Play interactive tour

Edit tour

Analysis Report plutonium.exe

Overview

General Information

Sample Name:	plutonium.exe
Analysis ID:	353879
MD5:	dfa02a2643fab4ad9ec916206b073dae
SHA1:	d77d9e4862fc1d9296f0e116dc1e466145722ea4
SHA256:	9959ed060bc3f7c88ac0e1fbaeea3baa72f19ee44ea5285de5416ee5bcb5d5fe
Most interesting Screenshot:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Binary contains a suspicious time stamp

Writes many files with high entropy

Yara detected Costura Assembly Loader

Contains long sleeps (>= 3 min)

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Startup

System is w10x64

plutonium.exe (PID: 6648 cmdline: 'C:\Users\user\Desktop\plutonium.exe' MD5: DFA02A2643FAB4AD9EC916206B073DAE)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
plutonium.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.640871016.00000159D92F2000.00000002.00020000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.plutonium.exe.159d92f0000.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Plutonium\games\t4mp.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Plutonium\games\t4sp.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Cryptography:

Source: WebCore.dll.0.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

Compliance:

Uses 32bit PE files

Show sources

Source: plutonium.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: plutonium.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Binary contains paths to debug symbols

Show sources

Source:	Binary string: D:\a\1\s\MaterialDesignThemes.Wpf\obj\Release\net45\MaterialDesignThemes.Wpf.pdb source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp
Source:	Binary string: D:\a\1\s\MaterialDesignThemes.Wpf\obj\Release\net45\MaterialDesignThemes.Wpf.pdbSHA256srD source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp
Source:	Binary string: D:\Drone\builds\drone-eJwEksSOu7lLStqZ\drone\src\Plutonium.Updater.App\obj\Release\net472\Plutonium.Updater.App.pdb source: plutonium.exe
Source:	Binary string: D:\Drone\builds\drone-eJwEksSOu7lLStqZ\drone\src\Plutonium.Updater.App\obj\Release\net472\Plutonium.Updater.App.pdbH source: plutonium.exe
Source:	Binary string: C:\projects\controlzex\src\ControlzEx\obj\Release\net462\ControlzEx.pdb source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp
Source:	Binary string: /_/src/MahApps.Metro/obj/Release/net47/MahApps.Metro.pdb source: plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp

Networking:

Source: Joe Sandbox View	IP Address: 8.8.8.8 8.8.8.8
Source: Joe Sandbox View	IP Address: 8.8.8.8 8.8.8.8

Source: plutonium.exe, 00000000.00000003.683802386.00000159DB581000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: plutonium.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: plutonium.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: plutonium.exe, 00000000.00000003.683802386.00000159DB581000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: plutonium.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: plutonium.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: plutonium.exe, 00000000.00000003.644812843.00000159DB4E7000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: plutonium.exe, 00000000.00000003.683802386.00000159DB581000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: plutonium.exe, 00000000.00000003.683802386.00000159DB581000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
Source: plutonium.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: plutonium.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: WebCore.dll.0.dr	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: WebCore.dll.0.dr	String found in binary or memory: http://exslt.org/common
Source: WebCore.dll.0.dr	String found in binary or memory: http://exslt.org/commonnode-set..
Source: WebCore.dll.0.dr	String found in binary or memory: http://icl.com/saxon
Source: plutonium.exe	String found in binary or memory: http://materialdesigninxaml.net/winfx/xaml/themes
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://materialdesigninxaml.net/winfx/xaml/themes#MaterialDesignThemes.Wpf.Converters
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://materialdesigninxaml.net/winfx/xaml/themes$MaterialDesignThemes.Wpf.Transitions
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://materialdesigninxaml.net/winfx/xaml/themes$MaterialDesignThemes.Wpf.TransitionsZ
Source: plutonium.exe	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/controls
Source: plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/shared
Source: plutonium.exe, 00000000.00000003.683802386.00000159DB581000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: plutonium.exe, 00000000.00000003.683802386.00000159DB581000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: plutonium.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: plutonium.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: WebCore.dll.0.dr	String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: WebCore.dll.0.dr	String found in binary or memory: http://relaxng.org/ns/structure/1.0nsfailed
Source: WebCore.dll.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: WebCore.dll.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.Error
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Roboto
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoBlack
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoLight
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoMedium
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoThin
Source: plutonium.exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: WebCore.dll.0.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: WebCore.dll.0.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: WebCore.dll.0.dr	String found in binary or memory: http://www.jclark.com/xt
Source: WebCore.dll.0.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: WebCore.dll.0.dr	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: WebCore.dll.0.dr	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: WebCore.dll.0.dr	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://icl.com/saxonhttp://www.jclark.com/xtorg.apache.xalan.xslt.e
Source: WebCore.dll.0.dr	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewDocument
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/ControlzEx/ControlzEx
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/ControlzEx/ControlzEx0
Source: plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/MahApps/MahApps.Metro0
Source: plutonium.exe	String found in binary or memory: https://www.digicert.com/CPS0

Spam, unwanted Advertisements and Ransom Demands:

Writes many files with high entropy

Show sources

Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\t6zm_icon.992fa331.png entropy: 7.99063740011	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\ffotd_tu13_mp_147.ff.00 entropy: 7.99388644558	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\ffotd_tu13_zm_147.ff.00 entropy: 7.99034852796	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\online_tu13_mp.wad entropy: 7.99008372049	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_highrise.ff entropy: 7.99796176258	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_rust.ff entropy: 7.99851792221	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_test.ff entropy: 7.99579267153	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_code_post_gfx_mp.ff entropy: 7.99103783935	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_common_map.ff entropy: 7.99066534082	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_common_mp.ff entropy: 7.99768348421	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_delta_multicam.ff entropy: 7.99548581345	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_opforce_air.ff entropy: 7.99492913053	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_opforce_henchmen.ff entropy: 7.99527045958	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_sas_urban.ff entropy: 7.99474078155	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\t6\zone\ffotd_tu13_mp_147.ff entropy: 7.99388644558	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\storage\t6\zone\ffotd_tu13_zm_147.ff entropy: 7.99034852796	Jump to dropped file

System Summary:

Source: plutonium.exe

Static PE information: invalid certificate

Source: plutonium.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: plutonium-launcher-win32.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: plutonium.exe, 00000000.00000000.641325192.00000159D96F0000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamePlutonium.Updater.App.exeL vs plutonium.exe
Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs plutonium.exe
Source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMaterialDesignThemes.Wpf.dllR vs plutonium.exe
Source: plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs plutonium.exe
Source: plutonium.exe	Binary or memory string: OriginalFilenamePlutonium.Updater.App.exeL vs plutonium.exe

Source: plutonium.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: classification engine

Classification label: mal60.rans.evad.winEXE@1/127@0/3

Source: C:\Users\user\Desktop\plutonium.exe

File created: C:\Users\user\AppData\Local\Plutonium

Jump to behavior

Source: plutonium.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\plutonium.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: WebCore.dll.0.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: WebCore.dll.0.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: WebCore.dll.0.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: WebCore.dll.0.dr	Binary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, quota INTEGER NOT NULL ON CONFLICT FAIL);
Source: WebCore.dll.0.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: WebCore.dll.0.dr	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: WebCore.dll.0.dr	Binary or memory string: SELECT origin FROM Origins where origin=?;
Source: WebCore.dll.0.dr	Binary or memory string: CREATE TABLE Databases (guid INTEGER PRIMARY KEY AUTOINCREMENT, origin TEXT, name TEXT, displayName TEXT, estimatedSize INTEGER, path TEXT);
Source: WebCore.dll.0.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: WebCore.dll.0.dr	Binary or memory string: SELECT guid FROM Databases WHERE origin=? AND name=?;
Source: WebCore.dll.0.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: WebCore.dll.0.dr	Binary or memory string: SELECT name FROM Databases where origin=?;
Source: WebCore.dll.0.dr	Binary or memory string: INSERT INTO Databases (origin, name, path) VALUES (?, ?, ?);
Source: WebCore.dll.0.dr	Binary or memory string: SELECT quota FROM Origins where origin=?;
Source: WebCore.dll.0.dr	Binary or memory string: SELECT path FROM Databases WHERE origin=? AND name=?;
Source: WebCore.dll.0.dr	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: plutonium.exe	String found in binary or memory: -install-dir=
Source: plutonium.exe	String found in binary or memory: -install-dir]Failed to check for updates: {0}

Source: C:\Users\user\Desktop\plutonium.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\plutonium.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: plutonium.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: plutonium.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: plutonium.exe

Static file information: File size 4221392 > 1048576

Source: plutonium.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x3fc800

Source: plutonium.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source: plutonium.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\1\s\MaterialDesignThemes.Wpf\obj\Release\net45\MaterialDesignThemes.Wpf.pdb source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp
Source:	Binary string: D:\a\1\s\MaterialDesignThemes.Wpf\obj\Release\net45\MaterialDesignThemes.Wpf.pdbSHA256srD source: plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp
Source:	Binary string: D:\Drone\builds\drone-eJwEksSOu7lLStqZ\drone\src\Plutonium.Updater.App\obj\Release\net472\Plutonium.Updater.App.pdb source: plutonium.exe
Source:	Binary string: D:\Drone\builds\drone-eJwEksSOu7lLStqZ\drone\src\Plutonium.Updater.App\obj\Release\net472\Plutonium.Updater.App.pdbH source: plutonium.exe
Source:	Binary string: C:\projects\controlzex\src\ControlzEx\obj\Release\net462\ControlzEx.pdb source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp
Source:	Binary string: /_/src/MahApps.Metro/obj/Release/net47/MahApps.Metro.pdb source: plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp

Data Obfuscation:

Binary contains a suspicious time stamp

Show sources

Source: initial sample

Static PE information: 0xCFF127F3 [Sat Jul 20 08:01:55 2080 UTC]

Yara detected Costura Assembly Loader

Show sources

Source: Yara match	File source: plutonium.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.640871016.00000159D92F2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.0.plutonium.exe.159d92f0000.0.unpack, type: UNPACKEDPE

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: plutonium-bootstrapper-win32.exe.0.dr

Static PE information: real checksum: 0xa9b9b9 should be:

Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: section name: .payload
Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: section name: .cld
Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: section name: .clr
Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: section name: .main
Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: section name: .themida
Source: plutonium-bootstrapper-win32.exe.0.dr	Static PE information: section name: .boot

Persistence and Installation Behavior:

Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\WebCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\plutonium-bootstrapper-win32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\Ultralight.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\UltralightCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\games\t6mp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\AppCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\games\t4mp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\games\t4sp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\games\iw5mp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\bin\discord_game_sdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\games\iw5sp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	File created: C:\Users\user\AppData\Local\Plutonium\games\t6zm.exe	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\Desktop\plutonium.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: C:\Users\user\Desktop\plutonium.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe	Window / User API: threadDelayed 4084			Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Window / User API: threadDelayed 4814			Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\WebCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\plutonium-bootstrapper-win32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\Ultralight.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\UltralightCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\games\t6mp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\games\t4mp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\AppCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\games\t4sp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\games\iw5mp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\bin\discord_game_sdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\games\iw5sp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\plutonium.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Plutonium\games\t6zm.exe	Jump to dropped file

Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -200000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99753s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 6920	Thread sleep time: -99615s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe TID: 816	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior

Source: plutonium.exe, 00000000.00000003.683777946.00000159DB558000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla

Anti Debugging:

Source: C:\Users\user\Desktop\plutonium.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Source: plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp

Binary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWndhwndIF29F85E0-4FF9-1068-AB91-08002B27B3D9

Language, Device and Operating System Detection:

Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Users\user\Desktop\plutonium.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\plutonium.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\plutonium.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	Query Registry1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion2	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection1	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Timestomp1	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Information Discovery12	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	Remote System Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
plutonium.exe	0%	Virustotal	Browse
plutonium.exe	0%	Metadefender	Browse
plutonium.exe	3%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Plutonium\games\t4mp.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Plutonium\games\t4sp.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Plutonium\bin\AppCore.dll	5%	Metadefender		Browse
C:\Users\user\AppData\Local\Plutonium\bin\AppCore.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\bin\Ultralight.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\bin\UltralightCore.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\bin\WebCore.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\bin\discord_game_sdk.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\bin\plutonium-bootstrapper-win32.exe	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Plutonium\bin\plutonium-bootstrapper-win32.exe	4%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Plutonium\games\iw5mp.exe	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Plutonium\games\iw5mp.exe	3%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://materialdesigninxaml.net/winfx/xaml/themes#MaterialDesignThemes.Wpf.Converters	0%	Virustotal		Browse
http://materialdesigninxaml.net/winfx/xaml/themes#MaterialDesignThemes.Wpf.Converters	0%	Avira URL Cloud	safe
http://xmlsoft.org/XSLT/namespacehttp://icl.com/saxonhttp://www.jclark.com/xtorg.apache.xalan.xslt.e	0%	Avira URL Cloud	safe
http://materialdesigninxaml.net/winfx/xaml/themes	0%	Virustotal		Browse
http://materialdesigninxaml.net/winfx/xaml/themes	0%	Avira URL Cloud	safe
http://exslt.org/common	0%	URL Reputation	safe
http://exslt.org/common	0%	URL Reputation	safe
http://exslt.org/common	0%	URL Reputation	safe
http://exslt.org/common	0%	URL Reputation	safe
http://materialdesigninxaml.net/winfx/xaml/themes$MaterialDesignThemes.Wpf.TransitionsZ	0%	Avira URL Cloud	safe
http://xmlsoft.org/XSLT/	0%	Avira URL Cloud	safe
http://xmlsoft.org/XSLT/namespace	0%	Avira URL Cloud	safe
http://metro.mahapps.com/winfx/xaml/controls	0%	Avira URL Cloud	safe
http://xmlsoft.org/XSLT/xsltNewDocument	0%	Avira URL Cloud	safe
http://relaxng.org/ns/structure/1.0nsfailed	0%	Avira URL Cloud	safe
http://metro.mahapps.com/winfx/xaml/shared	0%	Avira URL Cloud	safe
http://www.jclark.com/xt	0%	Avira URL Cloud	safe
http://icl.com/saxon	0%	Avira URL Cloud	safe
http://materialdesigninxaml.net/winfx/xaml/themes$MaterialDesignThemes.Wpf.Transitions	0%	Avira URL Cloud	safe
http://exslt.org/commonnode-set..	0%	Avira URL Cloud	safe
http://relaxng.org/ns/structure/1.0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://materialdesigninxaml.net/winfx/xaml/themes#MaterialDesignThemes.Wpf.Converters	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false		high
http://xmlsoft.org/XSLT/namespacehttp://icl.com/saxonhttp://www.jclark.com/xtorg.apache.xalan.xslt.e	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://materialdesigninxaml.net/winfx/xaml/themes	plutonium.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://exslt.org/common	WebCore.dll.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd	WebCore.dll.0.dr	false		high
https://github.com/ControlzEx/ControlzEx	plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	false		high
http://materialdesigninxaml.net/winfx/xaml/themes$MaterialDesignThemes.Wpf.TransitionsZ	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://xmlsoft.org/XSLT/	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://xmlsoft.org/XSLT/namespace	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://metro.mahapps.com/winfx/xaml/controls	plutonium.exe	false	Avira URL Cloud: safe	unknown
http://tools.ietf.org/html/rfc3986#section-2.1.	WebCore.dll.0.dr	false		high
http://xmlsoft.org/XSLT/xsltNewDocument	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/ControlzEx/ControlzEx0	plutonium.exe, 00000000.00000003.646817550.00000159EB6C3000.00000004.00000001.sdmp	false		high
http://relaxng.org/ns/structure/1.0nsfailed	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0RobotoBlack	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0RobotoThin	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false		high
http://www.openssl.org/support/faq.html	WebCore.dll.0.dr	false		high
http://curl.haxx.se/docs/http-cookies.html	WebCore.dll.0.dr	false		high
http://tools.ietf.org/html/rfc3986#section-2.1.Error	WebCore.dll.0.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0RobotoMedium	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false		high
http://metro.mahapps.com/winfx/xaml/shared	plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jclark.com/xt	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD	WebCore.dll.0.dr	false		high
http://icl.com/saxon	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://materialdesigninxaml.net/winfx/xaml/themes$MaterialDesignThemes.Wpf.Transitions	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0Roboto	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false		high
http://exslt.org/commonnode-set..	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/MahApps/MahApps.Metro0	plutonium.exe, 00000000.00000003.649647054.00000159EC079000.00000004.00000001.sdmp	false		high
http://relaxng.org/ns/structure/1.0	WebCore.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0RobotoLight	plutonium.exe, 00000000.00000003.653631743.00000159ECA79000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
104.21.235.162	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.235.161	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	353879
Start date:	17.02.2021
Start time:	02:47:06
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	plutonium.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.rans.evad.winEXE@1/127@0/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:48:02	API Interceptor	13x Sleep call for process: plutonium.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
8.8.8.8	BadStuff.js	Get hash	malicious	Browse	8.8.8.8/SlvMWdIEW62C9c
	BadStuff.js	Get hash	malicious	Browse	8.8.8.8/CTM5wttwLFcLdHfVk
	33payment advice.exe	Get hash	malicious	Browse	www.zulinfang.mobi/fu/?id=i07vHMa0svfKfxE6I3aRHA3lctcdYaT9x0iZT9MH0oRhMFPgh9mSEtNU17XFCBgMQA4XWErQDlzTwB-AplygzQ..
	37documents.exe	Get hash	malicious	Browse	www.tasteofunexpected.com/tf/?id=y6IrbpvfhkYfQXXyqC8dooAvfrv2e2apV7igF70LYGyF4OCvwj5JxRVBdRghvKGGuc_KsFbnbWPC0Def
	63AWB 043255.exe	Get hash	malicious	Browse	www.serikatsaudagarnusantara.com/ed/?id=kIz4OnF7tHMqdv1cSepeHoY02Vsws5yCI7zf8DN1pvMb9hdHFpZX44eSyhzXC7u5icfl1yYYsvfyl6we
	d62c.exe	Get hash	malicious	Browse	www.epckednilm.info/fu/?id=i07vHMa0svfKfxE6I3aRHA3lctcdYaT9x0iZT9MH0oRhMFPgh9mSEtNU17XFCBgMQA4XWErQDlzTwB-AplygzQ..
	27TTcopyMT107-36000_payment.exe	Get hash	malicious	Browse	www.watchsummer.com/tr/?id=oqCXvgIUiCxPFtn1J0rb33q5mpSH48Vd1XRAfBxi4MgNDwsdTt0dcXb5dgzj2vPAuld1RDreAlRWWLP9Xot16w..&sql=1
	download_adobeflashplayer_install_9_.exe	Get hash	malicious	Browse	wetr34.sitesled.com/wind.jpg
	INV-000524.vbs	Get hash	malicious	Browse	naturofind.org/p66/JIKJHgft
	177Purchase Order.exe	Get hash	malicious	Browse	www.phutungototp.com/ho/?id=y3T6nEBciedL7htO4xn1ZYijVAw7sJXLjwubagvJUtMFVf7aOWPSa_Bl5i178f_EjROvybrSr7PC3267XbUsBg..
	8Order Inquiry.exe	Get hash	malicious	Browse	www.quyuar.com/dr/?id=gCqdDQsh4d7ynFKSj09V1Y12J91NTUfM9LddDKzxEGHO7R4ogEQ3AGAU2DRYiF_Nduo4Rd-EW24x-O38aOud_g..
	27Tobye.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	11Marena.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	39Harriot.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	1Vida.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	43Colleen.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	67Roxanne.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	15Winnah.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	33Elfrida.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin
	25Cornelle.js	Get hash	malicious	Browse	my.internaldating.ru/js/boxun4.bin

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GOOGLEUS	Quotation.exe	Get hash	malicious	Browse	34.102.136.180
	sBt_8xKw.apk	Get hash	malicious	Browse	216.58.198.42
	cLMBOaIYSO.exe	Get hash	malicious	Browse	35.228.43.35
	51BfqRtUI9.exe	Get hash	malicious	Browse	34.102.136.180
	X2Q8MaK1Zm.docx	Get hash	malicious	Browse	216.58.208.131
	X2Q8MaK1Zm.docx	Get hash	malicious	Browse	172.253.120.155
	dAIyRK9gO7.exe	Get hash	malicious	Browse	8.8.8.8
	SU9Gm5Pom3.exe	Get hash	malicious	Browse	34.105.243.4
	9j4sD6PmsW.exe	Get hash	malicious	Browse	34.102.136.180
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	bad.docx	Get hash	malicious	Browse	216.58.208.131
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	executable.908.exe	Get hash	malicious	Browse	216.58.206.65
	bad.docx	Get hash	malicious	Browse	172.253.120.156
	index_2021-02-16-18_50	Get hash	malicious	Browse	142.250.184.42
	602b97e0b415b.png.dll	Get hash	malicious	Browse	216.58.208.131
CLOUDFLARENETUS	HGrt.dll	Get hash	malicious	Browse	104.20.184.68
	JF0qFPqOqZ.docx	Get hash	malicious	Browse	104.21.16.241
	JF0qFPqOqZ.docx	Get hash	malicious	Browse	172.67.217.22
	v.dll	Get hash	malicious	Browse	104.20.185.68
	51BfqRtUI9.exe	Get hash	malicious	Browse	172.67.133.65
	UNiOOhIN3e.exe	Get hash	malicious	Browse	162.159.134.233
	zmODG1qz1c.exe	Get hash	malicious	Browse	172.67.188.154
	9966HSw7WJ.exe	Get hash	malicious	Browse	104.25.234.53
	nED6Y1wST7.exe	Get hash	malicious	Browse	104.21.85.36
	Sccid-UPDATE.htm	Get hash	malicious	Browse	172.67.139.55
	4818840.dat.dll	Get hash	malicious	Browse	104.20.185.68
	dAIyRK9gO7.exe	Get hash	malicious	Browse	172.67.156.171
	Property...exe	Get hash	malicious	Browse	172.67.188.154
	bDbA5Bf1k2.exe	Get hash	malicious	Browse	162.159.133.233
	REQUEST FOR QUOTATION.exe	Get hash	malicious	Browse	162.159.133.233
	request_form_1613501809.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613501809.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613490796.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613490796.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613488121.xls	Get hash	malicious	Browse	66.235.200.147
CLOUDFLARENETUS	HGrt.dll	Get hash	malicious	Browse	104.20.184.68
	JF0qFPqOqZ.docx	Get hash	malicious	Browse	104.21.16.241
	JF0qFPqOqZ.docx	Get hash	malicious	Browse	172.67.217.22
	v.dll	Get hash	malicious	Browse	104.20.185.68
	51BfqRtUI9.exe	Get hash	malicious	Browse	172.67.133.65
	UNiOOhIN3e.exe	Get hash	malicious	Browse	162.159.134.233
	zmODG1qz1c.exe	Get hash	malicious	Browse	172.67.188.154
	9966HSw7WJ.exe	Get hash	malicious	Browse	104.25.234.53
	nED6Y1wST7.exe	Get hash	malicious	Browse	104.21.85.36
	Sccid-UPDATE.htm	Get hash	malicious	Browse	172.67.139.55
	4818840.dat.dll	Get hash	malicious	Browse	104.20.185.68
	dAIyRK9gO7.exe	Get hash	malicious	Browse	172.67.156.171
	Property...exe	Get hash	malicious	Browse	172.67.188.154
	bDbA5Bf1k2.exe	Get hash	malicious	Browse	162.159.133.233
	REQUEST FOR QUOTATION.exe	Get hash	malicious	Browse	162.159.133.233
	request_form_1613501809.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613501809.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613490796.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613490796.xls	Get hash	malicious	Browse	66.235.200.146
	request_form_1613488121.xls	Get hash	malicious	Browse	66.235.200.147

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\plutonium.exe.log Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2619
Entropy (8bit):	5.359655318774405
Encrypted:	false
SSDEEP:	48:MxHKKH/wxQlEH8NYHKGD8AouHz7HKBtHTG1hAHKKPAHSbEHKDHKRicYHisHhH3:iqKoKmcNYqGgAouXqBtzG1eqKPATqDqW
MD5:	0F3C0202F684CDC03F64EA28E750DDA6
SHA1:	EE3A1304E254D8A47498D1C49231C6FBFDD1E3D4
SHA-256:	14F2BBD01F287EE6A0F6B6B96135F5F495A41D3C1DB78733B96A1E512FC3F02F
SHA-512:	E8905E9A81F37F18304B8A8483B2BB70C380B7108FF7B1C2C12ABEB1191A7F7A7A26942538B4B0E118F6B721C55718D45C8E549B5BAE396ED09C40737B10D2B0
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\83c7ede68d13b2882d9b382e05efed26\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\46a2c27668386512a2b68c0ab20c8ca2\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Wi

