B

MD5
9fd47c1a487b79a12e90e7506469477b

SHA1
7814df0ff2ea1827c75dcd73844ca7f025998cc6

SHA256
a73aea3074360cf62adedc0c82bc9c0c36c6a777c70da6c544d0fba7b2d8529e

SHA512
97b9d4c68ac4b534f86efa9af947763ee61aee6086581d96cbf7b3dbd6fd5d9db4b4d16772dce6f347b44085cef8a6ea3bfd3b84fbd9d4ef763cef39255fbce3

Download Submit
C:\Vasyaperskiy\jre\lib\images\cursors\is-GTESD.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Vasyaperskiy\jre\lib\jsse.jar

Filesize
619KB

MD5
fd1434c81219c385f30b07e33cef9f30

SHA1
0b5ee897864c8605ef69f66dfe1e15729cfcbc59

SHA256
bc3a736e08e68ace28c68b0621dccfb76c1063bd28d7bd8fce7b20e7b7526cc5

SHA512
9a778a3843744f1fabad960aa22880d37c30b1cab29e123170d853c9469dc54a81e81a9070e1de1bf63ba527c332bb2b1f1d872907f3bdce33a6898a02fef22d

Download Submit
C:\Vasyaperskiy\jre\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Vasyaperskiy\jre\lib\resources.jar

Filesize
3.3MB

MD5
9a084b91667e7437574236cd27b7c688

SHA1
d8926cc4aa12d6fe9abe64c8c3cb8bc0f594c5b1

SHA256
a1366a75454fc0f1ca5a14ea03b4927bb8584d6d5b402dfa453122ae16dbf22d

SHA512
d603aa29e1f6eefff4b15c7ebc8a0fa18e090d2e1147d56fd80581c7404ee1cb9d6972fcf2bd0cb24926b3af4dfc5be9bce1fe018681f22a38adaa278bf22d73

Download Submit
C:\Vasyaperskiy\jre\lib\security\java.security

Filesize
26KB

MD5
409c132fe4ea4abe9e5eb5a48a385b61

SHA1
446d68298be43eb657934552d656fa9ae240f2a2

SHA256
4d9e5a12b8cac8b36ecd88468b1c4018bc83c97eb467141901f90358d146a583

SHA512
7fed286ac9aed03e2dae24c3864edbbf812b65965c7173cc56ce622179eb5f872f77116275e96e1d52d1c58d3cdebe4e82b540b968e95d5da656aa74ad17400d

Download Submit
C:\Vasyaperskiy\jre\lib\tzdb.dat

Filesize
101KB

MD5
5a7f416bd764e4a0c2deb976b1d04b7b

SHA1
e12754541a58d7687deda517cdda14b897ff4400

SHA256
a636afa5edba8aa0944836793537d9c5b5ca0091ccc3741fc0823edae8697c9d

SHA512
3ab2ad86832b98f8e5e1ce1c1b3ffefa3c3d00b592eb1858e4a10fff88d1a74da81ad24c7ec82615c398192f976a1c15358fce9451aa0af9e65fb566731d6d8f

Download Submit
C:\Vasyaperskiy\jre\lib\tzmappings

Filesize
8KB

MD5
b8dd8953b143685b5e91abeb13ff24f0

SHA1
b5ceb39061fce39bb9d7a0176049a6e2600c419c

SHA256
3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272

SHA512
c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

Download Submit
C:\Vasyaperskiy\lib\asm-all.jar

Filesize
241KB

MD5
f5ad16c7f0338b541978b0430d51dc83

SHA1
2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a

SHA256
7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d

SHA512
82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a

Download Submit
C:\Vasyaperskiy\lib\dn-compiled-module.jar

Filesize
622KB

MD5
1fb2de3b484804f16b2f0a89eac799a2

SHA1
b7d51dbdf301bba44aa69b63c000a482768b9209

SHA256
7b48ab893a316725892e16e4c678a0837c5e1323b6dbeae716d1da5ea4104158

SHA512
9d506c00a779b879c8f4864a6133c4b2ab6a7ca50ab17f260af60e5d2238444f04543b17baac080b90bbf742e902fdca68b90c17d4770f8dacf8aecc51c54d53