C:\Users\user\AppData\Local\Plutonium\bin\AppCore.dll Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	235520
Entropy (8bit):	4.986965647782011
Encrypted:	false
SSDEEP:	1536:EJ0s/iJhe3soDQ6sDGNLkk3gy/tdQkRsLGupt6HxsKRDSYJ9Zt7akNNfh:EJ/iJhAsJ6sDmB2FpGxZuUvzf
MD5:	80C3806A12959987AC012E28F63AD150
SHA1:	3A43F2989903BEDE21C4F599C86F3E10403E4BF1
SHA-256:	B5338B858E5C65F9C36BBC817673BA5E1A05EED8F4DCF007B6BC4FF6140FC8F8
SHA-512:	67C682A2E3DC0E5CC9F768BDD276D2B927739344620D6FD3000412C449DA1FE12939E83246E1F01263930619A61B554F6B0401C0E508E34E648CE9F25DCFB9FF
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 5%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[g.[g.[g.R.F.Wg.`9._g.`9.Mg.`9.Vg.`9._g.....Zg..9.]g.....Ng.[g..g..9.Kg..9.Zg..9.Zg.Rich[g.........................PE..L....N.]...........!................(...............................................=.....@.........................PU...(...}...................................... /......................./......@/..@............................................text............................... ..`.rdata.............................@..@.data...L...........................@....gfids..L...........................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\bin\Ultralight.dll Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	129536
Entropy (8bit):	6.596761971017044
Encrypted:	false
SSDEEP:	3072:JPV4mihsVDPFNHBI4zQUiq3vx6RbFWaRm:JdbG8Jfk+/xI0Qm
MD5:	6C2949787D48F3B0C0CBD4A872253F12
SHA1:	01CD853173DCA709C6A9C3EC8C68E5CB1CE7802A
SHA-256:	758CA54BAC8288487CFA6EA276C724FC4AD29C6D6A4294D74EA34E0726CE8661
SHA-512:	7C8978F7AC5D0DB7CBDFC8D78BC992463F132497F84B132BE3ECE1DB926990DCE27C0A3D642C3C5C2D04A862F0A30AFDBD9FE5C6881F8523E0C9347D84448AEF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U...;..;..;....;..8..;..>..;..?..;..:..;.MM...;...:..;..:..;...>..;...;..;...9..;.Rich..;.........PE..L...M3.].........."!.........................................................P............@.........................0D..h;........... .......................0.......!......................\|!...... !..@............................................text............................... ..`.rdata..x...........................@..@.data...4...........................@....gfids..L...........................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\bin\UltralightCore.dll Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	591872
Entropy (8bit):	6.745039028339789
Encrypted:	false
SSDEEP:	12288:eCk7CwTCLUtLT8V6eaBy3xh3yGDVYMDUWAn4rpxsQkm4oi:67CcCLURxevbYMBTpiQkmpi
MD5:	CD3768E013636A12E6CE7937A7F69365
SHA1:	405BE77C308B4AEB678DD9235CEEE201DA8BABB8
SHA-256:	9ED2701BA7C3349ECBBCF276C280A09262B4DA72BE9FDCDDD81A8BAC9C9B3D69
SHA-512:	40B5CA33AB11FA9076516B9C3061626487107E3AF196F56BCDECF2CEC6640F87916FAEFE1EF14C1127DFA70752C7BCD5C9371A70660C8D175C3C924BD279AA47
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........yM...#V..#V..#V.`.V..#V.F"W..#V.F W..#V.F&W..#V.F'W..#Ve..V..#Ve..V..#V.."V..#V/F'W..#V/F*W..#V/F#W..#V/F!W..#VRich..#V................PE..L....a.]...........!.....F..........6E.......`......................................=.....@..........................>...E..$...T....0.......................@...@..................................0...@............`...............................text...XD.......F.................. ..`.rdata..0A...`...B...J..............@..@.data...8Z.......4..................@....gfids..L...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc...@...@...B..................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\bin\WebCore.dll Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23111680
Entropy (8bit):	6.90216191407064
Encrypted:	false
SSDEEP:	196608:k/Q4yUaI/DF/ll+0vwbzPuUGt8NAIzQTgP1k58GcDKdy3sbS6IWPIqCad2cxAJAB:j4iIh/W0vwbS8RPlGrULXUAzewZ3jW
MD5:	90B16ABE7F82DCAE822174B4503F4E1B
SHA1:	EBD5792C38E598E09DE2E87F435C809927400E25
SHA-256:	B4D361BF13F98C96C21C3DEC94D14914FF80C3515A48CD3DF974378CD6052082
SHA-512:	8DFC06402F92A9FF278F7D94CB369D90A92509D9E6B6D106CCE2BB454DDEAC0BDF9F906E8AB91C4C1AAEE0CE5D950B713A2DF4BE2C713B7D1222BF7CDC23269D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......j..............'.f.6....2.'.......?.......".......*.......4......,....../....F>.=............../.................@.......@...!............/....../...Rich....................PE..L....+.^.........."!................W.......................................Pb.....:7a...@...........................E.T...doO.......W.......................W......A.....................d.A.......A.@...............\............................text...b........................... ..`.rdata..F.}.......}.................@..@.data.........O..N....O.............@....unwante.....`W.......U.............@..@.gfids..T....pW.......U.............@..@.tls..........W.......U.............@....rsrc.........W.......U.............@..@.reloc.......W.......U.............@..B........................................................................................................................

C:\Users\user\AppData\Local\Plutonium\bin\discord_game_sdk.dll Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3154744
Entropy (8bit):	6.623438312911872
Encrypted:	false
SSDEEP:	98304:1veNFVrTtZ6UFFEQ9KQS3YBimf6grv4vWr2O8+2F:1veNFVrTXEQ9KQS3YBielrGi23ZF
MD5:	955AF9BE4A97316D73AFAE1E7365E97E
SHA1:	62CD6F527BE6C82E1C1669FDE807A4B34774691B
SHA-256:	D8E7D9FEB3DE8482B186AE44FD1C9ABB41FE2B3B3D2C7CD3A4D742EBBAD30CDF
SHA-512:	6B077AE45E7EED9623BA17D9B3324B3A25FD6EB7313CD1DDA57A1419F3FD06CDAC2CFDB287E052DC5154E2D142C6CD2EE815A42536439165FD1250020ED8FC31
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@.E.@.E.@.E.(.D.@.E.(.D&@.E.(.D.@.E.(.D.@.E.(.D.@.E.(.D.@.E.(.D.@.E.@.E.@.E9).D.@.E.@.ECA.E9).D.@.E9).D.@.ERich.@.E........................PE..L...$..].........."!......'..........*&...... '..............................00.....[.0...@.................................\.........................0.8.... /.p.....,.T.....................,.....H.,.@............ '..............................text.....'.......'................. ..`.rdata..x.... '.......'.............@..@.data........./.....................@....reloc..p.... /.....................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\bin\plutonium-bootstrapper-win32.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11109080
Entropy (8bit):	7.420458118935417
Encrypted:	false
SSDEEP:	196608:yOAt+V+7BG79/hGKcQ16PsOcCIW7mJNIiCQqe6XU03RHHzfTy:yptC+7BI9/4KV6P7IWaJaiCQqe6E03la
MD5:	1EC26FEACF1F4CF7C59F4FA693670F94
SHA1:	196D9A1525247010AD0E7815633F6782760106E0
SHA-256:	F94F7B8AD320DE2BB3427E04F5C4C741E97F8D3AB11C18F085282C13B42FBEC3
SHA-512:	19684817C70C05F2F34A5027111D3784BD9FB1664600091B2D8A3F0348F45447733DBF8C954F07F55BDC35F0C5641BAF8D1DBA9E430E960D97D2420CB8A3A2FC
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 4%
Reputation:	low
Preview:	MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........h........................@...........Y...............s.......s.......A...............s...)...3.......................3...Q...................3...Y...3.......3...............3.......Rich............PE..L....=._..........#.......F...,.... X.. ..........@..........................`9!......................................s C.....s ..... s .............n........................................t .............................i, @....................payload... .............................cld........... .4..................@....clr........... .....8..............@..@.main....~F..., ..F................. ..`.rsrc........ s .....Z`.............@..@.edata........s ......`.............@..@.idata........s ......`.............@....tls.....0....s .$....`..................themida..}...u ......b.............`....boot....`G.... .`G...b.............`..`........................

C:\Users\user\AppData\Local\Plutonium\bin\plutonium-launcher-win32.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3105496
Entropy (8bit):	6.843656663519869
Encrypted:	false
SSDEEP:	49152:LoQQmQdcv5O3keckhvNnoxK8yfDdnOaYBqLS7uQXU8SPWOQGQU5+ugx3t:LoQlQyUkeRvtOtELSCQ7hOQG8t
MD5:	8A462C23D7D980204888247844C35FAD
SHA1:	022C61BFC6CB2E94596EFEA19B921A8509AD6178
SHA-256:	5967C33B1DC4D09ADCEE5AFFB0552491FDA9807548791586A6B65DC493836561
SHA-512:	0F1EC3B3812E8B1B145B5BD163FA18033491ABCBB28A11CB15C72CA54D417825CAD3C351615C9EC2E2F2C5FDBED861CAAA10B788BF726F3702C072359EA7AEFC
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........t....I...I...I...H...I...H!..I...H...I...H...I+..H...I...Hw..I...H...Iv..H...I...H...I...I...I...I...I{..H...IY..H%..IY..H...IY..I...I...I...IY..H...IRich...I........................PE..L....=._.................z"..h..............."...@.......................... 0......./...@.................................Tc,.......-..............N/..............1+.T....................2+.....02+.@.............".d............................text....y"......z"................. ..`.rdata........"......~".............@..@.data....P....,......r,.............@....rsrc.........-......,-.............@..@.reloc................-.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\games\iw5mp.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5164968
Entropy (8bit):	6.772858662819058
Encrypted:	false
SSDEEP:	98304:BUnd3UnwtQoF8e21D1tKxll6ZM58szIIIIIYf09vpFbqqHND5XKl:q5UnwtQoF8emD1t8/6ZMGEIIIIIYUvj3
MD5:	607FB4AF50010C99157FE3AF8DAAA2B0
SHA1:	58A31E648B2F7232025AA009B1EA3112AC85A3D2
SHA-256:	DB3E87DCEE15A172D393A32CD79159FD07BFEF8B318A1E9BF3CF5FC98734BDE2
SHA-512:	9C085D217C9AD0FABE2A0E31A750B791519F1D109AE8C18BF619985EA92E94FD9825690A7AAE2722121672789E3580131B56D82E59552544816014B204D7A41C
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t.s.t.s.t.s...z.s.}..6.s.}...o.s.S2..}.s.S2....s.....v.s.....u.s.S2..m.s.t.r...s.}..c.s.}...B.s.j..u.s.}..u.s.Richt.s.........................PE..L......Z..........#.......=.........I.3.......>...@..........................`........N.....................................tPJ..........t............N............. .>.......................I.......................>..............................text.....=.......=................. ..`.rdata...t....>..v....=.............@..@.data....M8...J......^J.............@....tls....%...........8M.............@....rsrc....t.......v...:M.............@..@................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\games\iw5sp.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5653800
Entropy (8bit):	6.7437589722473055
Encrypted:	false
SSDEEP:	98304:kCIbH6LmN/cA2R08Kl+ahXGFZqH2ENIShAuUYbiKWPR6IIIII1iIugxRFsbtzwx/:7jCN/cA2R08KxZM02ENIShAuUSirP4If
MD5:	6199A36AC2928AC23AC495CC2B528477
SHA1:	417BEB0835A2FE2334D7A1A0771A6A8AEF285C60
SHA-256:	0EAD93EB151F1FFFE4EDD3EE3C29DB4209C951506AB44BE05735F1687123B4F0
SHA-512:	A4BB84F0C644D6876FB5E37B5505112CCEE017F924AE0055D356B110EAB0AA9BFFB8B640C56604E58171BA25EDF78AF22A532451C7ABC576F6BEB35F8C12C5A7
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...VLV......8V.8..].....).&.r.jL,..78.].\_S. .Tp.s<.;r.....&d1..~..aNAIG]x.h..>\|)'.H..E &...b.G..a.:f.$...C ..i.7...p..;.c.fZ...a ..L......................................................................................PE..L...l.P..........#.......>..&......1.3...... >...@..........................@D......sV......................................bR.......B..u...........8V.(.............F.....................@.Q...................... >..............................text.....>.......>................. ..`.rdata..lf... >..h....>.............@..@.data.........R..D...zR.............@....tls....!.....B.......T.............@....version......B.......T.............@..@.rsrc....u....B..v....T.............@..@................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\games\t4mp.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5505024
Entropy (8bit):	6.864989072476912
Encrypted:	false
SSDEEP:	98304:ilNJs3kUyIFFUuXiBsT3wc+b4eKN1LVNN2x6dBfxBulZEtDu3:sDCkUtnUuX93wc+b4eaLVsQBfMZ+S3
MD5:	5FABA8AF039CCC3513D904AEEEA34FF7
SHA1:	7833E0FDC069079642D93F5EC0865E6BC6A4D015
SHA-256:	943BB93001AD2ED465B6652C27FB649B5F0C5B24097E18A27A588AC35B3457A0
SHA-512:	339C5A0CCB527411E5F39139CAD97554F2B10490E53A9D662ABE70138243ED0DB24189CB870CF75B44C5CE2986FE45BFE2C60B2CDC0C52F9171464DD9F66F918
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	low
Preview:	MZ......................@.......................................VLV......`Y....Jii...C..P.........m.....'..(....j........84m..0...0...z........._F?7..*s..C..u.+c......@.`.YV.;!"........P..^Z.e.Mn:..........................................................PE..L...B..J.................P>.........V.:......`>...@..........................`................................................K.\|.... ...;...........................j>......................PK.....@PK.@............`>..............................text....P>......P>................. ..`.rdata.......`>......`>.............@..@.data....0....K.......K.............@....tls..................M.............@....rsrc....@... ...@....M.............@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\games\t4sp.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5550080
Entropy (8bit):	6.874189649552745
Encrypted:	false
SSDEEP:	98304:VFGGlNcRK4GwaloTHcwoRqOvY3WBugWEtDuB:HGGlNcRCvloT8wnOQ3uW+SB
MD5:	04D5620ACF68F0A9A067DF532EA23B96
SHA1:	07A8FC31FB150A34084986498C560193AC0C8006
SHA-256:	F26D45524BFFF7E44C8EBAB4D758CA524EDFB0FB7D52352B6C95E1E908799361
SHA-512:	2BDBF13087D2D135B784ED6930DAE5747E909A37361ABBE05F0F345027119322B5B9ACA1F48080E0FBA46B54B0743149F4037DEC3E6281F819C196B85D43178D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	low
Preview:	MZ......................@.......................................VLV.......Z....Jq..?dC.*n.g{.E.A...V.....&.9.RI.O..9.~..5.........>.=.&\...5c._...<nZN.3B.7.Jn......J<".....Z..\|.(....4.F.......`......K..................................................PE..L...F..J..................>...........:.......>...@.........................................................................D.L.\|....p...;..........................`.>..................... .L.......L.@.............>..............................text.....>.......>................. ..`.rdata........>.......>.............@..@.data.....X...L.......L.............@....tls.........`.......`N.............@....rsrc....@...p...@...pN.............@..@........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\games\t6mp.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13263640
Entropy (8bit):	5.657706799315911
Encrypted:	false
SSDEEP:	98304:Y567HyXvVDiKqGiHJ5/E1xE1a/V+Z0c/TmVLCLumXP6J4Av5Zjzxg1VSQM5:9DJexQaQZ3KVmu86JrvzZgHSQM5
MD5:	E06A160D6E5B5C9F695F7E0AD5B25357
SHA1:	992B6887A505103CF0EEB35546A01212899A50A0
SHA-256:	822CD36DA93BB82B3349365ED94704C90B981C10DE1E3EAD1EA3FB4F49D2791E
SHA-512:	9035156B71B6499BE407C47C16503B4DEB1CD6B1F9E5A8FC07C937FFFAEC2B9CFE4D977C110967CF63DFA74A1DD14B7AD45FF9B8174BA0F271E802802FB28D8A
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................`...VLV......V....T6q...Da.......,-.q..aeb....i,.4.,4.>....@w$......'.gQT....I.`...ZR...?.7"...._Xv.u..I.i..P.r.5\I..\|<.J+.u..O...S.X@.fu..Ka.^................................................................................................................................................PE..L.....nS..........#.......v..xS.....\.g.......w...@..................................V..................................O...........................V.......................................S........................w.l............................text...@2u......4u................. ..`.conceal.=...Pu..>...8u............. ..`.interpr,f....v..h...vv............. ..`.rdata........w.......v.............@..@.data....\f.. ...82.................@....tls....a............,..............@....version.............H..............@..@.rodata..............J..............@..@.rsrc................V..............@..@........................................

C:\Users\user\AppData\Local\Plutonium\games\t6zm.exe Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13090072
Entropy (8bit):	5.648742873748065
Encrypted:	false
SSDEEP:	393216:3XYCs8QTHxoMo5uEQ5ysQNpLViuZw5kST:GpqwT
MD5:	025C2579B58A9C8C850C4BC0BF278CF9
SHA1:	D70A3C41015093618A4B60B85741C3D4CED7A548
SHA-256:	214AC1666D05C60A7F8EBDD9194FD6ED72C2B55051A9E1601A9106F054654E6F
SHA-512:	8F6D181CBCBF64A4BC949C4BC5F227D66FF78908D79D848977AAE5CD8DD5BC261811AE30EF4BAAA8008C0B749D097A88CCDB0F16D1817A6FFAA333B417D8FB26
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................P...VLV..........I.T?...,.>z.Y.P.*.!.b..3....q.R...V.2...].._....8.........4i...f..4YJu.....D.OQp...~...].\j.Q.o.U:.....(L.{.?....#yG..DRs..R................................................................................................................................PE..L...>.=R..........#.......v..,Q.......g.......v...@.................................$h...............................i..O....F........................................................................................v.l............................text.....t.......t................. ..`.conceal.-....u.......t............. ..`.interpr,f...0v..h....v............. ..`.rdata........v.......v.............@..@.data.....d..p...60..P..............@....tls....a...........................@....version............................@..@.rodata.............................@..@.rsrc...............................@..@........................................................

C:\Users\user\AppData\Local\Plutonium\info.json Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	67
Entropy (8bit):	4.6854400342783995
Encrypted:	false
SSDEEP:	3:YXrOJEdEXNPs+VewLGNAdkA4:Y6JEdEXNPs+s5Ck7
MD5:	EDD257435B63751F645926ED4AF3E10A
SHA1:	852A1E9A283C7C4931E245A2249A67D723926FE5
SHA-256:	189F71D6256EC6E559A56EF089261EE6C5CD3EA814C571D48AE41D5FDDE68B59
SHA-512:	462C4B1BDF81563938FB4B1140735752A3AD0619C331C8B364E63CB5CA2C99A7A3E2E1C304793CF9020D2BCEE7AE18D29705CD5677387199A45B01FC8783F235
Malicious:	false
Reputation:	low
Preview:	{"revision":1201,"launchTarget":"bin/plutonium-launcher-win32.exe"}

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\app.d7ccb6f3.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7799
Entropy (8bit):	5.097731821412489
Encrypted:	false
SSDEEP:	192:Q6PmkwO9FZcQajgO1A5kE0cF7du5364f6dKE:n9FXOgO1IkE0cF7du5364f2
MD5:	4F8F709CADD97DCA0B3C12545BB84E52
SHA1:	765C6D0CB84DBE19206B8347111D01B58842D780
SHA-256:	4F0E672DDC61AC169CDCA088CD4829E55DB5BEB660C0B1E565FBC323C4F78948
SHA-512:	0D2DC4521820D8FC2E63FB476902129C8E885CA249CB65541F05F081D9E0E370ACF427554D352ABA0E63CF12F7ED21F66E713D77C35DA6880A6336EFE19B2003
Malicious:	false
Reputation:	low
Preview:	button[data-v-07e4408d]:focus,input[data-v-07e4408d]:focus,select[data-v-07e4408d]:focus,textarea[data-v-07e4408d]:focus{outline:none}.w-notify-notification[data-v-07e4408d]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-07e4408d]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-07e4408d]{font-size:20px!important}.float-left[data-v-07e4408d]{float:left}.float-right[data-v-07e4408d]{float:right}.cursor-pointer[data-v-07e4408d]{cursor:pointer}.clickable[data-v-07e4408d]{position:relative}.clickable[data-v-07e4408d]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-07e4408d]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\auth.cb7ccf50.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2074
Entropy (8bit):	5.123351851178537
Encrypted:	false
SSDEEP:	24:pz8FH4yif6eyHjeFS7IKGETVt+gTrKn0hPv8t03Zv2KEH7LpuP576/jwA3:x8FTMFS7/VdTrKg8t03F2zH7Lpg0jwA3
MD5:	F7BF023ACE6CFD239BF049A1756BEF74
SHA1:	8113A64853E44B1171084DC3C39FC529518F0CEE
SHA-256:	17C62C364F1ED305DAA362FE750574C0949D07F51ABAB8E61C2C558BAF7D8DA0
SHA-512:	65CF8E66DCEBD14CEC6BC9FD2A073E8D588ABB021E6E4FB0DDBB91481116FD981884100E165A0ED7209DDBB8FF0B10E2378C52B8DA4C4F4DBB780628001745AE
Malicious:	false
Reputation:	low
Preview:	button[data-v-435c5af2]:focus,input[data-v-435c5af2]:focus,select[data-v-435c5af2]:focus,textarea[data-v-435c5af2]:focus{outline:none}.w-notify-notification[data-v-435c5af2]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-435c5af2]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-435c5af2]{font-size:20px!important}.float-left[data-v-435c5af2]{float:left}.float-right[data-v-435c5af2]{float:right}.cursor-pointer[data-v-435c5af2]{cursor:pointer}.clickable[data-v-435c5af2]{position:relative}.clickable[data-v-435c5af2]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-435c5af2]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\chunk-210b440f.0592ad01.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7196
Entropy (8bit):	5.139631214982892
Encrypted:	false
SSDEEP:	96:PK4WyZr2QyffUoU8Gg+XVSNp4ljTRCiPGPvhqnHYOVWcZnfuvsISXA9NrcJF/j3R:iCKHwk8YHg2vs2NeBsMY6
MD5:	78724F36A27B9EC74340268574A3B15E
SHA1:	749E4EF8B80EC836D7A3F9FF10B4465D409EBFC0
SHA-256:	6334F7921195E48C451CB3E3D98D28C5E246B34859311CAF57878FD65C016F05
SHA-512:	91F76D7D3336484986066BB502868BBC143FFC7D7AD4D0632AD32165B44FBF561552CD156EC1C39A530405126BE84927CE23EDDC65C9FAA00AFFD7FD6001E82B
Malicious:	false
Preview:	button[data-v-1e294d7b]:focus,input[data-v-1e294d7b]:focus,select[data-v-1e294d7b]:focus,textarea[data-v-1e294d7b]:focus{outline:none}.w-notify-notification[data-v-1e294d7b]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-1e294d7b]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-1e294d7b]{font-size:20px!important}.float-left[data-v-1e294d7b]{float:left}.float-right[data-v-1e294d7b]{float:right}.cursor-pointer[data-v-1e294d7b]{cursor:pointer}.clickable[data-v-1e294d7b]{position:relative}.clickable[data-v-1e294d7b]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-1e294d7b]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\chunk-251ed409.d753727b.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	4.989115169179872
Encrypted:	false
SSDEEP:	24:pVuAam1zEu3f6eyHjLabHdTVyPPmKlK+QPsVO2+:3uAam1zheaxVpKlK/Ko
MD5:	BE15009306760764553FF239EAD845FA
SHA1:	D20C60220565A568B9743399259A595F593B23C2
SHA-256:	7AC7F7033A751B186B7FEA0E696EECFC63F60DFB5049BC9D637FF2E08FA16ADF
SHA-512:	D68A0FF26384C8A5F0E36DA35AAC552D5B87D1C77248820110DE831618356C3FA7157938FCB5C9777CEEAA8C6BDD6DDF7F9319C9B8CF5244C8B5C691EC28071F
Malicious:	false
Preview:	button[data-v-d7ea7796]:focus,input[data-v-d7ea7796]:focus,select[data-v-d7ea7796]:focus,textarea[data-v-d7ea7796]:focus{outline:none}.w-notify-notification[data-v-d7ea7796]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-d7ea7796]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-d7ea7796]{font-size:20px!important}.float-left[data-v-d7ea7796]{float:left}.float-right[data-v-d7ea7796]{float:right}.cursor-pointer[data-v-d7ea7796]{cursor:pointer}.clickable[data-v-d7ea7796]{position:relative}.clickable[data-v-d7ea7796]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-d7ea7796]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\chunk-5e022f81.f5c4c1d9.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1469
Entropy (8bit):	5.0541965108492946
Encrypted:	false
SSDEEP:	24:pe7UCEJf6eyHjd2RKIVNTVIbOVE+OSnR57R5q5W4:Y7UNK2dVqwmSR5d5q5F
MD5:	446E953478ADA9C71B2C6D7A2EF7FE01
SHA1:	E680E9DEFCD26731C1AB53FDF023723E31F6B058
SHA-256:	0076B5286E0CBA9859CEA0BB5A387EC39640FD21E0269C62BCEAD63CF69F283C
SHA-512:	1829CE609EF85EE98B981AD3BF74AEEEBBE4EDCBC74124A9D74C0F7F65EEC83D850C82C71B75BB57C4F2C4435B32AE8D1908B3AE15E971B3B302CD8C6BB586FD
Malicious:	false
Preview:	button[data-v-90c857f4]:focus,input[data-v-90c857f4]:focus,select[data-v-90c857f4]:focus,textarea[data-v-90c857f4]:focus{outline:none}.w-notify-notification[data-v-90c857f4]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-90c857f4]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-90c857f4]{font-size:20px!important}.float-left[data-v-90c857f4]{float:left}.float-right[data-v-90c857f4]{float:right}.cursor-pointer[data-v-90c857f4]{cursor:pointer}.clickable[data-v-90c857f4]{position:relative}.clickable[data-v-90c857f4]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-90c857f4]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\chunk-7e3047ee.0edc7151.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1729
Entropy (8bit):	5.06373555886348
Encrypted:	false
SSDEEP:	24:pGns+8xf6eyHjlKdDrTVK7Sjpn18oqJx+g4HKsV:knsF6KBVK2jf6v74qY
MD5:	32548ED382543FE2EA52FDA07C024C48
SHA1:	0D2E5BADD11DE0BB6DB41F54B00DC7D750F66362
SHA-256:	761152BBFE5EFC9B7DBC64BA978A52099A5F4839A0BDF622E8C6CED827FE1D70
SHA-512:	69BFE04F58D2D791B37468814FF37C247B64285F1D439EE948BBED53B4B034BB3BF12A1D387C73B2F1E6BE95F68EDFDCE108AF1F1EB6EA02734E9877E1EA1300
Malicious:	false
Preview:	button[data-v-60f2977c]:focus,input[data-v-60f2977c]:focus,select[data-v-60f2977c]:focus,textarea[data-v-60f2977c]:focus{outline:none}.w-notify-notification[data-v-60f2977c]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-60f2977c]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-60f2977c]{font-size:20px!important}.float-left[data-v-60f2977c]{float:left}.float-right[data-v-60f2977c]{float:right}.cursor-pointer[data-v-60f2977c]{cursor:pointer}.clickable[data-v-60f2977c]{position:relative}.clickable[data-v-60f2977c]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-60f2977c]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\css\games.75cece02.css Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3625
Entropy (8bit):	5.096421086015863
Encrypted:	false
SSDEEP:	48:x4BTIsfVmpUJd4/Y09dXGcuFaD1aogtO7/VA36QlpV:x4BTHz4/XXGz4hj0O7czV
MD5:	5AE22A6D83C3EC11D0C718655AA5E9C9
SHA1:	7D7CBFE2F5E7C7BCC453B74C54CE3025F9A8285B
SHA-256:	77E2CD59D2E461D5ECBBF16F77E8BC7618E1525CDB88262985E6CF996DA3E3D6
SHA-512:	E5C20274D3FEC27D4CA4B6836E47F63BE5F49F4D862AC008D3AA0B797A03F9E36E4FA9382152BD843A72BFD2E1534C388FDD2891AB1642C37C4BA0D7AA908461
Malicious:	false
Preview:	button[data-v-71df7305]:focus,input[data-v-71df7305]:focus,select[data-v-71df7305]:focus,textarea[data-v-71df7305]:focus{outline:none}.w-notify-notification[data-v-71df7305]{position:absolute;left:50%;transofrm:translateX(-50%)}pre[data-v-71df7305]{overflow-x:auto;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.vue-notification[data-v-71df7305]{font-size:20px!important}.float-left[data-v-71df7305]{float:left}.float-right[data-v-71df7305]{float:right}.cursor-pointer[data-v-71df7305]{cursor:pointer}.clickable[data-v-71df7305]{position:relative}.clickable[data-v-71df7305]:hover{cursor:pointer;color:#fff;-webkit-transition:all .25s ease-in-out;transition:all .25s ease-in-out}.clickable:hover:not(.no-backdrop-highlight).clickable[data-v-71df7305]:hover:after{top:0;bottom:0;left:0;right:0;content:"";position:absolute;background-color:hsla(0,0%,100%,.15);z-index:1000;-webkit-transition:all .25s ease-in-out;transition:all .25s

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\avatar-default.849d500f.jpg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	[TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 900x900, frames 3
Category:	dropped
Size (bytes):	54386
Entropy (8bit):	7.560034042254062
Encrypted:	false
SSDEEP:	768:dUKhMB/ocbrcwIfFHzaCBYRgBl4WvT2k2mSIngXDpLyjZ9RUyz0ymKPXGALltbi6:2KWBFvOfCgVM0OKp6clte53c9
MD5:	849D500F76D7850D3A46058E457ED5A5
SHA1:	526981E69FBB5D7D2B33F260DA331E5A1177026C
SHA-256:	2D58E23B8786F1DE66FAC55FDF5913C95664FED4ABC77C2500609CC15CCDFEFE
SHA-512:	50546F50D2BA991F2F4295184FCB554E00E743DA79D883DB556C1CF38CB465133ABC17FD3B9DE589619B7C6399679C0FE6805366B124F5626E94FA1CBF66C5D1
Malicious:	false
Preview:	......JFIF.............Exif..II.......1...............Google...................................................................................................................................................".........................................Q...........................!1AQ.aq."2R...#Bbr.....35Cst.$46STc....%D..d.....U.E.................................N........................!..1AQaq..."2Rbr....B....#5S.....34s...6CT...$%c..............?.. ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\iw5.fa555ecb.jpg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, frames 3
Category:	dropped
Size (bytes):	1042959
Entropy (8bit):	7.9786550691952325
Encrypted:	false
SSDEEP:	24576:hdAnpALW8lC2xRysteA9bSxmUplV+nbSP6F5K+XXsaaABHkAGfI:vAneLblC2xRZ92xmUvVe+6F5DsXAFiI
MD5:	FA555ECB0C62C09F285090AD08223A83
SHA1:	19BA1029B3BDEE732415EF215334CE62EACD408B
SHA-256:	C32BD3E80B924347DD6EC4AE9E46DE97ED775CB557FA75AB665B3599EC9B2A00
SHA-512:	DD5B4D0224D6D566C00710A81599BD6A5205B500E308401732C76CC38A1DEA768A9EA88CD6A3FA944205BCF22D7FAEC19E821FCC2B9E86D2C47FCA792E8C975B
Malicious:	false
Preview:	......Exif..II*.................Ducky.......P.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:1081DE6EC441EA11A3059203EDE59877" xmpMM:DocumentID="xmp.did:6D0D8BD044FD11EABEF1E7607BC55090" xmpMM:InstanceID="xmp.iid:6D0D8BCF44FD11EABEF1E7607BC55090" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1081DE6EC441EA11A3059203EDE59877" stRef:documentID="xmp.did:1081DE6EC441EA11A3059203EDE59877"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\iw5_icon.804ee006.png Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PNG image data, 700 x 700, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6015
Entropy (8bit):	7.147291501689699
Encrypted:	false
SSDEEP:	96:Q7xSm2FJ1ewIIaWVWfQtNVP3bktB9TUVFOXnfy4G+ayJTbfL5wKBP:QVyfRIIaWvLotB9sOXf1G+ayJbfLGKBP
MD5:	804EE0068586C992BA3B54BF66995971
SHA1:	C82C588824EB3EAC8F4BC53AF88E9C54AFCDD9CF
SHA-256:	0CA5C369B0F87CDC1CCAD8F5E6A4EBCDCD79FC2D5B99236FAD2CC8198D5FC6DA
SHA-512:	B521BC7B5D940A7A876B78DE7C6D3222B7E98512D2B3CCA8CE9DC557E25A51C1F53D9CDA5396AC2583A73F96843B531C77A896B2172F444D5182117A0EC186AA
Malicious:	false
Preview:	.PNG........IHDR...............lC...FIDATx.......Q.....V.'.Z.......kE.F........./...........................................................................................................................................................................................................................................................................................................k.K..v.}...~\._.Ha......X.^.n......y.;.....l...g.5h..{g..o.mo:'...'....z.,.'l#x......m.d.jK........6..%....M........v.w......9ZO.=...Y.........}./..C.x.....{%xw.X.4.5`..w'...2.0.k....o...3......6..{$x........o.........^.. .Hg...^.Yc..{..K..s.&.}.....*z1k.I.'.....i.4...c..IlF.0.ks.a=+.{.{"...l..'.........8.{2..U.]~3..b..[.....,`.1..$......2{....8....9P...A.t..oC.1.3.0/...#x..a1+..+f.^......,d.`&.........Vfe....%x;.y1......DK..#.... ..:...gL.vf#...o.Y...;.......U.^X...(3..Lk.....F/f...E..w ..........GK.3.'.m.5,x!.8....q6.;.....)Z1[m..........p..k..)x'..0r.s..X.......#..=.3......

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\iw5_logo.9bd3a45d.png Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PNG image data, 750 x 160, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	19271
Entropy (8bit):	7.914305724616407
Encrypted:	false
SSDEEP:	384:OxJzPv+x06k0jjT4/nMB3RTi6OFeC0rEBUqOeimW2QEMxNx8/9RyTYd8JpCvdTUt:q5WnvTAnMLT0FgQ4f2Pme9hzhDfE/
MD5:	9BD3A45DBBC3F8D6452E720E38D886B5
SHA1:	2D8ABB22B9D7C11DE016B3D9058C008A3A09CB4F
SHA-256:	02DCBC4C9B2216ADAE1A1A4ED36E87EA99816FC0B4A5E26EAE3E40C661767B0A
SHA-512:	2C5B2AB70BD76423B2BEC8596D162BB143A4FD167CF05A59E424916A74FB38768EACBF0A753867026EB79A64D13795800AAE2D539B9652E70017B3E5855D6694
Malicious:	false
Preview:	.PNG........IHDR.............S..... .IDATx....:r..}..-y..+.Cw...h.fuK..l.d..}6...P.......d.o.\..$1...@..K.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.\|$.l.$I.$I.$).....a.J...x....E.9J=..........l./.;./../FW.....\......[.........u..o..o..T................Owi..5.)..........d..>5.)..T.N.gm...Y....G...^L......kg...5U.k.Lt.R............1...4.o.}..i.c.Z..KE..........i.....)}..K...=......}....e............u:.oW../.rT.y..s....?V[[?..E.]?....J....].7......v.{......+..[E.4.9.T9.......5.uf..b..e.cg...@."...VKt..<4...'(.~hy..~..w..h.+2v.e.....N...b.R?.....B..m.......s.G.=..,W ..%e..F.{.~...P.&):9.j.5/:.J_.i.)v..n$'...Z.=..ck..k.si;.N...K..T...C...1.c.T.xM=>9.4. \Z......P..r&......(..e.......\|.":Wq.,..Q./........q G....T.=4....br.c]...9K..KQ9..Jrqr.mBc.:{.g.ck\|..g.OR.!=O...+f.J.oK.

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\login_bg.62db7e11.png Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2937906
Entropy (8bit):	7.97183431721523
Encrypted:	false
SSDEEP:	49152:bR8GWiwuO501QeHxhN4UhhjYRpadY3TKlxuo3uv+eLchvxuIxihC7KyoevHvB:bR8GbwLdeHx8rRpatxBuWeLwYIxoC2yB
MD5:	62DB7E114BBCDB7EDDB6AAC2BCE0EC51
SHA1:	6BBC9F11B7BF412A12BB37B3A848E64682EFE7A9
SHA-256:	332084113A9A741D32C138CE2A2B463F4AB90B8CB9F877E7165E6EC4BE41C31B
SHA-512:	EC6B3F533257521B99ED8A7D33277626A9AF8A27B0DC940B98398FA6BB7FBCA21D569B9CE860B8CC2DB5E5059C3722CC1239BD706BE275B0B40D0F86DF4486B4
Malicious:	false
Preview:	.PNG........IHDR.......8........C.. .IDATx...ww.I..i.Pk.ZkIU.=o..t....]E.B..@....(@.9.w.,.3.z;..9......"..5o...o6...S..:::.yzj..5::....~J7:..<5~.2].L..<.kF].F.....y..6%g]f.....Y.[.i/2.....a.....2........:...'.2W.nSW.M.g......iD.u.s.3t[...f].#.k...F./.:....E....[....6\...uutt......:D..^....e.~x.).....wK}..>-.m..6~.ev.f...]...........e......x....O....e...a.O/..._.*?.]...[j.D..O...G.[..v.-}...V..0..C+.....{[.A.......z~....U}W...G.f.t..._.6.m.9..;i...y...~`?.6..[...-.=......i.n?........xW2.i.....Sf.7..m.._..0;..i....(...<g?~\|..\|..9.......]3...n..s.:.{.s..9........G.i.....7.4.............i....wc..p.}....'..{.z..<y.x..............E.\.r.N>{.KW...??I..y........<_...w/^.l_?}.........]............RN..?._.j.....\.j_..Svx.........>.e...._...Z.p..{..L.\.r..f.......=P.E...e9./^P...^.t.N..M+.2T}D.\8.}d..z..)..........z(...k.n.'zn..=.Cz.r....w.L_.u.....~..M......x........}x.^}G.......m..S...o..w....[...[.\..co.....o.{...]....ow

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\t6mp.bf54e437.jpg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	[TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, frames 3
Category:	dropped
Size (bytes):	788025
Entropy (8bit):	7.976701349442619
Encrypted:	false
SSDEEP:	12288:vxcJnJtkVUV2iSCJWuX+bF53hrwwnANQrJpwPUmRUBR8Zu16SyDuQVWMCe33Pcx:6X43CJWAq53hrwwAN4cPUmQtQgMCeno
MD5:	BF54E4370841E6353563854140089E1A
SHA1:	D35324C1002583DA8094AD925000E24A0D009627
SHA-256:	6B2C4BC56B46094EF04D26BD50B650EEDFF522832CE249122C1525D11041CE47
SHA-512:	F066D30F2B395CA571E411935DA5556DB43650AF4CC7F9B2291F576DC2759693CD956645481E793F677BA8E75F96D3CCC12893BD542EFC6D122B896581984828
Malicious:	false
Preview:	......Exif..MM.*..............Ducky.......P.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:1081DE6EC441EA11A3059203EDE59877" xmpMM:DocumentID="xmp.did:C286BCF0450111EA941EAC2A44D3F946" xmpMM:InstanceID="xmp.iid:C286BCEF450111EA941EAC2A44D3F946" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1081DE6EC441EA11A3059203EDE59877" stRef:documentID="xmp.did:1081DE6EC441EA11A3059203EDE59877"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...............................................................

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\t6mp_logo.e4fc734b.png Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PNG image data, 750 x 160, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	21689
Entropy (8bit):	7.930885400454301
Encrypted:	false
SSDEEP:	384:Ng76uxynXztVHNQLT8HforQtBVQBumn2DJ4R+NcVtcD98A1FAX0QFH:W3oMw/NtOUNxDOCU0QFH
MD5:	E4FC734B7E536D945D9FAFAEA2EA8E52
SHA1:	F01FAFBC4A7C1BE70B1FF223283619BCEDD5F5E3
SHA-256:	D0110F7ED646E25425CE227DDEC2EEF6B9FA42094E2CA0C32941ECF1774BE6A3
SHA-512:	AD4334EA1E4278F7C14E271193374AE88E7E69ECF93BA5DDDEA60D3D769F185E0007281D6C0096ECF5BF41BAE1CC969DBF8D653C416114757E85E3A1A79C1E9A
Malicious:	false
Preview:	.PNG........IHDR.............S..... .IDATx..Y..8r.Q.}a.%.g.MH.....]...F..nl..".J=..\|.....I..b..8u.$.$..D..[Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.E.H.%.(..(.........r....\..~...............?K.....?. .....p.x._.._.....~)..(..(...N{t......;...9...L.......?.2....w..De..s.QVQ(..g.vm.....2.1..G............_.._.....O....w..y.._..C..?..?.i..lIn.n..5.4..W..WOkGFd....}k.U.z.i.wM..y......?Au.............2...B.S.H..q....=F@..iI..G..u./...z.i.S..U..E...W_............s........k.E.}8...&B.FL...i4..........D.I....3..OM.=. ..2FQ.T.b.....\|.Q.....#..0>.^N2..[...s@i.NT.Y..;.......lg;....:5*.3...4...rV.}..ftH;F:>s.s.b..h_....#.y.2.<.....8..q.>rf\.gp.?....j..Q........w..8K.: .r.@.......\|...=......./.....s...;..96G......I_...u.5M'...g.....-..LC.c..(..8X..n...uo.....M:q......-....:..X..+..+\|.........M...%~T..6...;.q`H.m.[..X..c..G}....7[.>C..y."..^R.>,;F..`G..My...z..........:.ZVj..;O..x^.qd_..4p.iu.....3@m......1.....}.....

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\t6zm.6ff8e1f7.jpg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	JPEG image data, baseline, precision 8, 1920x1080, frames 3
Category:	dropped
Size (bytes):	1905861
Entropy (8bit):	7.971594827959733
Encrypted:	false
SSDEEP:	49152:EADsf8TidSTT7z2lR/tzl2eI5yVamZX7Rt3Al23L:PDseidSTXClptzNIcFZLRt3v3L
MD5:	6FF8E1F7C0889C0EF56394CCB8CF67E3
SHA1:	837A215BFFAA80C2CDC3030F831351F5481F5571
SHA-256:	1DFA4CF69CA4ABF6BF20AB47768F9F80B7467F35BF2A18C7157F708E4AA97C56
SHA-512:	CDD03123B679C03C3A7F5F86EA3358E27BF05BEFF85EAD59DE726E2E8EEAF5776E3594540264966C59F8B50D2821C2F0ADAF15198F6226F5A8E4F7D3576F3375
Malicious:	false
Preview:	..................................................................................................................................................Adobe.d...........8........................................................................................%.......!...1."A.24t.#Qa..5Bq....$E....%3CR.....b...&STrs...6Ddu....'c....Ue7F...GVfv...(g..........................!...1AQ.."a.23q......#4Brs.....5R..$DEb...S.%Cc....&6.Tdt...F.....'.U.u..............?..iUUUVTIQU4..)R.4....cH.....0.(...,...m.6....<...?.!..UR.c.V...* ........7:RM.gL..."....g.J.Zz..f. .x..."..6j./.=t...Aq.....xz....F..){&.M%Z...j:f.l.&.......@)Z.f.56...4.....k..I.]WJ...g.0..e.}....o%........$..x1m.lD..j...)Z.d..m..f>Q...A.{()XL.OkL ......Jh.^gz:f.h.<p..I=B.....g..)...R.t..V..h.Xp..\|`r...T.8..&.d..I...J.iT...P..PI&.S........4.g.L...W..s.\|.'b....>.Bi.fRI1d..~..$.,ejw(w8.[J.XHI.........U}@+.C.W.RSj.SK.U.0.i$iQ...K.....@T`=.lM.1..q.).iBL.-;G............p..B...X)qWl..AH....;JE:Y.cvZIj..B...&...t.C...arK{

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\t6zm_icon.992fa331.png Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PNG image data, 700 x 700, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	401306
Entropy (8bit):	7.9906374001128935
Encrypted:	true
SSDEEP:	12288:L/4J/stxIGMOTqCqL+jkMEHGXhvGKr7SxX:L/4J/YxfqBL+jkUS9
MD5:	992FA331F512B4CB45B83E0720A9A5C5
SHA1:	F268CB202F232C856B60A264842C229D384F39EC
SHA-256:	B9AA73969C863508DDBF6E67387FEDD82A2D4B696AAB30FE983EAF1A14EFB495
SHA-512:	2938BF9E370FAF6F55F8DFF929E1865485EC6FE5C3D91D8A787AE969F693E4D7078CBF97136486FD3E668595DD7B1A00BE3BEEC8B8D2A0EF39EFC463BADC577B
Malicious:	true
Preview:	.PNG........IHDR...............lC.. .IDATx..IodY..xl6.q.g..N........T.. .6.j#.......M7...n.U....P.%TUFTdT...Iw.N.<.M..q..g..y(3<........}..w...=...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......o....3...D<...K...,...5......s...p;...Q...I..(..n,...B<.C}&Sr..........)+3.].........IT_].8..h..T.].P....{..m.TT.%..v$...n%.Cw2Y..>....4.0.9.....Y.(../...s....%.....\?..xUV..`.......P...t..X....pyy.x$._>...\|.3KK....;.WU]o.bvv..:.. ..!....;

C:\Users\user\AppData\Local\Plutonium\launcher\assets\img\t6zm_logo.6935c7f4.png Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	PNG image data, 750 x 160, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	66336
Entropy (8bit):	7.989051371122532
Encrypted:	false
SSDEEP:	1536:irVf5svEzeYdCX5FWIpQeYL+5nEgbu+hSUeVZUGiAg+Dl:2f2fEeYK5Egi+hSUeHUBAg4l
MD5:	6935C7F41AC75F5A14882B4A48BF7143
SHA1:	351167B80C09E47FED636E10EDD78D40BAA66234
SHA-256:	D2C12E0109DD649904B27A07056B5D76C623748493E040201A94268925A615B5
SHA-512:	D5EEF237134928410AA56524E711B75D2C70E3A6D996395311A67515796C2C6496D6D256B2195C2D3DC54EE8469D5F2BC57E1B947AD167DDE47CE15DB5173FE5
Malicious:	false
Preview:	.PNG........IHDR.............S..... .IDATx..w..U.?~..l.M.tH#.....RB.^.E.i. "..D. v@. ..H..U.!.{...$...ef..y.9.g.... ~...y.y...}.{...`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`..`....%....(..(%.k..?D4......j0.z"j#.u.}8...h<..E.ur.DT!.q.l9O....?..Z..Y... .......D4..........y..Z"......yyo.......}.<3.c..U.s.DD..{W...,+.h..U.o.K...A.<..O.k..c...3...xf.Q.<#.s.U.}cs.....".X.r.<W.Y..<..~>..].Z..\|wr..3..^.e\..........y.....:V...w0.5.%sf..2....9bW"......\.....l...:.z...go".I.).....P!....h..V..]...S:..\|^&...L........{.o..o.M^.A.....m#._.....,..].\....a2....g...._../.=kv%..9......6#....N.o{.?c/.g=...!..<Z.?..d......>D.....y..+...e.......]..QD.xd.9..h.B..'.I.1>y...W-.._f.0.)s..7<f.........o........58oa....k..s.Z.Q.[F^NhH6..Q.m.yn..X..*y..s..u..a..o...0..dd..u..<....y.{...F.f.+..Aal.G\...{..C.N.P'.Y....D...}......{9.'.xh...).{OG....e...z......KV..y....c..Tk+9...<...y...}.!.w..T

C:\Users\user\AppData\Local\Plutonium\launcher\assets\index.html Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	927
Entropy (8bit):	5.089832667293787
Encrypted:	false
SSDEEP:	24:0E01kOqKM1BVTJWWC74ZH0no0VOGVFvc/wsN:0EGHaIWC700noj4c/wS
MD5:	9A42B7C117C4B2CC1364401A7148DA5E
SHA1:	8EE75BA04F097DC4BEC5E8180F503406045E3D67
SHA-256:	1499BB2E4BE76E9040B209F9C3CB0792E689587B347F26B15D909E049C8431F5
SHA-512:	AE6AE00051B3F44EB66DA8ACB79316431C1CE292312B12BA9F5D5262C433E69FAE01ED41E66ADB69918D9E6916D28D6B85C5A07FCBEFB715426716E2538E0766
Malicious:	false
Preview:	<!doctype html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="stylesheet" href="https://use.typekit.net/qyo5vvn.css"><script src="https://kit.fontawesome.com/0787521d16.js" crossorigin="anonymous"></script><script src="nix-bridge.js"></script><title>pluto-launcher</title><link href="css/app.d7ccb6f3.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but there was an issue loading the UI element of Plutonium Launcher. Please report this to a dev. (noscript)</strong></noscript><div id="app"></div><script src="js/chunk-vendors.8b8e01c1.js"></script><script src="js/app.11d02ada.js"></script></body><style>html {.. background-color: black;.. }.... html,.. body {.. margin: 0;.. padding: 0;.. font-family: eurostile, sans-serif;.. color: #cfcfcf;.. }</style></html>