Download Submit
C:\Vasyaperskiy\lib\dn-php-sdk.jar

Filesize
12KB

MD5
3e5e8cccff7ff343cbfe22588e569256

SHA1
66756daa182672bff27e453eed585325d8cc2a7a

SHA256
0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4

SHA512
8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522

Download Submit
C:\Vasyaperskiy\lib\gson.jar

Filesize
226KB

MD5
5134a2350f58890ffb9db0b40047195d

SHA1
751f548c85fa49f330cecbb1875893f971b33c4e

SHA256
2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32

SHA512
c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a

Download Submit
C:\Vasyaperskiy\lib\jphp-app-framework.jar

Filesize
103KB

MD5
0c8768cdeb3e894798f80465e0219c05

SHA1
c4da07ac93e4e547748ecc26b633d3db5b81ce47

SHA256
15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669

SHA512
35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106

Download Submit
C:\Vasyaperskiy\lib\jphp-core.jar

Filesize
464KB

MD5
7e5e3d6d352025bd7f093c2d7f9b21ab

SHA1
ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57

SHA256
5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a

SHA512
c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad

Download Submit
C:\Vasyaperskiy\lib\jphp-desktop-ext.jar

Filesize
16KB

MD5
b50e2c75f5f0e1094e997de8a2a2d0ca

SHA1
d789eb689c091536ea6a01764bada387841264cb

SHA256
cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23

SHA512
57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0

Download Submit
C:\Vasyaperskiy\lib\jphp-gui-ext.jar

Filesize
688KB

MD5
6696368a09c7f8fed4ea92c4e5238cee

SHA1
f89c282e557d1207afd7158b82721c3d425736a7

SHA256
c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4

SHA512
0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76

Download Submit
C:\Vasyaperskiy\lib\jphp-json-ext.jar

Filesize
16KB

MD5
fde38932b12fc063451af6613d4470cc

SHA1
bc08c114681a3afc05fb8c0470776c3eae2eefeb

SHA256
9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830

SHA512
0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839

Download Submit
C:\Vasyaperskiy\lib\jphp-runtime.jar

Filesize
1.1MB

MD5
d5ef47c915bef65a63d364f5cf7cd467

SHA1
f711f3846e144dddbfb31597c0c165ba8adf8d6b

SHA256
9c287472408857301594f8f7bda108457f6fdae6e25c87ec88dbf3012e5a98b6

SHA512
04aeb956bfcd3bd23b540f9ad2d4110bb2ffd25fe899152c4b2e782daa23a676df9507078ecf1bfc409ddfbe2858ab4c4c324f431e45d8234e13905eb192bae8

Download Submit
C:\Vasyaperskiy\lib\jphp-xml-ext.jar

Filesize
19KB

MD5
0a79304556a1289aa9e6213f574f3b08

SHA1
7ee3bde3b1777bf65d4f62ce33295556223a26cd

SHA256
434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79

SHA512
1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e

Download Submit
C:\Vasyaperskiy\lib\jphp-zend-ext.jar

Filesize
95KB

MD5
4bc2aea7281e27bc91566377d0ed1897

SHA1
d02d897e8a8aca58e3635c009a16d595a5649d44

SHA256
4aef566bbf3f0b56769a0c45275ebbf7894e9ddb54430c9db2874124b7cea288

SHA512
da35bb2f67bca7527dc94e5a99a162180b2701ddca2c688d9e0be69876aca7c48f192d0f03d431ccd2d8eec55e0e681322b4f15eba4db29ef5557316e8e51e10

Download Submit
C:\Windows\System32\MRT\DAB93AF5-F03B-DDB8-E752-C0D91A56DA04\MPENGINE.DLL

Filesize
18.6MB

MD5
394f8bc026b2bb8aeae7205a07bbd667

SHA1
bbdfd551bb916616af524cc0e8ddba4de7b2961c

SHA256
c22200e499fb2d7cef1a3092773221ad89b0627fe5b2c244bcbb41895b76d6d0

SHA512
041213ec76a53083b8cc5f45b5d676d159523b6b7d86939437aff2376aa13fed1c6592ab3e17808df06abe60109ed8fc0a30bdca47767f54d6fc8dccaf58f2e8