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\app.11d02ada.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	25690
Entropy (8bit):	5.633015789403695
Encrypted:	false
SSDEEP:	384:H7HkrmCtMAO3fPHQUPqpMtV63XlPebG+CQ:TkrmCtU3nwBM63YTD
MD5:	90E28BEC89FF54C5E7F57FC141E1F963
SHA1:	6CDBAC2D5DE0237F664274132520D8B31BA4CC5F
SHA-256:	80F3EE19A4EBA470EB3296088C93C27E39B6C10C7F6C45AD32E50E68DC0ADBD2
SHA-512:	2DFBCFAF08C25EF757FC08605B42E8BF3362BF29DC67A769A9B3A8398014179FA63A66A0E53A83D912218DCA926C5D7A36DD37049F1487A7A331636EB20BC095
Malicious:	false
Preview:	(function(e){function A(A){for(var n,a,i=A[0],s=A[1],u=A[2],c=0,g=[];c<i.length;c++)a=i[c],Object.prototype.hasOwnProperty.call(r,a)&&r[a]&&g.push(r[a][0]),r[a]=0;for(n in s)Object.prototype.hasOwnProperty.call(s,n)&&(e[n]=s[n]);l&&l(A);while(g.length)g.shift()();return o.push.apply(o,u\|\|[]),t()}function t(){for(var e,A=0;A<o.length;A++){for(var t=o[A],n=!0,a=1;a<t.length;a++){var i=t[a];0!==r[i]&&(n=!1)}n&&(o.splice(A--,1),e=s(s.s=t[0]))}return e}var n={},a={app:0},r={app:0},o=[];function i(e){return s.p+"js/"+({auth:"auth",games:"games"}[e]\|\|e)+"."+{auth:"326715a4","chunk-210b440f":"09565014","chunk-251ed409":"98c0208a","chunk-5e022f81":"68a7c1b3","chunk-7e3047ee":"14ced82c",games:"424c0e07"}[e]+".js"}function s(A){if(n[A])return n[A].exports;var t=n[A]={i:A,l:!1,exports:{}};return e[A].call(t.exports,t,t.exports,s),t.l=!0,t.exports}s.e=function(e){var A=[],t={auth:1,"chunk-210b440f":1,"chunk-251ed409":1,"chunk-5e022f81":1,"chunk-7e3047ee":1,games:1};a[e]?A.push(a[e]):0!==a[e]&&t[e]&

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\app.11d02ada.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	80628
Entropy (8bit):	5.555513604680166
Encrypted:	false
SSDEEP:	1536:YMSEPMXU5Ig7aWmXlY6SxCvSw58Jr66gbTmCaFoLbP/wYDrsdUC/jM7mLvg:YM0b7DrsdUC/jw
MD5:	8332E2F2AD8D6C8176B650F6EBF7DC84
SHA1:	712885AA6B2D96B8E0EA636BE7E79B94A42BB87F
SHA-256:	555254AB03F26EF9F6F8A8E2E2822E6A6E568217646724A687C7CDEB66D0262F
SHA-512:	A78BAC3383735F18D35933FF3BCD5B96AAF9C7182D57DFD241AB3250A297C991DE192292499384231F22F1E0D6E3AEF26649AAB56057775CCA98F607646AF01A
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///webpack/bootstrap","webpack:///./src/components/w-input/index.vue?9862","webpack:///./src/assets/t6mp_icon.png","webpack:///./src/assets/iw5_icon.png","webpack:///./src/App.vue?329b","webpack:///./src/Debug.vue?cb1c","webpack:///./src/router/index.js","webpack:///./src/utils/notify.js","webpack:///./src/store/modules/authentication.js","webpack:///./src/store/modules/ui.js","webpack:///./src/store/modules/games.js","webpack:///./src/store/index.js","webpack:///src/Debug.vue","webpack:///./src/Debug.vue?c54a","webpack:///./src/Debug.vue?b2be","webpack:///./src/peek/index.vue?57a5","webpack:///src/peek/index.vue","webpack:///./src/peek/index.vue?6aea","webpack:///./src/peek/index.vue?dda5","webpack:///./src/loadingModal.vue?3803","webpack:///src/loadingModal.vue","webpack:///./src/loadingModal.vue?6ffa","webpack:///./src/loadingModal.vue?9a04","webpack:///src/App.vue","webpack:///./src/App.vue?1160","webpack:///./src/App.vue","webpack:///./src/componen

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\auth.326715a4.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2275
Entropy (8bit):	5.1732851822150865
Encrypted:	false
SSDEEP:	48:lDsUMVij5GwSodRrsWb4VjjyI6t1AAMriZO9klQ60OYZcjCxc02MUUtV:SIGwSux4UteAj0jX2MB
MD5:	7F1A9F011DC5228BEB7F4B9D6C753FDA
SHA1:	B1BE956CB18CCC7AB3ED468504B09DE11AD06113
SHA-256:	059C12B39E153207906C7C698BDB7699BC95A364B6E18EC2B834DD9074418E14
SHA-512:	99DB8B3D9655A3F07A05BAA392BE55ADC3AF29A3226940659915755036CF3B0A6269CB86550CAC0E1141E011BE7EAFC4239365F7B41D02636CA49EA7CD3F1994
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["auth"],{"05f0":function(e,t,s){},4972:function(e,t,s){"use strict";var a=s("05f0"),i=s.n(a);i.a},"9ed6":function(e,t,s){"use strict";s.r(t);var a=function(){var e=this,t=e.$createElement,s=e._self._c\|\|t;return s("div",{staticClass:"main"},[s("div",{staticClass:"loginBox"},[s("div",{staticClass:"title"},[e._v(" Login ")]),s("div",{staticClass:"container"},[s("w-input",{attrs:{type:"email",name:"email",placeholder:"Username",disable:e.loading},model:{value:e.username,callback:function(t){e.username=t},expression:"username"}}),s("w-input",{attrs:{type:"password",name:"password",placeholder:"Password",disable:e.loading},on:{enter:e.signIn},model:{value:e.password,callback:function(t){e.password=t},expression:"password"}}),e._m(0),s("div",{staticClass:"actions"},[s("w-btn",{attrs:{label:"Sign in",disable:!e.canContinue},on:{click:e.signIn}})],1)],1)])])},i=[function(){var e=this,t=e.$createElement,s=e._self._c\|\|t;return s("div",{st

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\auth.326715a4.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9662
Entropy (8bit):	5.414641353300563
Encrypted:	false
SSDEEP:	192:f3fjSTxd8M1BMeGLb8KfOC6UAb86sZx+a/lGeg1MqohAONUj:fQD8MMhLbabNa/lGeg1ACONUj
MD5:	88966A08FB93E8B493A8C257E312726E
SHA1:	8F07E5B1C14DD88686D9B2B61BEAF9965EA6DE4B
SHA-256:	3C100042DCA46BCCBD5DAE52ABA6E9468B15BBA934BD51408BB66400C83A1E1C
SHA-512:	0ADECE94178B1D94ED654522C83E3CC42E76FE7EF35362ED437FFAC0288ACB26CAC9DB394884415005ECBCFEA2EB7E30858FAF47A372C84C4E3506CD97BDEC0E
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./src/views/login/index.vue?0039","webpack:///./src/views/login/index.vue?a9a8","webpack:///src/views/login/index.vue","webpack:///./src/views/login/index.vue?e0c5","webpack:///./src/views/login/index.vue?68eb"],"names":["render","_vm","this","_h","$createElement","_c","_self","staticClass","_v","attrs","loading","model","value","callback","$$v","username","expression","on","signIn","password","_m","canContinue","staticRenderFns","name","data","remember","computed","beforeCreate","$store","dispatch","mounted","$route","query","logout","$nextTick","tokenExists","console","error","methods","component"],"mappings":"+HAAA,yBAA4jB,EAAG,G,2CCA/jB,IAAIA,EAAS,WAAa,IAAIC,EAAIC,KAASC,EAAGF,EAAIG,eAAmBC,EAAGJ,EAAIK,MAAMD,IAAIF,EAAG,OAAOE,EAAG,MAAM,CAACE,YAAY,QAAQ,CAACF,EAAG,MAAM,CAACE,YAAY,YAAY,CAACF,EAAG,MAAM,CAACE,YAAY,SAAS,CAACN,EAAIO,GAAG,aAAaH,EAAG,MAAM,CAACE,YAAY,aAAa,CAACF,EAAG,UAAU,CAACI,MAAM,CAAC,KAAO,QAAQ,KAAO,QAAQ,YAAc,WAAW,QAAUR,EAAIS,SAASC,MAAM,CAA

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-210b440f.09565014.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	3145
Entropy (8bit):	5.223442302638844
Encrypted:	false
SSDEEP:	48:lDE/nOX+mylXkrbbbjozXb1pAdQsEokCPYoDXXQUulRXyRZAd5l8bjhee2AHTGT2:z/oCvozLjFCrDXAvRXCZcSnEe2AH1
MD5:	499243C1F3D84066BE2B57F4DD8CF452
SHA1:	D1EAF5860C995BF9113BF181BBF8C6C64E43150A
SHA-256:	D5544444191795BF081D8F739883026C00B3B7BE9843B2C2B60058CDDAC6167A
SHA-512:	2C020835BA7EED2EE44E7364E8FDA3ED2DC2316A023F4E633EAFAF940EA70A57748F5849949BE168DE16F8C2E79630F1EC9F7A620313C8FF7B389BE40E810C89
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["chunk-210b440f"],{"0520":function(t,e,n){},1092:function(t,e,n){"use strict";n.r(e);var a=function(){var t=this,e=t.$createElement,n=t._self._c\|\|e;return n("div",{class:t.backgroundClass,attrs:{id:"app"}},[n("app-bar"),n("div",{staticClass:"row one"},[n("sidebar"),n("div",{staticClass:"main"},[n("router-view")],1)],1)],1)},c=[],i=(n("caad"),n("2532"),function(){var t=this,e=t.$createElement,n=t._self._c\|\|e;return n("div",{attrs:{id:"sidebar"},on:{mouseenter:function(e){t.big=!0},mouseleave:function(e){t.big=!1}}},t._l(t.games,(function(e){return n("game-button",{key:e.title,attrs:{button:e,"full-button":t.big},nativeOn:{click:function(n){return t.selectOption(e)}}})})),1)}),s=[],u=function(){var t=this,e=t.$createElement,n=t._self._c\|\|e;return n("div",{ref:"button",staticClass:"button",class:{selected:t.selected}},[n("div",{staticClass:"row"},[n("div",[t.button.icon?n("img",{attrs:{src:t.button.icon,width:"35px"}}):t._e()]),t.

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-210b440f.09565014.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22128
Entropy (8bit):	5.422921040003815
Encrypted:	false
SSDEEP:	384:f5OhLP+u5L5x/amb2UbbzKbmzAQAvewp/wF8XaNbPKHDKdApCAibvbjf/r:WzvbHbbzKbmzAQNbPx
MD5:	4E5DF94605F7D93BF519B707F523A187
SHA1:	8C2A8C2FF8C42D87F01D5BB43CB0250FC86F9819
SHA-256:	C49BA1568F30B167B5F013D05C96E204855230E5A8BB0EC7835AFD4D60C44D98
SHA-512:	D0F47362B16E5195A96BAD27AD0081A824D1017245F9CF3717C7AEE7D066660D991F507F29FB9E93C8A36A347FF50EE1C89C5A63E9F33314FF3219A49671A58F
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./src/layouts/basic.vue?57c1","webpack:///./src/components/sidebar/index.vue?4864","webpack:///./src/components/sidebar/game-button.vue?6b5d","webpack:///src/components/sidebar/game-button.vue","webpack:///./src/components/sidebar/game-button.vue?42ce","webpack:///./src/components/sidebar/game-button.vue?3548","webpack:///src/components/sidebar/index.vue","webpack:///./src/components/sidebar/index.vue?b3c2","webpack:///./src/components/sidebar/index.vue?303b","webpack:///./src/components/appbar/index.vue?5d6f","webpack:///src/components/appbar/index.vue","webpack:///./src/components/appbar/index.vue?95e0","webpack:///./src/components/appbar/index.vue?393a","webpack:///src/layouts/basic.vue","webpack:///./src/layouts/basic.vue?4d5b","webpack:///./src/layouts/basic.vue?307b","webpack:///./src/components/appbar/index.vue?891a","webpack:///./src/components/sidebar/index.vue?5466","webpack:///./src/layouts/basic.vue?eb46","webpack:///./src/components/side

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-251ed409.98c0208a.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2361
Entropy (8bit):	5.171602415581207
Encrypted:	false
SSDEEP:	48:lDoP9HTMl46KLR920+uB9Od/l/boAf2D3RDGx7isARYt4AgBA5z1YKEjU8TbU0hU:+YOT2luB9O//bQV6is0tdhfLi
MD5:	485FA2D1FC033BE8E7C8006DCB2953B0
SHA1:	79BD1EA21A6F04CB5EE6739F70BF28859305331D
SHA-256:	D5291C38564242438B8F0CA62F420DAB1FE55FF7F4EBACD12510E1DE92E4CD72
SHA-512:	C273CAAB955FEE6B207FBDE9CB2E58674E716B4CD9BF0F831428BAD97B757EF1B1A33CF892239B48E1D03E1AEF2D3730D0A63BC94D3E940CCD7599259EEFE9EB
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["chunk-251ed409"],{1735:function(e,t,s){"use strict";var i=s("67d2"),n=s.n(i);n.a},"41b9":function(e,t,s){e.exports=s.p+"img/avatar-default.849d500f.jpg"},"67d2":function(e,t,s){},"8b5a":function(e,t,s){"use strict";s.r(t);var i=function(){var e=this,t=e.$createElement,i=e._self._c\|\|t;return i("div",[i("div",{staticClass:"titleBar"},[i("div",{staticClass:"float-left cursor-pointer",on:{click:e.logout}},[i("i",{staticClass:"fal fa-sign-out-alt"}),e._v(" Logout ")]),i("div",{staticClass:"float-right"},[i("div",{staticClass:"title"},[e._v(" "+e._s(e.user.username)+" ")]),i("img",{attrs:{src:e.user.profilePic\|\|s("41b9")}})])]),i("div",{staticClass:"content"},[i("div",{staticClass:"header"},[e._v(" Friends "),e.user.friends&&e.user.friends.length?i("span",[e._v(" - ["+e._s(e.user.friends.length)+"]")]):e._e(),i("div",{on:{click:e.reloadFriends}},[i("i",{staticClass:"fas fa-sync-alt float-right clickable"})])]),e.user.friends?[e.user

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-251ed409.98c0208a.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	10047
Entropy (8bit):	5.461564280029734
Encrypted:	false
SSDEEP:	192:ffkYDBeykkZj5MjBHbaclzrET8eQTTThUdFr3kimhhIm/ypj:ftleKedHbJRv2rxmhj/ypj
MD5:	056C705C52F9EC099D2C3FF1268C56D9
SHA1:	013A61AAE2FD30980A80FD8FC9B158512BF830C8
SHA-256:	74789ED93D67A443088FD3DD49575F24C8DF2054944EB14A14B2E7A4AAA1FF20
SHA-512:	F2B4A359CD80852C48D1A887B36E1C1DCAE60FCDFCED87F25B6F036D3B06EFD68C57F4E6F6636661C296DEF6B33B65C8BFDD39A8F6DAEB953D6D31942BB187D9
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./src/peek/profile/index.vue?3c4b","webpack:///./src/assets/avatar-default.jpg","webpack:///./src/peek/profile/index.vue?1261","webpack:///src/peek/profile/index.vue","webpack:///./src/peek/profile/index.vue?c693","webpack:///./src/peek/profile/index.vue?3201"],"names":["module","exports","render","_vm","this","_h","$createElement","_c","_self","staticClass","on","logout","_v","_s","user","username","attrs","profilePic","friends","length","_e","reloadFriends","_l","friend","key","uid","avatar","coreVersion","launcherUIVersion","staticRenderFns","computed","showPeek","$store","getters","launcherVersion","created","methods","checkClose","i","target","$el","closePeek","dispatch","component"],"mappings":"gHAAA,yBAA4jB,EAAG,G,uBCA/jBA,EAAOC,QAAU,IAA0B,mC,oECA3C,IAAIC,EAAS,WAAa,IAAIC,EAAIC,KAASC,EAAGF,EAAIG,eAAmBC,EAAGJ,EAAIK,MAAMD,IAAIF,EAAG,OAAOE,EAAG,MAAM,CAACA,EAAG,MAAM,CAACE,YAAY,YAAY,CAACF,EAAG,MAAM,CAACE,YAAY,4BAA4BC,GAAG,CAAC,MAAQP,EAAIQ,SAAS,CAACJ

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-5e022f81.68a7c1b3.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	693
Entropy (8bit):	5.3222145245966885
Encrypted:	false
SSDEEP:	12:lD+yms1QiUdqQg9IOoSS0SMncaOIRQS6emG5vgdhytbdcbp3DsPO:lDjp1iqlIOlSMnlOIdkLytJcbp3Ym
MD5:	32F71A87B8F9F3E527279532FE1C9E6D
SHA1:	8340B45117E0B16A552BCFABD25813F35830E792
SHA-256:	EFFE933E41CB700775D8F708170E47F758CBDB751F90F91BF0ED0C14BAFBC2F2
SHA-512:	3B4152117EF63345DC4849B60E774F54F13EA368CF6A67967C34954DC8D85E6EDCE870FDB487F1F2E2E7F944341EA9EAA165F59153D9D34D7CB86A09FF043FCA
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["chunk-5e022f81"],{"082b":function(n,t,a){"use strict";var s=a("f169"),c=a.n(s);c.a},8578:function(n,t,a){"use strict";a.r(t);var s=function(){var n=this,t=n.$createElement,a=n._self._c\|\|t;return a("div",{class:n.backgroundClass,attrs:{id:"app"}},[a("div",{staticClass:"main"},[a("router-view")],1)])},c=[],e=(a("caad"),a("2532"),{computed:{backgroundClass:function(){var n=this.$route.path;return n.includes("mw3")?"mw3":n.includes("bo2")?"bo2":"mw3"}}}),u=e,i=(a("082b"),a("2877")),r=Object(i["a"])(u,s,c,!1,null,"90c857f4",null);t["default"]=r.exports},f169:function(n,t,a){}}]);.//# sourceMappingURL=chunk-5e022f81.68a7c1b3.js.map

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-5e022f81.68a7c1b3.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4420
Entropy (8bit):	5.404737274031412
Encrypted:	false
SSDEEP:	96:f5s1xUfNEfDcLfN69Xfl7B9XfldbKHo0H91ZwJ21fXj:f5s1xUlUoTcLbKHzH9gJ2fXj
MD5:	D3B2A5ED3A0ECC7A8A07793D6A94E886
SHA1:	3481466C4117154E1D941AB33144124E7CFD2D0F
SHA-256:	A34602B9F2BB2CF4A0BA5B788508499577A6191BA9918810095DDFB6DEBF1BE0
SHA-512:	1886102CFE6D7FE932C7BF5BEE07E0CCD4173237F105C6F1A02F1874F1E42DB09DBBA96FC47052862D04A5912348233EBE8CDF063A4CB60CB83B8A21CDB6D7AB
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./src/layouts/blank.vue?f190","webpack:///./src/layouts/blank.vue?3164","webpack:///src/layouts/blank.vue","webpack:///./src/layouts/blank.vue?5ce3","webpack:///./src/layouts/blank.vue?5649"],"names":["render","_vm","this","_h","$createElement","_c","_self","class","backgroundClass","attrs","staticClass","staticRenderFns","computed","path","includes","component"],"mappings":"kHAAA,yBAAuiB,EAAG,G,yCCA1iB,IAAIA,EAAS,WAAa,IAAIC,EAAIC,KAASC,EAAGF,EAAIG,eAAmBC,EAAGJ,EAAIK,MAAMD,IAAIF,EAAG,OAAOE,EAAG,MAAM,CAACE,MAAMN,EAAIO,gBAAgBC,MAAM,CAAC,GAAK,QAAQ,CAACJ,EAAG,MAAM,CAACK,YAAY,QAAQ,CAACL,EAAG,gBAAgB,MACvMM,EAAkB,GCOtB,G,oBAAA,CACEC,SAAU,CACRJ,gBADJ,WAEM,IAAN,mBACM,OAAIK,EAAKC,SAAS,OAAe,MAC7BD,EAAKC,SAAS,OAAe,MAC1B,UCdkU,I,wBCQ3UC,EAAY,eACd,EACAf,EACAW,GACA,EACA,KACA,WACA,MAIa,aAAAI,E","file":"js/chunk-5e022f81.68a7c1b3.js","sourcesContent":["import mod from \"-!../../node_modules/mini-css-extract-plugin/dist/loader.js??ref--11-oneOf-1-0!../../node_modules/

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-7e3047ee.14ced82c.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1535
Entropy (8bit):	5.250330688867714
Encrypted:	false
SSDEEP:	24:lDjpSIcr5XFjW5FVFjmqeVb83VDVHU4pVy/0SuURaI0Aw9R3TwIUQLvIXaPNagWE:lDEIiiL/jGY2a1Aw9Rk4rtNRomkFN93q
MD5:	B5781EE9AC653739193485276B200ED9
SHA1:	B3070C86A1B0051921B2CF2F1AD478C1E6ECB01C
SHA-256:	B5C048EDB312D025841F1AE40C9162EF0CF894BC5D3E92A675A334A944410E19
SHA-512:	89AADA53430175E9EA19106868800AD30C1E6617FDFC5EDB6AE37EF4F772DF8ECFEBE682A973C31176EC68A19092433B43CE72D4114BB73AD254B4ED66482C92
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["chunk-7e3047ee"],{"4fd6":function(t,e,a){"use strict";var i=a("d858"),s=a.n(i);s.a},"67f8":function(t,e,a){"use strict";a.r(e);var i=function(){var t=this,e=t.$createElement,a=t._self._c\|\|e;return a("div",[a("div",{staticClass:"content"},[a("div",{staticClass:"header"},[a("div",{staticClass:"title"},[t._v(" "+t._s(t.game.title)+" ")]),t._v(" Game Settings ")]),a("div",{staticClass:"header"},[t._v(" Game Path ")]),a("div",{staticClass:"filePath"},[a("div",{staticClass:"text"},[t._v(" "+t._s(t.path)+" ")]),a("div",{staticClass:"button clickable",on:{click:function(e){return t.setGameDir()}}},[t._v(" Select Dir ")])])])])},s=[],n=(a("7db0"),a("5530")),c=a("2f62"),r=a("9193"),u={data:function(){return{gamePath:null}},computed:Object(n["a"])(Object(n["a"])({},Object(c["b"])({user:"authentication/user",gameTag:"ui/peekInfo"})),{},{game:function(){return r["a"].find(this.gameTag)},path:function(){var t=38,e=this.gamePath;if(e&&e.leng

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-7e3047ee.14ced82c.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7474
Entropy (8bit):	5.437829959836221
Encrypted:	false
SSDEEP:	96:fDNcOLDEcnnB84sbQJfghiQJfgvba8yFF+wBIOZ3U/PkURAcbtcojLp8vj:fB5LPZQoba8yFF+wBIOYPkQdbmC98vj
MD5:	D46F5B0BC3C0511829B0A95FE3A13C81
SHA1:	C04279BF6FBC4A7827EE2466DE5B4C3851B0F0D8
SHA-256:	34C137B7B066F41705D0159A2A82788FC20749A0C318E4E2A08F6BA91AB11CE2
SHA-512:	CFA7A010073FDD2459CAF0CC856891314A2180E2EB6D58DA8BF50C7A15CFB4AB9CF2EA8B64A7FFAD5175106451DE72D8AF8FC66527BC999C69BD4A2579F78301
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./src/peek/gameSettings/index.vue?a47a","webpack:///./src/peek/gameSettings/index.vue?1cb4","webpack:///src/peek/gameSettings/index.vue","webpack:///./src/peek/gameSettings/index.vue?e120","webpack:///./src/peek/gameSettings/index.vue?778a"],"names":["render","_vm","this","_h","$createElement","_c","_self","staticClass","_v","_s","game","title","path","on","$event","setGameDir","staticRenderFns","data","gamePath","computed","length","trimLength","mounted","refreshGamePath","methods","$store","dispatch","gameTag","then","launcherGetGameFolder","component"],"mappings":"kHAAA,yBAA4jB,EAAG,G,2CCA/jB,IAAIA,EAAS,WAAa,IAAIC,EAAIC,KAASC,EAAGF,EAAIG,eAAmBC,EAAGJ,EAAIK,MAAMD,IAAIF,EAAG,OAAOE,EAAG,MAAM,CAACA,EAAG,MAAM,CAACE,YAAY,WAAW,CAACF,EAAG,MAAM,CAACE,YAAY,UAAU,CAACF,EAAG,MAAM,CAACE,YAAY,SAAS,CAACN,EAAIO,GAAG,IAAIP,EAAIQ,GAAGR,EAAIS,KAAKC,OAAO,OAAOV,EAAIO,GAAG,qBAAqBH,EAAG,MAAM,CAACE,YAAY,UAAU,CAACN,EAAIO,GAAG,iBAAiBH,EAAG,MAAM,CAACE,YAAY,YAAY,CAACF,EAAG,MA

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-vendors.8b8e01c1.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	242990
Entropy (8bit):	5.194296521617947
Encrypted:	false
SSDEEP:	3072:fzvB1MXBL85S1Ek6YBjIsuQuNulINu6mZhgbfabtsdESQB:rvBqKS1Ek6Tssu6mZ2bfQT
MD5:	1572D6703203391B2E6C218675EAC583
SHA1:	DEB60C3F283A08BF3C403D7BBF6523E1054580C5
SHA-256:	29EB5977B2952AA5097DA5EDA8C02524A1035CF08E40E957D56450749516263A
SHA-512:	7A81125697A9D1313DB86496637B0450021BD5ED4F8034F8CB8CE0E0B4BD0FA531CAC8D1E890A5DE7C988701F5EF3802AEED89A2E77CDC174712D9E9535860B6
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["chunk-vendors"],{"00ee":function(t,e,n){var r=n("b622"),o=r("toStringTag"),i={};i[o]="z",t.exports="[object z]"===String(i)},"0366":function(t,e,n){var r=n("1c0b");t.exports=function(t,e,n){if(r(t),void 0===e)return t;switch(n){case 0:return function(){return t.call(e)};case 1:return function(n){return t.call(e,n)};case 2:return function(n,r){return t.call(e,n,r)};case 3:return function(n,r,o){return t.call(e,n,r,o)}}return function(){return t.apply(e,arguments)}}},"0538":function(t,e,n){"use strict";var r=n("1c0b"),o=n("861d"),i=[].slice,a={},u=function(t,e,n){if(!(e in a)){for(var r=[],o=0;o<e;o++)r[o]="a["+o+"]";a[e]=Function("C,a","return new C("+r.join(",")+")")}return a[e](t,n)};t.exports=Function.bind\|\|function(t){var e=r(this),n=i.call(arguments,1),a=function(){var r=n.concat(i.call(arguments));return this instanceof a?u(e,r.length,r):e.apply(t,r)};return o(e.prototype)&&(a.prototype=e.prototype),a}},"057f":function(t,

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\chunk-vendors.8b8e01c1.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1144263
Entropy (8bit):	5.353032105411799
Encrypted:	false
SSDEEP:	6144:loJNX/Xi2G/+1BH7Y/Atb+g5YjNWcpnB3tl/MogBKdy78Sc7pL+AuEGHaJEYjAhE:lwqZn3ARsNEt/+obfkXXcgNRoxF2IY1
MD5:	1D380F6180FF540D25E8E6AD84C3661B
SHA1:	93A114E200FC1F61E824E65A73DBCB30F0FC1890
SHA-256:	D0C2A78138F02810BAC3C6AAAFC87CCCDC87E06B2099D5FBCA159EF2B374113F
SHA-512:	130DEFDE27B338EE5EA21BA9972A5D096A5647E1AFAEF9DB15DFD593A0158A5C2A01525F8ADF88EEC3CE273D9F3CF512CDBA8AC66B27FEFC9310DE38B526F6C4
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./node_modules/core-js/internals/to-string-tag-support.js","webpack:///./node_modules/core-js/internals/function-bind-context.js","webpack:///./node_modules/core-js/internals/function-bind.js","webpack:///./node_modules/core-js/internals/object-get-own-property-names-external.js","webpack:///./node_modules/core-js/internals/object-get-own-property-descriptor.js","webpack:///./node_modules/@vuex-orm/core/dist/vuex-orm.esm.js","webpack:///./node_modules/core-js/internals/ie8-dom-define.js","webpack:///./node_modules/vuex-persistedstate/dist/vuex-persistedstate.es.js","webpack:///./node_modules/core-js/internals/string-repeat.js","webpack:///./node_modules/core-js/modules/es.string.split.js","webpack:///./node_modules/core-js/modules/es.object.set-prototype-of.js","webpack:///./node_modules/core-js/internals/regexp-exec-abstract.js","webpack:///./node_modules/core-js/modules/web.dom-collections.for-each.js","webpack:///./node_modules/core-js/internals/a

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\games.424c0e07.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	3067
Entropy (8bit):	5.223499685527957
Encrypted:	false
SSDEEP:	48:lDwiVA/QL4+eYmflb8Gam3PkkRYkZ4BdmNCc8lrjT+VZidmJ1m4q548fYq9CPn1R:hVL42elbL1cyZ4LaCdRISfYF
MD5:	350F062B645046472FCA113250F1493C
SHA1:	85A278BBCFA7A755467AEEDC41E264B206F376FA
SHA-256:	9EB9F29379CE35D8F61CFAB7F7CBF30E8063450429A6E15559E4EDA1BD1A312D
SHA-512:	6636481939CBC9654F52D6800ECC839571868D8C6B3D8EAC1052F75BFF847C5900B501652280A69EDB0BCB3FF3AC5384F1F278B67460C2401FE3EC8B4B9949A0
Malicious:	false
Preview:	(window["webpackJsonp"]=window["webpackJsonp"]\|\|[]).push([["games"],{"88e6":function(t,a,e){"use strict";e.r(a);var i=function(){var t=this,a=t.$createElement,e=t._self._c\|\|a;return e("div",{staticClass:"gamePage"},[e("div",{staticClass:"vertical-grid"},[e("div",{staticClass:"grid"},[e("div",[t.game.logo?e("img",{attrs:{src:t.game.logo,width:"350px"}}):e("div",{staticClass:"gameTitle"},[t._v(" "+t._s(t.gameTag)+" ")])])]),e("div",{staticClass:"grid"},[e("game-action-button",{attrs:{game:t.game,installed:!!t.gamePath},on:{click:t.gameActionButton}}),e("div",[t.gamePath?e("div",{staticClass:"settings clickable no-backdrop-highlight",on:{click:t.openGameSettings}},[e("i",{staticClass:"fas fa-cog"}),t._v(" Game Settings"),e("br")]):t._e()])],1)])])},n=[],s=(e("7db0"),e("9193")),o=function(){var t=this,a=t.$createElement,e=t._self._c\|\|a;return e("div",{staticStyle:{display:"inline-flex"}},[e("div",{staticClass:"button clickable",class:{installed:t.installed,lanMode:t.lanMode},on:{click:func

C:\Users\user\AppData\Local\Plutonium\launcher\assets\js\games.424c0e07.js.map Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	15907
Entropy (8bit):	5.448626090719494
Encrypted:	false
SSDEEP:	384:fwMZhWkiG0bDEbE20nIdlmCOdQai+sMWl4DJl:Igt0bQbtWzb
MD5:	7B4204AD86AEB78FF56CD3FF05858A3F
SHA1:	373603AC688EE8D2F50DEDF4D332956C0AB02CAA
SHA-256:	A735B3BAE8478A9BF5A16D6D0CCA42662E6004EB3863F4978171B1B6F116E978
SHA-512:	D64702674938ACEF3095B31FA5DF9F7A541BEDB14066C29C0CF2E5EF4AB3CC1E8AB6EEA3104B4804BF3B4DF37DA264BA4A86BB377F7C9C2216EF1E70203B12DA
Malicious:	false
Preview:	{"version":3,"sources":["webpack:///./src/views/game/index.vue?3d23","webpack:///./src/views/game/game-action-button.vue?c236","webpack:///src/views/game/game-action-button.vue","webpack:///./src/views/game/game-action-button.vue?6f17","webpack:///./src/views/game/game-action-button.vue?ef1d","webpack:///src/views/game/index.vue","webpack:///./src/views/game/index.vue?c57e","webpack:///./src/views/game/index.vue?da7f","webpack:///./src/views/game/index.vue?18cd","webpack:///./src/views/game/game-action-button.vue?3f0e"],"names":["render","_vm","this","_h","$createElement","_c","_self","staticClass","game","attrs","logo","_v","_s","gameTag","gamePath","on","gameActionButton","openGameSettings","_e","staticRenderFns","staticStyle","class","installed","lanMode","e","loading","$emit","actionLabel","key","toggleLan","upArrow","dwnArrow","name","props","type","Object","required","Boolean","data","computed","methods","component","components","String","watch","refreshGamePath","mounted","$stor

C:\Users\user\AppData\Local\Plutonium\launcher\assets\manifest.json Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	561
Entropy (8bit):	4.85162810390527
Encrypted:	false
SSDEEP:	12:YTLcTLnMG6/BU8ejJsiB86liByM8ejJs0/zByk6l0/WHY:YvcvMG6K8eDZM8eaXXHY
MD5:	515E59F16E9296205663258D761E2471
SHA1:	31D2D02CA1599CAD4367FEBA48DC187F9B08F914
SHA-256:	B287288B090F627E66F2C492B949015BDC2F4F2B76BEEA6591D7F3D2C6F56765
SHA-512:	B612EBD1E1CF77DD73C2EC89167047F70C3CA432DAAAD0023111F9CD8978130DAEEE51232FFBCD4E2107FB491B93770F10CE31B88437FA2B8EF2BE61694A8504
Malicious:	false
Preview:	{"name":"pluto-launcher","short_name":"pluto-launcher","theme_color":"#4DBA87","icons":[{"src":"./img/icons/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"./img/icons/android-chrome-512x512.png","sizes":"512x512","type":"image/png"},{"src":"./img/icons/android-chrome-maskable-192x192.png","sizes":"192x192","type":"image/png","purpose":"maskable"},{"src":"./img/icons/android-chrome-maskable-512x512.png","sizes":"512x512","type":"image/png","purpose":"maskable"}],"start_url":".","display":"standalone","background_color":"#000000"}

C:\Users\user\AppData\Local\Plutonium\launcher\assets\nix-bridge.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	965
Entropy (8bit):	4.813574865750843
Encrypted:	false
SSDEEP:	24:eG0GOccOi5uGyT/MCZiaAGjCPdg0unqGruICZiHbpQo5osAQov0QvFW:eFbaNIaXCHuoIHbqAxOk
MD5:	644C032E7A0F872E8F1B34598B3DB70D
SHA1:	CDE26F98A6D04FC5D0E2DF698CC6AAAF46D534CE
SHA-256:	3050DC899B974AC475823BCF1AB18075CBC68979F1F3ED2708FC4A032D577628
SHA-512:	0A0767B40198CFC82562F1AA19606A52E4C2E9B0158B7B9082E8511DC518C2C3BDD94486A2E38C060462B93F7CDE6F746D6F19596972DDE5EB4D6AE53841361A
Malicious:	false
Preview:	/* eslint-disable */....function login (username, password) {.. return new Promise((resolve, reject) => {.. nixLoginInternal(username, password, data => resolve(JSON.parse(data)), reject);.. });..}....function validateToken () {.. return new Promise((resolve, reject) => {.. nixValidateTokenInternal(data => resolve(JSON.parse(data)), reject);.. });..}....function createSession (game) {.. return new Promise((resolve, reject) => {.. nixCreateSessionInternal(game, data => resolve(JSON.parse(data).token), reject);.. });..}....function getFriends () {.. return new Promise((resolve, reject) => {.. nixGetFriendsInternal(data => resolve(JSON.parse(data)), reject);.. });..}....function isTokenAvailable () {.. return nixTokenIsAvailableInternal();..}....function getUserId () {.. return nixGetUidInternal();..}....function getUsername () {.. return nixGetUsernameInternal();..}....function getAvatar () {.. return nixGetAvatarInternal();..}..

C:\Users\user\AppData\Local\Plutonium\launcher\assets\precache-manifest.0026cb226c72f2eaaa68239ffdaf31e0.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2744
Entropy (8bit):	4.970483052461431
Encrypted:	false
SSDEEP:	48:p47hajcvmLJwZY3nAGf/zkkHJTS9KbpKHcRey2bI3Bsn+F5j6xSDYNKmIdhWowjP:Gsz0Y/n4m0ypK8Rtgik+FdFY4Dz2jUyZ
MD5:	0026CB226C72F2EAAA68239FFDAF31E0
SHA1:	AD226B3DB1E37D34AF3CF69793541C5D35D8A7F1
SHA-256:	FC7270B1AE2ACC2F2EEF61BA6097727C09655769A382CB37CA6A2296A61344D9
SHA-512:	1AA5E569F520CC63135D311C7F35538DC7BF84395E09F9DE97292B6585F558EBCAD4F351E3FB0CFC4EF1622DB8865FF8C401A797C4349D80C54FC7F25ACA4299
Malicious:	false
Preview:	self.__precacheManifest = (self.__precacheManifest \|\| []).concat([. {. "revision": "8532d3977f4700a6b973",. "url": "css/app.d7ccb6f3.css". },. {. "revision": "c50cad65db29d69c44a4",. "url": "css/auth.cb7ccf50.css". },. {. "revision": "effde76d86eb1c1f104d",. "url": "css/chunk-210b440f.0592ad01.css". },. {. "revision": "922168152276e1ea5e9a",. "url": "css/chunk-251ed409.d753727b.css". },. {. "revision": "3716b8e035173dba969e",. "url": "css/chunk-5e022f81.f5c4c1d9.css". },. {. "revision": "c6c4474df136bd55ff2d",. "url": "css/chunk-7e3047ee.0edc7151.css". },. {. "revision": "fe58e54416f304272b63",. "url": "css/games.75cece02.css". },. {. "revision": "849d500f76d7850d3a46058e457ed5a5",. "url": "img/avatar-default.849d500f.jpg". },. {. "revision": "fa555ecb0c62c09f285090ad08223a83",. "url": "img/iw5.fa555ecb.jpg". },. {. "revision": "804ee0068586c992ba3b54bf66995971",. "url": "img/iw5_icon.804ee006.png". },. {.

C:\Users\user\AppData\Local\Plutonium\launcher\assets\robots.txt Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	4.161978179679553
Encrypted:	false
SSDEEP:	3:jAsK7HKsyn:jK7HKh
MD5:	735AB4F94FBCD57074377AFCA324C813
SHA1:	5B0EB451A1A619D57E5C80CB90D6480E2833DD80
SHA-256:	9133CEEDD6BECE0761CC791489DF7A3FDBFAAA32D6316D98B92E6F8FF76E397A
SHA-512:	5DD90AFBD648FA36D4FB802AF75EEE9B679E4988479582C00EBBC6E777AB9B4922307002F47C02D0EB998D6CE2A7031163E7F58C16812ED7DD4E9CD9E0DF2F62
Malicious:	false
Preview:	User-agent: *..Disallow:..

C:\Users\user\AppData\Local\Plutonium\launcher\assets\service-worker.js Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	Java source, ASCII text
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	5.1770972227135665
Encrypted:	false
SSDEEP:	24:s8fp73DVRsmFqBm7aNpK9YfiLV4I3LMfVr2Jlz5GvKKBfdtwZydEg6S0+6ueAzJ+:xR3DvspM+NfI7MfQr5GvKadqZyP6S0XN
MD5:	04C717D084CD3192ADBF900DD648DDE4
SHA1:	F8165468B70E621B9DBEF95EF38C20B1C898F4CB
SHA-256:	513512FE32D2C223D31AAE50C0CAEDEED7F5AD6F5563CB8445CACCBF0B5FCDE2
SHA-512:	89754E813A45EB1E37B3DBF046E164DC9EA3E233D4CA7F73BC95B3C85CA9442C553CCFC6425FEF9FA66B4A16EA49FDAEC789F0F3C49897741B831EFD8230E1DC
Malicious:	false
Preview:	/*. Welcome to your Workbox-powered service worker!. . You'll need to register this file in your web app and you should. * disable HTTP caching for this file too.. * See https://goo.gl/nhQhGp. . The rest of the code is auto-generated. Please don't update this file. * directly; instead, make changes to your Workbox build configuration. * and re-run your build process.. * See https://goo.gl/2aRDsh. /..importScripts("https://storage.googleapis.com/workbox-cdn/releases/4.3.1/workbox-sw.js");..importScripts(. "precache-manifest.0026cb226c72f2eaaa68239ffdaf31e0.js".);..workbox.core.setCacheNameDetails({prefix: "pluto-launcher"});..self.addEventListener('message', (event) => {. if (event.data && event.data.type === 'SKIP_WAITING') {. self.skipWaiting();. }.});../. The workboxSW.precacheAndRoute() method efficiently caches and responds to. * requests for URLs in the manifest.. * See https://goo.gl/S9QRab. */.self.__precacheManifest = [].concat(self.__precacheManifest \|\| [])

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\ffotd_tu13_mp_147.ff.00 Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	43600
Entropy (8bit):	7.9938864455787915
Encrypted:	true
SSDEEP:	768:Kcpwp1fbo0EVLS6w5LZFyme8G1BMzfSwKKvwK7ksMBtm1OpCerB47lLIj6pJ4UrJ:zeE0EVLSbFQmeHBM7AKvk3tpO5Ij0PrJ
MD5:	F028F92B49BC75250DA6EFE3815853C6
SHA1:	5665073DCACF4E488B6494D65DC02B81D16C6550
SHA-256:	A45CAFA827EDE96B6D11805317C5F6356D7D225A454BBAA9F9D8E07A0955D332
SHA-512:	4D91BD8F885512F7E4CB7DCD96E80411AF2AAABCF08B8DF7FD8DB7375C760BB52421B4B6A4EB5ED20191EA6AA793BFEF312D97A92F635DC4132B2E92219FA8F9
Malicious:	true
Preview:	TAff0100....PHEEBs71....ffotd_tu17_mp_147...............v..;Z?3........0...._>8F..E. ..@..........7.......+........z..Xnd....G..).nG!oe..2.b.]M.dL......]b ..^...S........E.........n'p$,1.s..................%..+.}..._...?"Z.I!.'(..j....Pw_..M...UG....V..@....n.j...Hh.4..e...A^j..........[..A}.........Iu..../..BY@{....(....>...X..wx`..0.c.........}.D.....j.G..;.......]N..;+.!..._N.O.VzF./....-c..J$Y...U.}..G.f...B.._..UC.....4M.\E...........~..3.9.lwV..$i.x...VG..+c..0.{.~p.;Yz...Cu.,m.<...T..}/)>]Td\.u...um..=....j...<..n+....2eWz.?-P..;pLG..l..h.R.hr....e._.5Q..{.....=....{.x.V...&..?Z.....I..$<.k....[Ha8#./....2.U.7x...5.8\|...u.z...\. c@M.n.p)+reY.W.`>.T....1MC...X..vr..~/..o]~...}.....i.6%...h(.......l.2.....a...$....u_....m..........>o.<._..}j..(....o.LW...-^..z.&W:k...[...Jr ..9.....l...s..@.@......u>......0..9 ...d....{+2..D......a#F...)...(e@.#C....O.=.9..C`v..cS.nk...q1...z..b.ZA8u.........`...k...E.yN.....I.Y.....G.\|....ukG...:n.gUV...

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\ffotd_tu13_zm_147.ff.00 Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	29840
Entropy (8bit):	7.990348527960037
Encrypted:	true
SSDEEP:	768:YycJhfFZNS6NhIbznSelhAqgHK40YRMThQc4xLS3VIfaKyLWIEvG++eO+/:YycXfFZa/nSamqtYG9Qxl5ydY9O+/
MD5:	8DB82333FE7A039CC0F898BEA4992E1E
SHA1:	80B8FFC20B1C0E1E0295450763A714EEB9B90444
SHA-256:	ED1C190CB88E19DEEFD8E32B918E9A89EC93F9570BB379E6E86E2B9847A3966C
SHA-512:	63101B24D2FA944B033DC2F8D9A002FC04FC1902DBB80A063692214EB3179F5816AEF6CEFFFA80F9CFC32D3F8B228D35FF8C03614ACC032B4DEACE750997474F
Malicious:	true
Preview:	TAff0100....PHEEBs71....ffotd_tu13_zm_147.................)._...y...U..8l..=9....:m..~..#.~.k\|k.f..u.d.H..xnP.QE.,...{B.9U.k.!...'@.W.G....sU8.l...s...O..8...w...$.f.B2b< .bD....RX:....y....\|.f....^..9oV."..Q7.p.dDC..1..<..y..hp...YY.'...].Q...,....P}.-a...O...0\Q....%........m>..v.yA.J%>.'P.[NJ...e....iU..\|..BnQCg.;....>...;.2......a6....dw.....gzv....R..3U..?#.b.9Q. ^....8=Q..rV=.46,.0c#7.'...X-M....eSe.k.H7]..bQ.5..X....a`...........h.E........9.9.j-j.cY..8.nB..]\|...J9~."......4%....+.1C.c.):.9$j...............y..,...<~.,..3...d[...\C.....Pb.6..@\!....G.\.....B....E.....T.......zZ...K.j...@....o.^?7...?t.0\|.$..<.g........^..n..n.n...AL....}2j..S...D<..."..w..U....e...J...)...=x........".K..V.T.......b.(z(....................X&C^.9{...J.r....i,#*.....\|..sHs.D-.@..f..O..G.a.....B...7S.#_;..u....lY=...R...........t...n......`.u...'F...m]9...;...O..Z.o'...-.V'".u.P..a..V. ..N.}..y.. ...cv....Am..........B....BXs...W.z...?...E......G...