Download Submit
C:\Windows\System32\MRT\DAB93AF5-F03B-DDB8-E752-C0D91A56DA04\MPGEAR.DLL

Filesize
607KB

MD5
a0c4ac6378ce0313955dccfd2d9208a6

SHA1
7ee2f0f3bf4504f4f7bbc63cb5fa883711c13801

SHA256
abbe3285c58c830314f9f0ad2ddc769139c0d808e27893290adc69a535b996b1

SHA512
72ea9f0d7399fa5d6865f3f887ffa07098b883b1428b33dcb552a40bb22ca6a461a546736667ca1aa97e5f06dffd10dab765c7f6e3e827dd0335b562b27d2fb5

Download Submit
memory/872-770-0x000001AA5F3A0000-0x000001AA5F728000-memory.dmp

Filesize
3.5MB

Download
memory/872-783-0x000001AA52180000-0x000001AA52184000-memory.dmp

Filesize
16KB

Download
memory/872-795-0x000001AA4EBE0000-0x000001AA4EBE1000-memory.dmp

Filesize
4KB

Download
memory/872-794-0x000001AA522B0000-0x000001AA52342000-memory.dmp

Filesize
584KB

Download
memory/872-793-0x000001AA52260000-0x000001AA522AA000-memory.dmp

Filesize
296KB

Download
memory/872-792-0x000001AA52210000-0x000001AA5225B000-memory.dmp

Filesize
300KB

Download
memory/872-769-0x000001AA5EE80000-0x000001AA5F398000-memory.dmp

Filesize
5.1MB

Download
memory/872-774-0x000001AA53800000-0x000001AA53804000-memory.dmp

Filesize
16KB

Download
memory/872-773-0x000001AA537F0000-0x000001AA537F4000-memory.dmp

Filesize
16KB

Download
memory/872-772-0x000001AA536A0000-0x000001AA536A4000-memory.dmp

Filesize
16KB

Download
memory/872-771-0x000001AA4EBD0000-0x000001AA4EBD4000-memory.dmp

Filesize
16KB

Download
memory/872-791-0x000001AA52200000-0x000001AA52204000-memory.dmp

Filesize
16KB

Download
memory/872-790-0x000001AA521F0000-0x000001AA521F4000-memory.dmp

Filesize
16KB

Download
memory/872-789-0x000001AA521E0000-0x000001AA521E4000-memory.dmp

Filesize
16KB

Download
memory/872-788-0x000001AA521D0000-0x000001AA521D4000-memory.dmp

Filesize
16KB

Download
memory/872-787-0x000001AA521C0000-0x000001AA521C4000-memory.dmp

Filesize
16KB

Download
memory/872-786-0x000001AA521B0000-0x000001AA521B4000-memory.dmp

Filesize
16KB

Download
memory/872-785-0x000001AA521A0000-0x000001AA521A4000-memory.dmp

Filesize
16KB

Download
memory/872-784-0x000001AA52190000-0x000001AA52194000-memory.dmp

Filesize
16KB

Download
memory/872-775-0x000001AA54210000-0x000001AA54214000-memory.dmp

Filesize
16KB

Download
memory/872-782-0x000001AA52170000-0x000001AA52174000-memory.dmp

Filesize
16KB

Download
memory/872-781-0x000001AA52160000-0x000001AA52164000-memory.dmp

Filesize
16KB

Download
memory/872-780-0x000001AA52150000-0x000001AA52154000-memory.dmp

Filesize
16KB

Download
memory/872-779-0x000001AA52140000-0x000001AA52144000-memory.dmp

Filesize
16KB

Download
memory/872-778-0x000001AA52130000-0x000001AA52134000-memory.dmp

Filesize
16KB

Download
memory/872-777-0x000001AA57130000-0x000001AA57134000-memory.dmp

Filesize
16KB

Download
memory/872-776-0x000001AA56C10000-0x000001AA56C14000-memory.dmp

Filesize
16KB

Download
memory/3404-650-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/3404-579-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/3404-134-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/3416-588-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3588-642-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3588-703-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3588-691-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3588-736-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3588-648-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/4056-652-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4056-105-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/4056-103-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4056-129-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download