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\largeheatmap.raw Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	zlib compressed data
Category:	dropped
Size (bytes):	9931
Entropy (8bit):	7.971762792795412
Encrypted:	false
SSDEEP:	192:COtOqqcB8q8nbLPEuGYT7FM9VUWX+7KfvAN22412bRCDmdxvvVMDFcK/x:COtOqp8q8b7pPOXTQEd16kgvvVMDFcKJ
MD5:	ADB81956835F46CA26BD50953271B67D
SHA1:	7EAE1A4198028AC4780F285219EF5E541A8148A5
SHA-256:	EF2A60EDCBD2061168CABE022FA258439232D02D5619857FA47326E5A015A8FE
SHA-512:	A0F71FE44767CFA321A978EB15D60E2CA5FE651F2FC3FB18954D74442B7B45FBE24B9D49F07CF61B8F3EF99316AD325A1FB1129466C0BE8D2908990A6A7D869B
Malicious:	false
Preview:	x...wx.U..w..f.{gvC.T@.#...)"...(V..`9ru.V.@4....D@T.4E..ti..&...-.^B'......{......\.p...."k.mMb.R....~.e.......W..T...F~3...}i..Ny..Z%....V.f`.}.....f,.]........?...8...6=.b......<i.1O.l.~W.q}`.....\|D>,G.4.A.....X1.....j...qh.....&..U.].S..6.p....!...........V...G.....5x...XB...qX.X.}.m[.B2...Pb..,%.<.W...W..6.p......uS..5z..\|k.d..{Vb.}WF.yL..L.......M.G.rr....c...2.e`\....,.]..j......Il#?.L.?..%k$.K.E.%Tdb.}A..2...Y.K.K9Z`?.<............W.p...X......d.....'.....?.....%.Of=).h.....tv5.H....9...A....../J .........}...`7...N Nl..~...+7;.O.7.q..Wd..),.........>#.k......Oj..kg...\|f..zF.........a.n..g.E.]h.......9..d........'..i...N.e...flV.QMd[C.D\|GF+.5".^.;..z.J.}...W..p.K.r..j...A..l~....r.L........#.9....q.]{..........&[...j......k/9.Qye.il.....z..@es.^.H.yj.A4%....Y!.F..\Zu.g...8..M d.}7.....j.j.6O..[d....@..........;S..PiS......r...n[....b\0^....vj..Q...@...:.....3U.4.X....Cp.h.7pv...L1+..'......&4.3...d.......P.."C...hj.8

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\lsssk0 Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.028859796247464608
Encrypted:	false
SSDEEP:	3:NinqkLgMUL0oa2nejMwHnfaZi1n:MnqSZUL0oF8Mynfaw1n
MD5:	FA9D0BECD56A90F7906E15DA3C30E18C
SHA1:	C97B016517DF6643F652AEB4D3E7A7AF4F479AC8
SHA-256:	B1F11ABA643BCACAF6E59E9E4309CEAB7315543EAD3FA3A3AD0555C0FDD73DF6
SHA-512:	4EDE7CD25ACB3772B2C4EA2A4D2DEB6F0FB36C0403163CBADA5D51F22387FB77631CBAB3E911538FA6034E82F907F01F9E9698360FE565EBB11920C24774754A
Malicious:	false
Preview:	0(...........A.}Dk*........K..n.M.!o...?......4....B..8..<.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\lsssk1 Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	59
Entropy (8bit):	5.516377956574773
Encrypted:	false
SSDEEP:	3:nne1kLgMUL0oa2nejMwHnfaZn:nne1SZUL0oF8MynfaZ
MD5:	845EC1C9A5F6EF60723F1CDD8DF7E6E6
SHA1:	499E689939FF79C84EF8F2E672A6B69C416EDB9A
SHA-256:	95EAF05ADDF877327991996F041D8086E158AD20043F29B00664CC35BDBE6789
SHA-512:	3C0E6A2EFDAD6E69F78717290B916EE425E95D78AED03902E8CE700511E1BBBFC2110687D2CA866720FD37FAD9C463E32AD014D9728181A8B16A073B20BE62C3
Malicious:	false
Preview:	09...........A.}Dk*........K..n.M.!o...?......4....B..8..<

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\online_tu13_mp.wad Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	58376
Entropy (8bit):	7.9900837204928745
Encrypted:	true
SSDEEP:	1536:HgL/p4UnDAmZMhvRxOluaGck1Z8PlDGW1lbY4Ipicc:M7n14H6mV1wd1lcib
MD5:	D42A355EAA67E77F4053AEC94006B2A8
SHA1:	DF01DE782D5578511FFFDA4FB63BF12F1DEA3F77
SHA-256:	511F01FAC98BEEC0F4DCB3413B1661E7CE6E52AC4055DAE8FDDFBF24C516863C
SHA-512:	63B49BAA7533C856CA35F8906AA4C9A6ABF217B834FB387D5BA3C8695ACF34FC09034CB8006E037EF449CFD81F9C86C8E4DF222C50BC5E35465F1843EFB57E09
Malicious:	true
Preview:	.w3T............codtv-mp.json.........................%.....entitlements.info..................4.......\|leagues.info.......................\|..Ef....message_encryption.dat.....................,motd-mp-english.json...................'....motd-mp-french.json....................'....motd-mp-german.json....................'...1motd-mp-italian.json...................'....motd-mp-japanese.json..................'....motd-mp-polish.json....................'..!&motd-mp-russian.json...................'..#.motd-mp-spanish.json...................'..&tplaylists_mp.info.....................x...).voting-mp.json.....................j.../....youtube.info...............................-x..Y[o.H.~v....Zi_..6.jW}#x...la.wU..0vP..........1.c.../..w......w=..'..3..B..Y.D.._..{.o=%d.......H....gp.yw...L..k6....C?/zJ.^........ .I[..).fa..6.U.<Q..Cy..^...1."%"%b\|.\ e%.g....6......=....."\|{.X...6...a...MO@M"y........u...P[!:.[ID.R.).w........O./^W.H.....h.....O......#.a[x.Z.....eb+...c..kN.{4ZE

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18397\pub\online_tu13_zm.wad Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	22213
Entropy (8bit):	7.969226283257411
Encrypted:	false
SSDEEP:	384:1oSmTHAa+aI7FV6ArfQ5/WBZb9HQPFNMQWQ+dmVPi7E:1CTHAad07kA9wtaQj+dTo
MD5:	A5F86BF6E9AFC578393945F7DA8B412E
SHA1:	33D19C8A37C4A53CE7232497A839DFDCADA50338
SHA-256:	ECBC1AF3FCB0E548500AD41DA2ABA444D0D2B4116794EDF66C3944BA0DB167AF
SHA-512:	E2F93D98E4E45FB0954BE3031BE97ACF104DEF1DE0318D3DF8544617074F78DD9D0C9313EF216DB5BA63A33F6998242F3813BC60DC2045978CD701608E4B3152
Malicious:	false
Preview:	.w3T............codtv-zm.json...............................motd-zm-english.json........................motd-zm-french.json.........................motd-zm-german.json.........................motd-zm-italian.json........................motd-zm-japanese.json.......................motd-zm-polish.json.........................motd-zm-russian.json........................motd-zm-spanish.json........................playlists_zm.info.................?_...q....voting-zm.json.....................g...,..U^x..XM..8.=......c....Jsc.'.6...-eW...'..p.&;.V..)C..&...gr..W.{Ue...?...I*d.?..{.>.q....pc<....'p.y.R.+..,......&.=..1.<.u4...^z.V.....2.x../c...(.s.K,.xt`.d.a.........-"..p.{.o..y...!.......9...T.D.e.....H..........)d......L./.(....hM..{..9..u.C.........dn....?.V.\.3..d.~..T.+\|...Y..W.....\|w..-...N1...'..0.G6.Y..T..A;....d..L.F.h...h. ..\"...Y.....>.e..s.R.y.t..S..y...M.\|......@.E S.)c..'..x.)..a...O#h.>6Z...{.oe.i.q......)...,..kOi1....~...$.Eqn, .N./..4^.\%.6.....y....<..

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\heatmap.raw Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	zlib compressed data
Category:	dropped
Size (bytes):	91
Entropy (8bit):	1.923367571376343
Encrypted:	false
SSDEEP:	3:4F//DlR:4FzlR
MD5:	957B1E4D2A28F9E8294C24F667C3EE71
SHA1:	79A022824D36AA7E8D1666BDC4E8C0698A09AFA1
SHA-256:	04489D5646F76A37CBB6C193FE3B2A9F205284978A33795B06458B0F16E15903
SHA-512:	B64A796A665D64B6BB6CCABBC1BB6D8077B9521F63C96A6AF319CA39F132F1B2417D1B8DECE99ED841C709CA48D2807E271B15114AE38A90FD987A60938FC24E
Malicious:	false
Preview:	x......... ....M.&....................................................O................4...

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\iotd-english.jpg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	[TIFF image data, big-endian, direntries=4, orientation=upper-left], baseline, precision 8, 240x240, frames 3
Category:	dropped
Size (bytes):	31304
Entropy (8bit):	7.945495996899505
Encrypted:	false
SSDEEP:	768:dQS0U0ySNO3/r7qHgK5t2MsvVm9KxJ11KJQ5pMFGx8:dB0iS8Tat2MCuY1eQsn
MD5:	ABD5E88EEAD09A7423D9585755ADC62B
SHA1:	9718931B6171DBCE0C5762EA89B713042F75D3DB
SHA-256:	1F8FDCB850752C01BFF7A8A549225992C80CF7F6D162DF0DCEE8B359AB15A161
SHA-512:	E47A7EEC3AC7A6D8ECE2C659837CB0848EEB5A1E2AE947C7DFFE3F1CD9F9C764F3222060F3BCB2C81C3B31F2E46A6AE513089D61ED2DB499DF9546F86DBC646F
Malicious:	false
Preview:	......JFIF.....`.`.....FExif..MM...................Q...........Q...........Q..................C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S.u.55....N^Grw.c....V../.c..F9.~.k...E...p1]..m"G&.t....R......ts]..........f.(......8...^.....J..k.....+FO.SX..\|-.E.6.Y..a..X.GO..}..G..3......I$.......s..r.a)-..-,x...5.v...d..iN].,N0:..W\|..I.o...&...Z....eE.....\....g...m.0r....\|...SP.-.{u?a..>aVM.azp.w.k....c.wo......~.j....4...F.p~..

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\iotd-english.txt Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	3.783465189601647
Encrypted:	false
SSDEEP:	3:FKA+OZVn:FK7qV
MD5:	FE9CA71F36D690A8C0B33922EA392DAD
SHA1:	1845BEC139DECA6B730531B0356BE39FCE9300A0
SHA-256:	0C44B0C850CE60C6447B005429111C14A000770895E804C485887E35105E325D
SHA-512:	9822B2D4461ABD16D89E93F50BA75F91A2696F104ABE8890972D2073D01DF9AB98D0383F156D5548A5CE1CF0BCB272CE85B7E76C922A38668FF624164E97B0F8
Malicious:	false
Preview:	Welcome to Plutonium IW5!

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\motd-english.txt Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	3.783465189601647
Encrypted:	false
SSDEEP:	3:FKA+OZVn:FK7qV
MD5:	FE9CA71F36D690A8C0B33922EA392DAD
SHA1:	1845BEC139DECA6B730531B0356BE39FCE9300A0
SHA-256:	0C44B0C850CE60C6447B005429111C14A000770895E804C485887E35105E325D
SHA-512:	9822B2D4461ABD16D89E93F50BA75F91A2696F104ABE8890972D2073D01DF9AB98D0383F156D5548A5CE1CF0BCB272CE85B7E76C922A38668FF624164E97B0F8
Malicious:	false
Preview:	Welcome to Plutonium IW5!

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\online_mp.img Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	2.8822155004735444
Encrypted:	false
SSDEEP:	96:/OClQ2JPv+7ydvaKDNCJHMBz2c1lpnc2Kswa0nWaQRIP5cy+:/7JZlaKDNCaUNWa7c3
MD5:	A9828A50C6CC26541E9C690954C23601
SHA1:	0E60A52920C749B7E4EEA392E7517ED125170D67
SHA-256:	DD3496F927A2FFACD4D461C7D0A11255DB1A283B976D45D08B05A258CDAB3B40
SHA-512:	B546F03954D380DA5B3340E9A58C3DE34D648FCE996E9EF1846AFC4CA53C110A83A29BE2CBBC7397286F465B5662842063351D5D587C394B95C0B25AAE7640FD
Malicious:	false
Preview:	VER2............playlists_mp.info.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\online_tu14_mp_english.wad Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	24633
Entropy (8bit):	7.982969754558207
Encrypted:	false
SSDEEP:	768:K4UJKnmF53COl7n1KoNUp6x1A60l0oq56AeC:K4UJKnmj3Pl7nYoNUpX+oq56AeC
MD5:	D37174C6FCD011FC9B3731681D0D63EC
SHA1:	F0D8DBD04BE65007DBF44A72F5F56F82650BD363
SHA-256:	AEF02A44F06705387416A434F16CE04AA2DCA90B35160FBA9DF18DBED7CB8FA2
SHA-512:	57145EC1F2EE0B623C3B937942A5ED390F503F51455BEC3C25B67AD96EF3D85E25931DC968CD6A464807BFA5B97FD6C3472AF2B72EAF32BBF44D2288FF4B8D9B
Malicious:	false
Preview:	.w3Th$.O........contracts.dat.....................A...s=....motd-mp-english.txt.......................A.playlists_mp.info.....................*>..B{geogroups.info.....................e...!..^prestrict_access_wad_mp.csv.........d......_.x...s.H...;....}..P.......r.].5..B.!....H........t2O..<{.N.]...t.......x..el\|.rwc\|....nn..W.<}.................0>~7.}.2......_.o.....w..q........../.>}7.\|.?.\..~.......2.N..%Li.J.c.....i..95z...,..z.fd.....$...Q..d.&..N.../.....4>}3>].....e......).{.".i.I..6....M..]N...b....?....$e7.T}...{.....P..4..>..gJf....j.a.I<...4>...)........t...wi....qe.z=.j..n8 K..i......>x...m.3..}....\|4....w...rM.6..Z.%'+@..~..(..v.Qc.....1.'Gy.....7?....$.^..W.e........;..H.(....<?..-3..[....d.....^.a...Z.jQl....\|..o...:.!.1.....a.+._.....o.....{.].}R..{..._..O.8..?d.OD.2.".1%.ta...e...B]H....>&sc.3D3..8e..5..Ua.z\.V+...L..d..}.&..h...._.^/?FA....b..d...}.r...Q.}.......#.......R......A..}R8./..$...O..L..l.0H.'.,`D}.gs...4`.\|u

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\playlists_tu21.aggr Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	15810
Entropy (8bit):	7.984531007228218
Encrypted:	false
SSDEEP:	384:YJ1qwh4Znmonxt7mv8KjLPz4+U9VKK9AExOFpFnzqeKxaOT5I1:F4KXnPsPLjWL9AExepFO3xaOVy
MD5:	FF579618D757B2CBBC78955CD8F64186
SHA1:	59636B39DCBE80FAE7E7C95E68DA9898F0D3E036
SHA-256:	3E98D4C34EF5C22B34E2580FE301B9FE613DC80AE4EB231E2DC61C0D7FBB6FA2
SHA-512:	5EDFC72266C5AC5E2FD897DE3B67A79988B7052CC37CA6E33E3B808A6698458332189CF3EFBD5DD0C89509D8D66CD70C71300234BC94C744BF7CEEB0B0B7F377
Malicious:	false
Preview:	....`=..l=V.x..}.s...w..]. '....R2.\|..... @..-.%\.Ncw....,...C...'Y..%..e.b.W.8W.%,...)).,.D.g....x.a..H...."K..t......II.@a........3K.0U]#.F..cTK..yc.\..S.{.#...U.Fs@..V.a...V.s.....y.....2=7_1...mRaN1.2...c2.(.s%.PP..\.-...!R.\.H.<.5.g......B-.i.if.djrfvb2..>~tf..Xs.T.`...0...g....P...J.T.q-1.....C.....<UK.,..@..$..{j...7G.lF5.!..Sf.5..1..Yd.=W8...9Wa.../P....0.2r.=.ZfV........0.PR.".w..2.0j............P:.4.$e....C6.V...k....j.^.....l..S...2V...E.cV......N.A..A7...]t33A..z....5...La.ou.5..nl...].@.e._xqvt.d...G&Fg..{.........Ld..7..>.S.;FQ...;@Q*..(...(M.#..Z..25.S9j2....(#.5.2...[w . {a.........Q...h.a..TcdT3.\|."C._......F"{.D7..M.(..%{...Q.9@....)....XF...'Mf3.Q&..:..2..I..c{....r....\|\|CI.%.c....YE.P...\|......VR.E..g....%.PC......{..........:m...\|.,8..$.+.;..~C............{G..\..#c.~.....lG.....v.z.e\|M.c....[oK............9..x.R.5f...-YE....Pv.......D.....2..e0.eMaP....U@>E....R.....K.CUu.XU"..2..&r......-1IA..5t..x}Z..,

C:\Users\user\AppData\Local\Plutonium\storage\demonware\18409\pub\social_tu21.cfg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1557
Entropy (8bit):	4.576449722467994
Encrypted:	false
SSDEEP:	48:Y3nqftPtJHF/gtwfC+twCTbDGs5B1ARciWPAI:Y3nqftPtJHF/gtwfC+twCPDt1ARG
MD5:	18324544E163EC34E5F3A6C2916E98B0
SHA1:	CB875922C58DCD9576787BD95FAFA623BAEB4416
SHA-256:	70598B78759CBB67AF589F16B4BFB67B361FC2C3F60D7F42482A72698CCA11E9
SHA-512:	B90EF8E4784433A8CEE828E2CBAAA07384D68361DF7644BB9ADD35024A97E944295D9522AA954D5C88CDD006DF4FCDAB11CF339CD86738ADBABFFC72D67255CF
Malicious:	false
Preview:	// DW Delay values..set facebook_active 0..set facebook_friends_active 0..set facebook_upload_video_active 0..set facebook_upload_photo_active 0..set facebook_delay 750..set facebook_max_retry_time 30000..set facebook_retry_step 1000..set facebook_friends_max_retry_time 30000..set facebook_friends_retry_step 1000....set entitlements_active 0..set entitlements_delay 500..set entitlements_config_file_max_retry_time 30000..set entitlements_config_file_retry_step 1000..set entitlements_key_archive_max_retry_time 30000..set entitlements_key_archive_retry_step 1000....set userGroup_active 1..set elite_clan_active 0....set cl_enableDedicatedServerBrowser 1....set dw_presence_active 0..set dw_presence_put_delay 5000..set dw_presence_put_rate 30000..set dw_presence_get_delay 5000..set dw_presence_get_rate 60000....#ifdef MP..set onlinevault_active 1..set onlinevault_maxslots_sub0 10..set onlinevault_maxslots_sub1 10..set onlinevault_maxslots_sub2 10..set onlinevault_maxtime_sub0 30..set onlinev

C:\Users\user\AppData\Local\Plutonium\storage\iw5\default_mp_controls.cfg Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1427
Entropy (8bit):	5.101500209206278
Encrypted:	false
SSDEEP:	24:kM/j3rji/38hRTLwNKfYMl1h33RCesgHEdT0owbBNJWExcLyN5ro406s8B:DiOLwUfv1h3BrketlcLyN5o4T/
MD5:	30377106EE6FC5A22784754B3371FF8B
SHA1:	A62CDD2BBADF096F111BA31CFD85B783005CE09D
SHA-256:	2B4495EE2E28EFC441D76105107DFB3E2CEF5738F6CEBEB813CC99D433A5A4A4
SHA-512:	E9ABC2A66F1FE945A65FEB45D8650C93C9DE2C1802C6D2892629CED5B0F1868A7FCE75D9207FF50D58676BD3646FB01C7A2B9421334A9BE1235CAB8C0AE5A435
Malicious:	false
Preview:	unbindall....// Movement..bind w."+forward"..bind s."+back"..bind a."+moveleft"..bind d."+moveright"......// Weapon Controls..bind SHIFT."+breath_sprint"..bind MOUSE1."+attack"..bind MOUSE2."+toggleads_throw"..bind e. ."+melee_zoom"....bind n.."+actionslot 1" //Nightvision..bind 3.."+actionslot 3" //Grenade Launcher..bind 4 .."+actionslot 4". // Killstreaks..bind 5 .."+actionslot 5"..bind 6 .."+actionslot 6"..bind 7 .."+actionslot 7"......// Weapon Slots..bind 1."weapnext"..bind 2."weapnext"....// Inventory..bind MOUSE3."+frag"..bind g.."+frag"..bind q.."+smoke"....// Interaction..bind f.."+activate"..bind r.."+reload"..bind TAB."+scores"....// Stance..bind SPACE."+gostand"..bind CTRL."toggleprone"..bind c.."togglecrouch"....// Mouse movement dvars..set sensitivity.."5"..set cl_freelook.."1"..set ui_mousePitch."0"..set m_pitch..."0.022"..set m_filter.."0"..set cl_mouseAccel."0"....// Menus..bind PAUSE.."toggle cl_paused"..bind ESCAPE.."togglemenu"..bind ~..."toggleconsole"..bind `...

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\background_image.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2073632
Entropy (8bit):	3.733215231042698
Encrypted:	false
SSDEEP:	12288:dCl3jJ6Tq4V6OlEmhH2ymjzl9BHZfGAjiToyrkm:23jJ6TqK62HKzl9B5eyiTXf
MD5:	BE48AA8D7D2AE68BB718BC3ADEC307A0
SHA1:	158431B3B28D2785FFF7AC92AEF9DA6A29DD06E8
SHA-256:	7BE5FC469D585F35D8E0DB505B0EDA1E4D0CB3F55CD94864B3A26C406ED3DFC8
SHA-512:	FBD9A75B20AA9CB9D01955A32E45696D381D4CD0973C8BFAA4FC6D61ADAA3FF59794212580D2C8BC060B98C8FE8C288D45A9AB036B4E008DC58C3F1629D48BBA
Malicious:	false
Preview:	IWi.s.......8... ... ... ... ................UUU.............................UUU............TUUU.............UUU.............UUU.............................UUU........C...WUUU.............UUU............`UUU........!....................UUU........A...WUUU.............UUU............pUUU........................A.@.AAAA........`...WUUU............5UUU............_UUU........................A.@.AAAA........ ...WUUU............%UUU............XUUU........................A....UUU.............................UUU............\UUU........ ....UUU............@UUU.............................UUU........c...WUUU........A....UUU.............UUU.............................UUU............WUUU........C....UUU........a...zUUU.............................UUU............WUUU.............UUU............_UUU.............................UUU........ ...WUUU........a....UUU............XUUU.............................UUU.............................UUU........a...^UUU........ ....UUU.............UUU........

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\background_image_blur_less.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2073632
Entropy (8bit):	3.4214802049798796
Encrypted:	false
SSDEEP:	12288:2nFyGEx+mlGLDqQno1t661ULDeftxr0XBwCzTV+:dP0WF7Kg
MD5:	1DB524CEEDDD973C703BF4D53A4589EA
SHA1:	D2982ED11FF5F9B9BE9909AAB95B401CE5E8DCD6
SHA-256:	BEE97A1A69140D2EE9C5AB7A46D8B96764762336A1D02041CFD83B29885417FA
SHA-512:	FB84E76C35996244A5BC99D519F3859D77C75F31BB9487A25BC5EFEED7B70C16BC4325E366B2DC8CB83461A2942949DE295BABE4DB367CBFC1DDBC03DCA33A84
Malicious:	false
Preview:	IWi.s.......8... ... ... ... .............@..WUU........@. .............@. ...._........@. ....U........@. ....U........@. ....U........@. ....U........@. .............`. ./.............`.--=5........................ ............... ...z~~~..........................`.. ..............=...............-........... ...}UUU..............................\|\|............/?==............//.......... ...}UUU............zzzz..........`....p........`.@.\|\|\^........@. .............@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. .............@. .............@. .............@. .............@. .............@. .............@. ....W........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. ....U........@. .............@. .............@. .............@. .............@. .............@. .............@. .............@. .............@. .............

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\cardicon_plutonium.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	262176
Entropy (8bit):	2.282986393155075
Encrypted:	false
SSDEEP:	384:9aoxthqGUZ666666666CER2q/M8CQ/4ZGdPOnAOf:9aem666666666CER22+S+Pf
MD5:	54F2FE32EFADE709FD86B01A2C3B61EA
SHA1:	436A2F098F88C3727D3CCDF04AD548F8957C083F
SHA-256:	6747496E69750948F7376887A2C21815015A029603BFCA586F90F19C7E96D5D0
SHA-512:	60CF09924DFBCE603C21E28B384663D238C5E2B48B068A46B29E4E3080987605262B56603B50192B956AC345B8C9EC28BD3F17D8B662AA30CFB02B7C3B26E4B9
Malicious:	false
Preview:	IWi.s........... ... ... ... ............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A ..............A .............

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\gamefonts_gamepad.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	51232
Entropy (8bit):	3.6159537786035707
Encrypted:	false
SSDEEP:	384:zo0GAWoIUwWiKy/QGKJss9IQGdfl2Vde/pJM6z2utbx7t:U0fWo2WYz2s8I9j2Vde/pJ5K4D
MD5:	C182482056F95F9FB9576C3345D71DD7
SHA1:	003927D7ADF27FA5695D39CCF2D72F0A5B3419BB
SHA-256:	0C269F0113177E1F323B1D9736C58D334EC2AB25447110DE20D4DE79B1105D0F
SHA-512:	A7243C039258BE54E40D892B32B35ECEB387E9D560DDABCF727691A90DEAC57E9EEB8225BB6192E85C966A9530BA7AFA9D45F978BEFAE9BB49A2BD4B9B08F594
Malicious:	false
Preview:	IWi.s.......d... ... ... ... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\gamefonts_gamepad_ps3.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	51232
Entropy (8bit):	3.677855391614274
Encrypted:	false
SSDEEP:	384:EAfvvitV9EWPJ7mzTcW1tk3yrGDNVREQBdOHLtbx7t:EyvvnclGcx3qQXKqOZD
MD5:	B6662719FC095556762728579CDE5755
SHA1:	93B05D7A274C320A30C374B1CA9C04ADBD920B56
SHA-256:	21946C043CE33F130B93016A8B5F0188EF48BF5CEAD7377404F54EB326F1847C
SHA-512:	F8FBB5120752AF6DD3E737B1D9FEA3F019C0F557BAD6A263D27AA6826B4827D4FED3866FFC2B6DA0156B38D8406311C77F6714345B80E15F0B8B1C68ECC58B5E
Malicious:	false
Preview:	IWi.s.......d... ... ... ... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\loadscreen_mp_deltacamp.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2073632
Entropy (8bit):	4.969141910948686
Encrypted:	false
SSDEEP:	24576:FGoM7X039kWVC6KVYITxumqiWijLK01QQhnyZtrJpmrA+NFhSA3LUQ2cOQ2taizU:CCj4MmgZ6AGwxg
MD5:	1969280B61AB2EA93D6798D7E4C22165
SHA1:	97ADD94D42328AED82E40EE134CBFC187C3BC64E
SHA-256:	2D2577D57ADBD3810DBCD5E27470C5EBAB669E4351698E0AF3460F58F829C6BB
SHA-512:	5AB6F62E6712DDBD032916A64CFE5CF67F4F51A3E258D19ACAB3FA0306224010F6BF12E556E9B2AEBF7D8110543A80C9ED0E1AAA9D2F7D3E12C54352CCF0D2DC
Malicious:	false
Preview:	IWi.s.......8... ... ... ... ...........%...Z.X........%...Uu.........%...UU...............%...............xZz............(.................%..........b..UW...........b................................................../........%.............%..............g!a.U.............A..`.R..........b...UY........F.b....U........%.............&..../._........F.A.................5..................+..........b..................(.............-+............................................b..~............A....x..........A...............b...............................b...............b.W_............b.5-............b...~W..........b....U..........a....................U..........................b./.._............_.............b.UW^...........!..............Sb.UU.U.........Sb.U..U.........!a..............!..+............!..Pp..........F......7.........!.....W.........!...............!b.u.U\.............................W.=............z..............V.&=........%...)).v........g.`../.........

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\menu_background.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2073632
Entropy (8bit):	3.733215231042698
Encrypted:	false
SSDEEP:	12288:dCl3jJ6Tq4V6OlEmhH2ymjzl9BHZfGAjiToyrkm:23jJ6TqK62HKzl9B5eyiTXf
MD5:	BE48AA8D7D2AE68BB718BC3ADEC307A0
SHA1:	158431B3B28D2785FFF7AC92AEF9DA6A29DD06E8
SHA-256:	7BE5FC469D585F35D8E0DB505B0EDA1E4D0CB3F55CD94864B3A26C406ED3DFC8
SHA-512:	FBD9A75B20AA9CB9D01955A32E45696D381D4CD0973C8BFAA4FC6D61ADAA3FF59794212580D2C8BC060B98C8FE8C288D45A9AB036B4E008DC58C3F1629D48BBA
Malicious:	false
Preview:	IWi.s.......8... ... ... ... ................UUU.............................UUU............TUUU.............UUU.............UUU.............................UUU........C...WUUU.............UUU............`UUU........!....................UUU........A...WUUU.............UUU............pUUU........................A.@.AAAA........`...WUUU............5UUU............_UUU........................A.@.AAAA........ ...WUUU............%UUU............XUUU........................A....UUU.............................UUU............\UUU........ ....UUU............@UUU.............................UUU........c...WUUU........A....UUU.............UUU.............................UUU............WUUU........C....UUU........a...zUUU.............................UUU............WUUU.............UUU............_UUU.............................UUU........ ...WUUU........a....UUU............XUUU.............................UUU.............................UUU........a...^UUU........ ....UUU.............UUU........

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\mtl_weapon_ak74u_black_col.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	1398160
Entropy (8bit):	5.993845601826314
Encrypted:	false
SSDEEP:	24576:rGcfcnW0cwhMy0G49lRy78nUQQtF+XVrNjQmK8YOGBQ/z0LDt:qnpHuTQ6VraQhiDt
MD5:	FAFE786526070A5AAB39EB237A986399
SHA1:	606341590AA25B6C1AAF28A11D0437BC237C9343
SHA-256:	A903CD26A127EBCD1DFDEFF95A687CD8FBB8FD975F5A26D4FB4F5983FF22D472
SHA-512:	E3DBD9A7F05E77AE3451830757D2931DDFA66D77295ABF7CC6CCD7058A3072F0881D9A7CE0C585FE14579FEFC8CA1CB6105586BD1B3B676CAB5C47BED0562D04
Malicious:	false
Preview:	IWi..............U...U...U...U..((I.$I.$$!$!....=...$N.$$).!....H...bI3.E)...*.R..$H..$%)..\|x..X..)....%).../..K.I...@.%). ....E.F.'../e).!..P.Y...I..@E)......M@.H9....!...r..Q..2.$..!....?"[...i.$.E)......Y.. i..$E). ..U(W..@nI.$%). ....V.. ...YE).....[..`..$E).!......I.$I.$E).... +.I.$I.`E). ....K....m;.1. \.....M.$I.$.1.!....L.I"..ME)......U.&.i.".$)......F...'I25.1.!....G.I.&EB$%)....:+T...H....1...r.NH..$....!.....NF......!......L?...\|...!...~WWK?....e..!......Q...8@#.$!. ....P.I.....%)......Q...0..A.!......[...I...E)......WI......%)......TDm...#@.!....~.O?......!...U.WDIb..B.$)..U.].YA7s....E)......^..DK"..e)......]Kw.2.<.E).!...[:..I.+@E).!....X......,E).!.(..X.......%). ...iW.......E).!j...]4.&I..rE).!...YC. M..pE).!' .]. .....e1.!....]O.>..!e)%)......$I.$E)..........$I.$E)........I.$I.$E)........I.$I.$E)......P..`...K.9. UUUSM........!......\.9..I.$E).!....]....I.$e).!.x.~..I.$I.$E)...h....I.$I.$.!...5....I.$I.$E)....j...I.$I.$E)......I...I.D)J. S{]UQ...J..J

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\navbar_selection_bar.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2080
Entropy (8bit):	6.29582317902766
Encrypted:	false
SSDEEP:	48:cYjZZ3iaL5q8eo/RZWKzS/Gd8viKcSofb:njq0RUKzS/E8vPcLT
MD5:	D7494217BE56AB6EC32D8023B6260350
SHA1:	855906F9671EBF13EC711E3CACDB7CC45A4B9BEA
SHA-256:	765375CDAAED7686F58CB59DC9BB2C7F03D29D629E6448D5A020B001EE576CE3
SHA-512:	6582805FC3FA2D81AC13E62011B485F0EECE52BC8ED966A80A7FDE7F9CF796AB73CE00C61E725D0B5FA84FB9E853F6BC16A299D859B04ECD0AEB1723CA418D33
Malicious:	false
Preview:	IWi.s........... ... ... ... ..............................R........................I..I.n.........I..m.]@[-++-.......mO~.DU..U....H....\iU........I..mHu'<.......... IfTG=........H.$mgT.E.jj.....@.$.gT.E........H...FT&M......#.I.4..T.M......[.H..5.THT....m.H..&.T.L......m.@..6.TgT....m.H..&.T.L......m.H..&g\.D......M.I..$.TfL......m.H..&.L.L......m.H..&hT.L.55. .....;..ThTK..K#......I.THL....%.....I.T.L....&.......T.L...!(m.H..&.TgL.."...-..T.L...$I.I..$(T.L.}}.-%.....gT.L.....'...I...T.L....0(...-..T.L....2...-..T.L....5,....=..T.D..8.....=..T.L....:0..../..T.L....1;I.H..$.TgL....>3......T.L....6Am.H..&.T.D.((.8BI....$.TgL..D9.......T.L....:FM.I..$.T.L....<Im.H..&.T.L....K>....-..T.L....LB......T.L....COm.H..&.T.L....PE..$O...T.L....GSI....$.\.L....VI....-..T.L....WK.......T.L....\M....?..T.L....^O...I...T.L..`S..$I"..T.L....bU..../..T.L....eU....-..TgL....hX..$I"..T.L....[jI....$.T.T.ZZ.l\..../..T.L..._mI....$.T.L....`pI.I..$.T.L....tc..$I...T.L....ue......

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\plutonium_logo.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	35232
Entropy (8bit):	2.838914643767553
Encrypted:	false
SSDEEP:	192:D0Ny8O1M53/A08/qcRrFiVUVy8QhmsZGDZ3Vx+yiRhwox:D08i5MqUEUVy8QyZVx+yiR
MD5:	3BF0B57EBF66968739BEB34E39C1E5EB
SHA1:	5B269438ADC91A83244FA5BC164308F93AC60401
SHA-256:	5126F209937875C9A08A5764F86332CB3349EEFAA5D955E417339ADBB20A75C5
SHA-512:	F6D8E3B80FD85C47E7C8B6791B86BB060D130C7332DC5D0EB45868C81D3594227D2C4A1D03E5EF51399A844807777E3F2109A42D910F1498724664B605C48601
Malicious:	false
Preview:	IWi.s.......P...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\preview_mp_deltacamp.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	238496
Entropy (8bit):	5.034262323749784
Encrypted:	false
SSDEEP:	3072:yrYlS+0KcQNZrWZDTzI0GCseWQUFSNTw45h69X2XI:iSUWWZL9sV5FSJf369UI
MD5:	99FA91AAD49E5FAED8A779CF013F6441
SHA1:	F9253FE7B46849646E25D4767CF25D63DB305627
SHA-256:	3EE327DB4206EE0B856DB0CC00833BF6CA16C74BFFA2B1DC533C00B3CCE4B5CE
SHA-512:	00881B0CDB57ED669A84B1AD741848D1246C314F29939A692F297C07F008DF5E65D89AA5D5CC87BF9EAC5CAB714AF3DA4C152586A821AF2A1F9C503016A0F4B0
Malicious:	false
Preview:	IWi.s.......p...........................%......{..........................b...?...............8........................%.b..t..........&...{U}..........................b./.............b.x.._..........A...............b.Z..z..........b.r............A.............&.b.]u.7..........b.%..\|.........!.............!..g.g.........g.A.............&.....~.........G.....?;.........!...5.`.........!.....%.........!..X............!....^`.........!..^.........i!..Z............!..W..r.........!a.%............!...%..........).!.............).!.............).!............).!............1.).............2.)............,2.)............,2.1...z........,2.)............L2.1..UU........+2.1............2.1............+2.1............L:.2W_{_........+:.1............L:.2}..U........,:.2____.........2.1((..........k:.2............K:.2............K:.2...........L:+2WW}.........K:.2............l:.2............L:+2+...........L:K2.*..........l:K:.w..........m:K:............l:K:`............BK:i..........

C:\Users\user\AppData\Local\Plutonium\storage\iw5\images\~weapon_ak47_iw5_spc-rgb&weap~fa48e615.iwi Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	1398160
Entropy (8bit):	4.853284484508598
Encrypted:	false
SSDEEP:	12288:Q6sGNj+FIOaA50zSRPbzatpsZz5LotnqRQqpTkzzdl5vX:1NjeHSzSxPCKpAvfJ
MD5:	37030A6A1D48A09FC07B67EC9A681945
SHA1:	2F76417AC98EB9D2C74DC61F0F6E0A1412C8FF62
SHA-256:	52808FB9897CACF2640AB10B35053477C170ED11024D92B4EAC1D5A83DF3322A
SHA-512:	0DB991D6EE6A983C7FBDAA5CA44F2F9BD154B51C31DBD12F79FD67D95900EC144D4EB428FC52A638B48AA4DF08425FD56C3698D6CDCDFA917CA308B9E6FE9517
Malicious:	false
Preview:	IWi..............U...U...U...U....I.$I.$. . ......I.$I.$.!........I.$I.$.!...((...I.$I.$.!........I.$I.$.!........I.$I.$.!.....w..I.$I.$E)....r...I.$I.$E)..T\^...I.$I.$.....p....I.$I.$. .......I.$I.$E)..wW....I.$I.$.!........I.$I.$.!....<..I.$I.$E)........I.$I.$E).!..iU..I.$I.$.!........I.$I.$.!..>. ...I.$I.$.1..\WWu..I.$I.$e)........I.$I.$.!....T^..I.$I.$.!........I.$I.$e)......I.$I.$.!...(+..I.$I.$f1..SRR...I.$I.$..........I.$I.$..../.....I.$I.$......VV..I.$I.$.....?....I.$I.$.!.......I.$I.$.!........I.$I.$.!.......I.$I.$E)...r....I.$I.$.!...U`...I.$I.$. ........I.$I.$.....'...I.$I.$.!........I.$I.$.!........I.$I.$%)........I.$I.$E)......I.$I.$E).!..Uk..I.$I.$$!.!.._..I.$I.$.!.....a..I.$I.$.!........I.$I.$E)........I.$I.$.!........I.$I.$E). ......I.$I.$E).!....I.$I.$E)...U....I.$I.$%)...U....I.$I.$$!..}Wz`..I.$I.$%)........I.$I.$.9..UUUS..I.$I.$..........I.$I.$%)........I.$I.$E)........I.$I.$$!...h....I.$I.$.!........I.$I.$$!........I.$I.$$!.....)..I.$I.$.B..Ss.U..I.$I.$

C:\Users\user\AppData\Local\Plutonium\storage\iw5\maps\so_deltacamp.d3dbsp.ents Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	17806
Entropy (8bit):	4.835637362561725
Encrypted:	false
SSDEEP:	192:VJrvNXs5xHijgSRZqB+6nPJvS3zxo3zqQ:VJrv+5xijgksPlS363eQ
MD5:	9CAF40023E45B9D41B445E4804A2937E
SHA1:	E8E5472E4633B269DFD4E56F6E8B852E805BA7FC
SHA-256:	82F31632EF61A83D0327399D977384710D4057DF75A79CF8E9BA5543275CFEF0
SHA-512:	341A9FCCEBD14C2400954DAC260DC00EC14045FBA4090943F5464EC557670E498780F2A1C3F6D45AF4F8AF01D41BC3463AE46487A7174DFDC5B52590A97001BF
Malicious:	false
Preview:	{..2811 "0.87 0.94 1"..2812 "0.56"..2813 "0.5 0.5 .62 1"..1987 ".116"..1668 "worldspawn"..1991 "18 111 0"..1990 "0.88 0.93 1"..1989 "0.74"..1669 "103 -1611 461"..}..{..1673 "speakers"..1774 "speaker_truck"..1677 "0 339.7 0"..1669 "-251.5 -1093.8 242.5"..1668 "script_origin"..}..{..1677 "0 212 0"..1669 "398.2 455.8 292"..1673 "speakers"..1668 "script_origin"..}..{..1677 "0 330 0"..1669 "-268.5 -151.8 402.5"..1673 "speakers"..1668 "script_origin"..}..{..1677 "0 217 0"..1669 "248 -507.7 322.5"..1673 "speakers"..1668 "script_origin"..}..{..1677 "0 184.7 0"..1669 "-708.5 -710.2 322.5"..1673 "speakers"..1668 "script_origin"..}..{..1677 "0 138.2 0"..1669 "-714 -493.2 308"..1673 "speakers"..1668 "script_origin"..}..{..1677 "0 88.3 0"..1669 "-688 318.8 115.5"..1673 "speakers"..1668 "script_origin"..}..{..1677 "0 39.7 0"..1669 "-379.5 -773.8 322.5"..1673 "speakers"..1668 "script_origin"..}..{..1669 "1356 -1992 8"..1673 "minimap_corner"..1668 "script_origin"..}..{..1669 "-1476 840 8"..1673 "minim

C:\Users\user\AppData\Local\Plutonium\storage\iw5\mp\mp_highrise.arena Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.9784833735226925
Encrypted:	false
SSDEEP:	6:bMg0AEN76++Hp7SAi5rLKDrH7unMZ06n4JE8TUvAX/N/vFQ5I52i8Vr7yn:bMbiHp7SBlKhi3UvSVvFAIorO
MD5:	EDED1E43306818FD7126B5F9E87873F5
SHA1:	C748DC83972F656D98FEDEB52337DA4D1C193811
SHA-256:	B14616C6993AFA464E56718D28724181A8C71E1E1256D55F30012B19BE9F90E5
SHA-512:	88D461CA19752903275F30DDEA4442AD46610724BAC7491ABF1A9DD56E2E07E4EA10D43BF64E2E0DFDCC43675AFADEC98DF255150DABC3DDBA118562EFC30DD0
Malicious:	false
Preview:	{...map..."mp_highrise"...longname."MPUI_HIGHRISE"...gametype."dm war sab sab2 dom sd sd2 hc thc ctf koth"...description "MPUI_DESC_MAP_HIGHRISE"...mapimage "preview_mp_highrise"...mapoverlay "compass_overlay_map_blank"...allieschar "delta_multicam"...axischar "opforce_air"...environment."urban"...mappack.."27"..}..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\mp\mp_rust.arena Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	310
Entropy (8bit):	4.917143465072558
Encrypted:	false
SSDEEP:	6:BUev++Hp7SAi5rLKD5nMZmn4JE8TUvAXY3dXvFQJu6WClG8Vr7yn:JHp7SBlKyt3UvDpvF81W2rO
MD5:	BAAFE6211E98DF4AB67E2A5A11E8F64B
SHA1:	7642F761E1A9FEF48EF37222E1629E1F50ECF265
SHA-256:	01D4DD61A9CE570D5F8567DEFE3D5F35CA32352A9CEB5C9E71AC9841BA6DC9BB
SHA-512:	45D8EA58E6E9142273BF9EBEF3C76796F5874A3BACBB0ED2D3F506B680D70CE422AE90A90AD8E7BA9D4138C8F2029F1434A6C9D499F3638542C7ADBEC521D895
Malicious:	false
Preview:	{...map..."mp_rust"...longname."MPUI_RUST"...gametype."dm war sab sab2 dom sd sd2 hc thc ctf koth"...description "MPUI_DESC_MAP_RUST"...mapimage "preview_mp_rust"...mapoverlay "compass_overlay_map_blank"...allieschar "sas_urban"...axischar "opforce_henchmen"...environment "desert"...mappack.."27"..}..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\mp\mp_test.arena Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	297
Entropy (8bit):	4.659435968105112
Encrypted:	false
SSDEEP:	6:HA5y++Hp7SAi5r/DfLhJSun4JE8TUvAX/N/vFQ5I52i8Vr7n:HA5kHp7SB9f/03UvSVvFAIor7
MD5:	3B5A174C59821B735214D011739FBCDD
SHA1:	77397422FCCBB57CAE4E14A92B934463D0EC67D3
SHA-256:	C72E7D169D535EF7546DF81D50C97914E61D345F8A1846CD0FA784B5CCD06DFC
SHA-512:	2B1F467C0CE2401103F87BE47DF8B6D96925A894FA30045EB310831274B980711B01FF87BE46730A710A61B56ED9B42B949111D862E2CC5C18AA91F6011802C1
Malicious:	false
Preview:	{...map..."mp_test"...longname."Testmap"...gametype."dm war sab sab2 dom sd sd2 hc thc ctf koth"...description "Just a cube"...mapimage "plutonium_logo"...mapoverlay "compass_overlay_map_blank"...allieschar "delta_multicam"...axischar "opforce_air"...environment."urban"...mappack.."27"..}

C:\Users\user\AppData\Local\Plutonium\storage\iw5\mp_highrise.iwd Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	4190737
Entropy (8bit):	7.938158984628028
Encrypted:	false
SSDEEP:	98304:Ne5+Yd5amE/Bm1rfQi/BM12nMMBhoYcZfBiaKgm0RBMn/sjVERamBcTXJ:NxYdMP/A1rIGOkMghncZfoaXmoB4sJae
MD5:	02049022942ACA2ACD35BACFB54BFF49
SHA1:	B3DA6696E3439973C0FB7C0160614E623D1CFE7D
SHA-256:	3E2B26898ACF9F66C228D399FC170E6CAC17A1665B76DA5E6AF90B250149B8B0
SHA-512:	3A4FC6B641F305A0FA266F38F2DA43515C635DF8E915DE867785D7FF66BF9D9D3B931B9C94929577F92A5CED9CA4A92ACAA8A6C7CFB9948B6F12683F1071CA49
Malicious:	false
Preview:	PK........cp.Q................images/PK.........s.QNS...".........images/city_facade_large_g.iwi.]i\.W.oA..7:...q.:....h..!...%..xq..Q....(.(x....U.... .....D<.b.............Lo.`w=..=.M>T^w....W.;..\F.1...(..e.z.m..Q.K[.......D.e.....O.'.=....beT6.....O\|.....<..V_....e.\|.?..W>8........m.^....&?...S...J......<...k.F./.7.~.#...1.D......{R...r.WC...e.V..........g"........../&....u...j.................7..\......g,>O.E.i....N?x. ..5.9...d....r............./.......wF..3jBJ.\|...Rh?(..&..Zs.p..ohoZ.D...qBlO.u....~..X.N...a'..-.fO.../......../..k.....x..n.'..-.-b...Zy..p...&..3yKl..&.\|tx..>p.E.v...vA...:......h.}.w ..h~..~.7..]..{..bm....n.}p.5.'s.h.W'..h."..f.<)....S.4{...q....}.?w.9;....;yIk.+_.....k.....k.......{........>Q1Z..s...'.../D.....SY.eny....}.$.SA-km..........4V=....0._..........Pwg?L...$@....8:...O.be.....7..V._&..\|g.........!O..c....VT.AMb... Zx_l........z;....m*..z.HI..@..^).?'......b.iJ.c...'....y?xMB,..w.....tf...t.,..^..KR.c....

C:\Users\user\AppData\Local\Plutonium\storage\iw5\mp_rust.iwd Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	13988877
Entropy (8bit):	7.97499842167446
Encrypted:	false
SSDEEP:	393216:kXfX+U3nudcjpFT2xqbMYAuHyAuokDvylacFuwCZ3n:kXfX+UeSbT2eMRTAuoovylaeuwe
MD5:	58058E7F09E130E00DFFD489BAA29B12
SHA1:	EF63D55145E7E111066B0F24B871AE40C9D17AA0
SHA-256:	B2398F40D6EF1B8E8988BB5F9BE190C64E414686FB2F5FD61B893D9A2D81FB0E
SHA-512:	BF50EC985F7751DF1B4D71E53820B32B65750C514AC49B2A015084D6FC2324ADFC6826378A4D899F532576547F22E1F7B6136AF24D4C606FDA0F7E9907870774
Malicious:	false
Preview:	PK...........P................images/PK...........PPb.........$...images/55_gallon_drum_white_dirt.iwi\[{\S......a.=>.{..g.7B....)]..nR.5...lV...)..IR..!@.A.Ck..$>. ....`_.[.P.%.I(......^....?_...;.....?.....<.J.(.%......?..J..B....i8._Kk...[M....#...}.1......."...;...W.Wz..w.j....{..{Uq.#....../..c....).}...j...j.k.+...+5.)...%R2^!W0....bI..duDf..Y..Zb".....~2..C..K...(y..U)=.z@..[..o.......n...P3...t1...&.y%W\|a.;.O6=.IV.W>r....../..(1...u..G..l..M%...L..n.a..t8......8..?\|t../96.3.....L?...~Pn..._V..E...)OS.y'5.<._)...'...;e/5m[..X......f..HC.m..<.5t......dz.r.d..>.DM1.N.)..#.&.F.x%..V.51......+...t.e.v.Q&M...[o.G..d.......+.v.%...j.4..XC4X......t...y......$..q.Q.2....f...+...Xjk.]....r.{..........'.j.+).y...C~Y.eN.6Y.=......^'....F.T9."....\.:......*.8..B.CP....\0.G....Q...O.!cl.......vL.^l<h..../.F...U..4...{YC......D..gtV@N.O..........j...>.~2.s.B...r....S.3..Z..\b.9.t.IT.5.(Q..pCI..../..3E$5.i..BQ.jMB...t.n(..x+_X..tw.........

C:\Users\user\AppData\Local\Plutonium\storage\iw5\mp_test.iwd Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	341882
Entropy (8bit):	7.8893605010696835
Encrypted:	false
SSDEEP:	6144:uaXJ3DphhpglwdfB1OLxCIciSa3BCaLtMo4SXLhw4OkujJsoM81reusqLgjzUS:ZXJ3DfhWywcipRCayebWzHD1FHIzJ
MD5:	CB301B0681FEDC6B6D7E34F1B9F7AF70
SHA1:	AF9BE7612E5664ABBCA4A0D9E61B04054A0316BF
SHA-256:	AC24257DEBC82129BBDAAB3DDBE4055F913C3B64D627C5E499561C0535F1FA4D
SHA-512:	D556F25707CC64A6C8BF72272F4F8E47DB8E087F611F288D777DB9DE22191438F9FD6E28892CF3D373EEE8CF245291D976F1E776291C38B1AE39E84D7F35DD8C
Malicious:	false
Preview:	PK...........P................images/PK........c..PI..y{?.........images/case512brown.iwi.].P.U.~.& ..4.(AEI.1j..........1...4.Ii.u.........Gh..we..c4..z5..z.<...m4-.%.G............w..z..&$...0..?B>]......./.Sp...T..k.Xsw...;/....G...s.X.}o.'..b.......?\|/x.........#.J'&...8..JJ.rp\....9...C.....a....r..<...q.....(..L4<1.P...<\|/...g.z...Mw.........3c.."....GK..j.p...l..J..u~%.0..2.X.C.O.w..?..#..UUs._.....{.n....au=Y]]-bs..Q.E.C....Z].T6.......v..yyy} ....qGn.J....G...Dz....SH..n.Dz...jB.....y..Dz.3..!..[.i..'E.D...+N..@Oi.!g..Q>..`"]....-...[.......E@.....,.0..g5..e.V..V...T...t..(.RP.Vw......l..a..a........3.1..0\"^....y.s.w......................~..\|.........'....S...D.....IpV.j...............2.#.wx.n...Y'......A.......c.2LK...m."Zg.ffdd$.3..G.AJ<..J.(.&~J..l DM..h..A1>.E.....i..Rz...-.).S.NZ^..(..C<1.~D..JL99*.z........2.m@..{.Q........WVJ.Pbi.....PVG<.c...7.y....qy.$B.S..-GIF.......8J....<}PN^...h...&g.H.`../:.r.2.\..^tX.......w\|b..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\plutonium_cheytac.iwd Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	3742007
Entropy (8bit):	7.974917611855864
Encrypted:	false
SSDEEP:	98304:Snx0gm1Q8sPEsXX/aJDf6O+KCoemE4DcO61VNLcQ80QO:qflPbn/atsJ4YT9LcQ80/
MD5:	45AC703EDA9B5A7C305B023C2D3649A5
SHA1:	59FA8D1080E7031B471D39AD52091B0473C97E6D
SHA-256:	ABAF56A35B053A3D5A56D39113A9C2ECA03E3D6538CED77987C75AFFCDFAE118
SHA-512:	90DF475677F20AED5AE18B8B26DB02B6ADDBAC60DA30012DE8356557FE1D890EC4539A7BE0FFFABAC2C7D25944C36063ADF1D2B7812661661BEC29EC61D78D31
Malicious:	false
Preview:	PK.........{}Q................images/PK........`q}Q[!.N... ......images/hud_cheytac.iwi.{HSq....Z.+....e.AA/.p.E...]g........[...e.[[.V....7R.=..........=~.{.....(..:.x.9.....9..).PK...@.R.....~.-...{.......O.}..X>&..s.....4..@.F..).....Z..j2$v..<..5...2..a...{..S=...E"....92.cg<..e...].....W4..<.Q'..m...pcd...@...,13K....Z....y+.t..b....4..?..iRQ........'.?...D..(...D1u.5.k......]..r\....d9....X.....jL...d... .^..M4lM....c..d..23..8...@g...Cl6....x...g.1..3...l..#k&i;9......T.....12......1..p.'..3...2......997E..Y.GP.....E.+...'.9....^.(...,...A.=\.......E9..2$.......qa.!...1 .A.....-3._U.G%p..;......../.....1...D`..5.p..+Z.eS..g.~...<.;.....Mr......n............K.;..Q.\|...R,...\|7.N...:.......[.......7 ....uzy....;...Ee=......-jwV.....i.i.......t..\| ...//...........a..".I.O.i..w/...\....h..r.7.F..n\|.5....o.H...a.F..^..QV.t...;[."\...E.H..C>i...r.8."L...s..@..........n.3s,...bCv.w..ox....D.C..\|...&.^.@.#...:...#..v...s.

C:\Users\user\AppData\Local\Plutonium\storage\iw5\sound\music\plutonium_main.mp3 Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	MPEG ADTS, layer III, v1, 256 kbps, 44.1 kHz, JntStereo
Category:	dropped
Size (bytes):	5665853
Entropy (8bit):	7.943887865071586
Encrypted:	false
SSDEEP:	98304:wS+ha9oIDsvOElodqBaEmNOdtZcnJzdqMDlX5AEnJV7T:j+4NBEloWaBNy9MDlX5bX
MD5:	48366A4D3F9139726007DBB4AD8ED35B
SHA1:	7CD2B86B037DF1FD6505A03A1DC44A19FC3E2168
SHA-256:	D82C65695F5F2A841BA96C292325F147A8B62B95F8000E2653BEFD6F8C3FB531
SHA-512:	854667837E22717A63873723CEDA0E0DA29E81D51506D271A749FFCC48BC050B04C43D6E27B8E338D29EE31B99348FFE8FA8656999B444C6AAF91AD0B24C7D4F
Malicious:	false
Preview:	...d................................Info.......y.Vt=.............!$&)+-1368;=@BDHJMORTWY[_adfiknprvx{}.....................................................:LAME3.99r..........4.$.<M....Vt=..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D..._h..l....P{y..e..oe...[...x.......Q\|..LYhI.Bb.#..(.5..b.......7..)...Cb.F...;.#Q.B.o...p...,..?...O......S..='&.FW:1....O.......FQ.hpT....e.Kf3!.l...^~;

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui\common.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	11358
Entropy (8bit):	4.827902115240708
Encrypted:	false
SSDEEP:	96:5nlPNbgyDSCbwY1vqccYn4MNbQ3DSCbwO1vTcclRquO/0cv6Inuqp39DSCbwSo11:ga0cUOwD2thAPsJe
MD5:	0C5D282E0FEC2A2C5DB133687ECE654D
SHA1:	214CC520E1EB4CC582EC29CAA01B62DAF5B84833
SHA-256:	80E129A990004916C1E2AD0E315A79BCA8C3A5561451249F647036791659C862
SHA-512:	703B6EBE24C1D2B298A14522D17D534D122C970DBD2DC4117EF65E507E6D299223964BB8DDEEC485B30FD5149E15C2CDB1C498030B9359B4621820EE856AD03E
Malicious:	false
Preview:	function Menu_AddButton_Advanced(menu, index, text, onclickcb, onfocuscb, isvisiblecb, isenabledcb).... -- Create button.. button = UI.Item.new().. button:SetRect(-64, 35 + (20 * index), 300, 17, 1, 1).. button:SetTextScale(0.375).. button:SetTextOffset(277, 18).. button:SetTextInvertX(true).. button:SetType(UI.ItemType.Button).. button:SetFont(UI.Fonts.NormalFont).. button:SetText(text).. button:OnFocus(.. function(menu,button).. button:SetMaterial("navbar_selection_bar").....Game.PlaySound("mouse_over")..........if onfocuscb ~= nil then.. onfocuscb(menu, button).. end.. end.. ).. button:OnLeaveFocus(.. function(menu,button).. button:SetMaterial("").. end.. )...button:IsVisible(....isvisiblecb...)...button:IsEnabled(....isenabledcb...).. button:OnClick(....function(menu,button).....Game.PlaySound("mouse_click")..........if onclickcb ~= nil then.. onclick

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\cac_smg_primary.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.073731550481628
Encrypted:	false
SSDEEP:	6:ArK1MdTtzc5uFmGEqv8E4R/7nEmYfE070HBoX:AyMDzc5JxayEmFhQ
MD5:	5E948BF65D00B264E0DEA0F36AC55260
SHA1:	CD36F7493D9E0C832293E7DD23B89718B61944B9
SHA-256:	06BE244FF14B24A6965C2916693790B31868471008DBB60649FBEB91D449F345
SHA-512:	6DD8AE5B764968D78F844246B2E72A17664D41CF07ED400D50961B946FA3EB9C108EC04878482D19ED2F0B8F77883B8A78BE020A8093236DB7D4F00F59A76BAF
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("cac_smg_primary")..... -- Add menu buttons...Menu_Seperator(menu, 6).. CAC_Primary_SMG(menu, 6, "iw5_ak74u", "@WEAPON_AK74U")....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\cac_smg_second_primary.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	221
Entropy (8bit):	5.067015405895406
Encrypted:	false
SSDEEP:	6:ArK1MdTt/4FmGEqv8E4R/7JymYfE070HBoX:AyMD3xa+FhQ
MD5:	008AC8DB0872444BB0C3C966D66E7BD2
SHA1:	D135EDC2F4BA4017F26B8276C345F3228DF2FAC4
SHA-256:	465833766CC47649C5F8D160B98E5F11ABA5889BE4FD3AC9E9B253F6F49D42CD
SHA-512:	E65C6511061B39832F30A885A2E02EBB70AC7ABB8FD596F6667DC020A7CD584CAD09C8993BF4E509506BB7647A36138760434E9C07893454654374987175BA28
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("cac_smg_second_primary")..... -- Add menu buttons...Menu_Seperator(menu, 6).. CAC_Secondary_SMG(menu, 6, "iw5_ak74u", "@WEAPON_AK74U")....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\cac_sniper_primary.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.014673089616396
Encrypted:	false
SSDEEP:	6:ArK1MdTtSR5uFmGEqv8E4R/7nEDnGNAB0FkVX:AyMDIxayE6N87Z
MD5:	4A2DEC53EB5D3D30B24E01D2E5E6C36F
SHA1:	A84E499727D2D0A104772182D7E004656DBED98E
SHA-256:	C7B023844A38D02204D8C73B3F7BF408A4CE2AA9F75ADB85484F8CCA4E87AFBF
SHA-512:	18814E3A194841E5513FC8E81BF8664C053DACB70F126C19E4B4785CFD4A0A1093130A77CBA73ED230EC3BA7B83B7C9A073ACA128788CD9C1D405F99E59B1E63
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("cac_sniper_primary")..... -- Add menu buttons...Menu_Seperator(menu, 6).. CAC_Primary_Sniper(menu, 6, "iw5_cheytac", "@WEAPON_CHEYTAC")....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\cac_sniper_second_primary.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.007829753809839
Encrypted:	false
SSDEEP:	6:ArK1MdTtSe4FmGEqv8E4R/7JyDnGNAB0FkVX:AyMDn/xaiN87Z
MD5:	D37D4CFDC9536766D8D50056FF965F4A
SHA1:	E520EC3CB0078F36857788AAA522DCF9EFF94C32
SHA-256:	D1620677F5D5A13B9E3DC89870983E8B70764E205E7913B0EF6AF5EC05DF6A75
SHA-512:	443BDC3D81DBCC0761474B2F5F1FE8FEF92F95B012E1CEB3657FA6BAE63F1C3F4AE42A7731E11C8B7115D320C1C68CF0E1E19FC82A94E7948294DF7CCD79B80D
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("cac_sniper_second_primary")..... -- Add menu buttons...Menu_Seperator(menu, 6).. CAC_Secondary_Sniper(menu, 6, "iw5_cheytac", "@WEAPON_CHEYTAC")....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\class.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	218
Entropy (8bit):	4.780193824731418
Encrypted:	false
SSDEEP:	3:TMQ3RNBoH3S4AyeF71TAXo+He5ovfmGEqWo2fQgQLtreMLk9LhqEnLLYHwKu5HMt:ArK1Md0oXmGEqvmr0ZeK29q4qwKuHQ
MD5:	000DFAAC0C2C3326D71F829A72C693A1
SHA1:	472F7CDF295E29EDCA840F61E65E39FBADD32754
SHA-256:	6822B6C501FCE30EC51F25EE496CF75AABE8F4231709FB37838650FA4E802E2C
SHA-512:	70F7776409F2F5B496882E7A979DF27F84133E0A6770B5019549638D4E7DCE7D7966034782F902B21ED687264F003FBB773647AF8F9E6E4C5F6320EFEA9906FB
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("class")..... -- Add menu buttons.. Menu_AddButton(menu, 4, "FRIENDS", function(menu,button) Game.OpenMenu("plutonium_friends") end)....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\main.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3471
Entropy (8bit):	5.083630145628476
Encrypted:	false
SSDEEP:	48:JHMCcgRmiQZ943TI7LT6ovWE9Cr4CrwxpQPeRyyXYH9mo7DjMeVWuuU6:JHMNKQ7430b6OCipVRyy8W
MD5:	A5DCA1219A37E1AC33B0D5BEAF75D68E
SHA1:	CC662A5B51571951C9ED067F1F2C89DAF4BB25AA
SHA-256:	D3A1636D48650AE67A31A3467EBC57BB802B5407E7FC80B75EFEE9B3DE1B102A
SHA-512:	CE3B15ECEBC089407058617E02664712F62E405476E2126EE5754B470CB8093A7847ACADF4626F975737FC9BA72F4C65143C99943AA6AA23F28B3BA70A894409
Malicious:	false
Preview:	function SignIn().. Game.ExecuteCommand("xrequirelivesignin").. Game.ExecuteCommand("startentitlements").. Game.ExecuteCommand("upload_playercard")..end....function Init().... -- Allocate menu.. menu = UI.Menu.new("main")...menu:OnOpen(....function(menu).. Game.SetLocalVarString("ui_customClassLoc", "customClasses")....end...).. menu:OnEsc(.. function(menu).. Game.OpenMenu("quit_popmenu").. end.. ).. menu:SetSoundLoop("music_mainmenu_mp").... -- Create background item.. background = UI.Item.new().. background:SetRect(0, 0, 640, 480, 4, 4).. background:SetType(UI.ItemType.Image).. background:SetMaterial("background_image").. menu:AddItem(background).....-- Sidebar background...sidebar = UI.Item.new()...sidebar:SetRect(-64, 0, 300, 480, 1, 0)...sidebar:SetType(UI.ItemType.Rectangle)...sidebar:SetBackColor(0, 0, 0, 0.3)...menu:AddItem(sidebar)..... -- Create plutonium logo.. logo = UI.Item.new()...logo:Set

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\menu_online_barracks.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	426
Entropy (8bit):	4.945005240786949
Encrypted:	false
SSDEEP:	6:ArK1Md2eHD+XmGEqv8E4R/GrbrgL29q4qwKHGjWoIKtH3UrdLHmmF2Fu29q4qwKw:AyM8eHD/xa/UL8BM7oI26DFkJBMp3G
MD5:	E4AB454327301A8DAA953F060F958D89
SHA1:	9A6815EE17C236B4121BE9ACF07BCC294FD8ED50
SHA-256:	2D3A70A29C76EA8A0657C0B6F5460D91CD4BD9DBE95975BAFDB549684EFC75BA
SHA-512:	CDE47C25FDF52075DDBA9B21A9C7AED5883664C553A6825969C29407835A948AEB8DC30A84DB1F42BAB308C7DC9B8DBD0AC98569CC6930D4891A338DDB13423C
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("menu_online_barracks")..... -- Add menu buttons...Menu_Seperator(menu, 8).. Menu_AddButton(menu, 8, "UNLOCK ALL", function(menu,button) Game.OpenMenu("plutonium_unlockall_warning") Game.PlaySound("consider_prestige") end).. Menu_AddButton(menu, 9, "CUSTOMISE STATS", function(menu,button) Game.OpenMenu("plutonium_customise_stats") end)....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\pc_options_controls.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	296
Entropy (8bit):	4.847563683958215
Encrypted:	false
SSDEEP:	3:TMQ3RNBoH3S4AyeF71TAXo+HshIKrNH6WfQgIROLs9Vxr5t9LhqEnLLYHwKfLxrF:ArK1MdHKx6GrIHxrt9q4qwKjKVHKjrgC
MD5:	08347BF577E9A06E6B50BDAAD98BEF5C
SHA1:	839F92DC41D16A998408B17715A7F18AA20A05D2
SHA-256:	7D8C2D7DD2AFE63F7350460F1D6BD1477457A78B42EDDEF3A0B1F8E326FFD170
SHA-512:	65F1BEDEE1D33A9E1F0A148331A6924BC8A90BC66F8C4C2CA07C8E97745E9F9291A35495D1E0C8DB9B2C493DFF244D2CC0A1A14D1223AA9F664F23EFB7C21A55
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("pc_options_controls").. .. Menu_AddButton_RightPanel(menu, 5, "CONTROLLER", function(menu,button) Game.OpenMenu("plutonium_controller_controls") Game.CloseMenu("pc_options_controls_ingame") end, nil, nil, nil)....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\pc_options_controls_ingame.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	303
Entropy (8bit):	4.849045124601968
Encrypted:	false
SSDEEP:	3:TMQ3RNBoH3S4AyeF71TAXo+HshIKrD2WJH6WfQgIROLs9Vxr5t9LhqEnLLYHwKfH:ArK1MdHK76GrIHxrt9q4qwKjKVHKjrgC
MD5:	1C16514F8DFFE316146955BF09275A05
SHA1:	91C9BCE8B7ED902597ECF20F33ABD5AADA24A4EA
SHA-256:	CDAE6129028A0B7530DDCE02111BC7F8BFDEE795BA14EE9FCF7B051683FD333C
SHA-512:	50894D14E2FF47C6AE91CC1DACED5D54DC34C2374A9F042C9FBC0A6AA5B73E6F8F106F7775CE6BF4ACAD98682366025D9BAACAA6CD92559F209E5DF4C6B98AC0
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("pc_options_controls_ingame").. .. Menu_AddButton_RightPanel(menu, 5, "CONTROLLER", function(menu,button) Game.OpenMenu("plutonium_controller_controls") Game.CloseMenu("pc_options_controls_ingame") end, nil, nil, nil)....end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_controller_controls.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	21640
Entropy (8bit):	4.9055609719322275
Encrypted:	false
SSDEEP:	96:hJ+vfeMhSJ6Yqc8c8H3/uYSWRbSMtaoJY5Y1EnqmF3pTUqXp7w8yCUopjqL2f88G:LyGc/uoeJwdhqKBNEZqd
MD5:	5AB1B811EE86004AD90CB6B90BA7336F
SHA1:	C1BA59AC056FB62ED5FF042FB49E6AD57DABA293
SHA-256:	A087D33E974760B873146106FE66FE38FC7146757AC0BCD8AA26DB94EBE88C48
SHA-512:	49BE5B0DB236BDF01824C892066BBC35892AF524171C1ED6D9A2355FCCFDBD1A45B4BE6117140637E7A8E5895D654EFCC2232806C77819CAB0F6B0C67EEC7204
Malicious:	false
Preview:	function Init().... -- Allocate main controller menu.. controlsmenu = UI.Menu.new("plutonium_controller_controls").. controlsmenu:OnOpen(.. function().. -- Toggle background material based on game state.. if (Game.GetDvarBool("cl_ingame") == true) then.. controlsbackground:SetMaterial("").. buttonsbackground:SetMaterial("").. sticksbackground:SetMaterial("").. controlsbackgroundfill:SetBackColor(0, 0, 0, 0.2).. buttonsbackgroundfill:SetBackColor(0, 0, 0, 0.2).. sticksbackgroundfill:SetBackColor(0, 0, 0, 0.2).. else.. controlsbackground:SetMaterial("background_image_blur_less").. buttonsbackground:SetMaterial("background_image_blur_less").. sticksbackground:SetMaterial("background_image_blur_less").. controlsbackgroundfill:SetBackColor(0, 0, 0, 0).. buttonsbackgroundfill:SetBa

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_customise_stats.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1623
Entropy (8bit):	4.59398154058566
Encrypted:	false
SSDEEP:	24:LIH6PKvN8YyKvy84M8OvhRrQKz0AzXN64nrgx8PXfKy/:LIaSxHUM//rZz9UxG/
MD5:	369AD08844413A9C2D9FACA126919BE3
SHA1:	E167B22853BC674C87ED17B42C99CFAD7C8CACF5
SHA-256:	9BF0987476185832A4BEE247B2ABF6FD8067361426F9A18101334420481FE0BD
SHA-512:	2457CF28480DCDC290C0D54F7B6B36AD07095941BF7E5F041C8DEAA2ABDFE550E0D42B17C20928307EDA8D3BF951DD7BAE6CFE5230E81F8BCCFFB900212ABC40
Malicious:	false
Preview:	function Init().... -- Define buttons.. buttonoptions = {}.... buttonoptions[1] = {.. function(menu) .. Game.CloseMenu("plutonium_customise_stats").. Game.OpenMenu("plutonium_customise_stats_prestige1").. end,.. "PRESTIGE".. }.... buttonoptions[2] = {.. function(menu) .. Game.CloseMenu("plutonium_customise_stats").. Game.OpenMenu("plutonium_customise_stats_prestigetokens").. end,.. "PRESTIGE TOKENS".. }.... buttonoptions[3] = {.. function(menu).. Game.CloseMenu("plutonium_customise_stats").. Game.OpenMenu("reset_stats1").. end,.. "RESET STATS".. }.... buttonoptions[4] = {.. function(menu) .. Game.CloseMenu("plutonium_customise_stats").. end,.. "CANCEL".. }.... -- Allocate popup...menu = Popup_Create_Advanced("plutonium_customise_stats", "What stat do you wish to modify?", 400, 180,.. func

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_customise_stats_prestige1.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1759
Entropy (8bit):	4.544886298916549
Encrypted:	false
SSDEEP:	24:LIuoul86Kpx3oHIHVe78b0AzrLsW4q8rgx8PgmWr/:LIAeZ2oHVtb0tUxGm/
MD5:	4989B3C44588C49F050AB0E6638FC1CD
SHA1:	190387DEDD34C5D295FF1E686B36602DF0259D9B
SHA-256:	BAB25FDED34BA58466EAE6DD81DF6B04D8BF9AC9F837438C3F1F27036BAE8A12
SHA-512:	6A7338F745D29621C9C3D099C935DB825F5F471DCC49A4ACF3C42DF61AD36FD5CC99C280CDE21F9284E5200E84DB94EBA44190C641F6433595B075F16AD2E1E7
Malicious:	false
Preview:	function Init().... -- Define buttons.. buttonoptions = {}.. height = 0.... for i=1,11 do .. height = height + 28.. buttonoptions[i] = {.. function(menu) .. Game.SetPlayerData("prestige " .. i-1).. Game.PlaySound("enter_prestige").. Game.CloseMenu("plutonium_customise_stats_prestige1").. Game.OpenMenu("plutonium_customise_stats").. end,.. ("PRESTIGE " .. i-1).. }.. end.... buttonoptions[12] = {.. function(menu).. Game.CloseMenu("plutonium_customise_stats_prestige1").. Game.OpenMenu("plutonium_customise_stats_prestige2").. end,.. ("MORE...").. }.... buttonoptions[13] = {.. function(menu) .. Game.CloseMenu("plutonium_customise_stats_prestige1").. Game.OpenMenu("plutonium_customise_stats").. end,.. ("BACK").. }.. height = height + 56.... -- Allocate popup...me

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_customise_stats_prestige2.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1681
Entropy (8bit):	4.527434006535795
Encrypted:	false
SSDEEP:	24:LISoV8H9862pUbNSnzNSneyHNvJ0AzWH9LsW4DHNBgx8PgmWr/:LIr82XgN4zN4nVJ2SnUxGm/
MD5:	C0E02043615271906B1989439653507E
SHA1:	D88B25FE4EFBBC5FF928D39BDD1FB6F93919CDD6
SHA-256:	385E1B440D8A0F4FB5C3BD1480FD2F5D4FF8998FE3358FC522D6B2B2BD0D0B45
SHA-512:	C5EA3C207E4BD957FC6EFA24C7B26C2CDA8516FBB618D0B67CFEFB5CA54E3C384571A034D3017C2AF291BBDC37D1BBD093D1D32A3FF54ED052C20F2214433D42
Malicious:	false
Preview:	function Init().... -- Define buttons.. buttonoptions = {}.. height = 0.... for i=1,10 do .. buttonoptions[i] = {.. function(menu) .. Game.SetPlayerData("prestige " .. (i+10)).. Game.PlaySound("enter_prestige").. Game.CloseMenu("plutonium_customise_stats_prestige2").. Game.OpenMenu("plutonium_customise_stats").. end,.. ("PRESTIGE " .. (i+10)).. }.. height = height + 28.. end.... buttonoptions[11] = {.. nil,.. nil.. }.... buttonoptions[12] = {.. nil,.. nil.. }.... buttonoptions[13] = {.. function(menu) .. Game.CloseMenu("plutonium_customise_stats_prestige2").. Game.OpenMenu("plutonium_customise_stats_prestige1").. end,.. "BACK".. }.. height = height + 84.... -- Allocate popup...menu = Popup_Create_Advanced("plutonium_customise_stats_prestige2", "Choose your prestige"

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_customise_stats_prestigetokens.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2240
Entropy (8bit):	4.583064976438128
Encrypted:	false
SSDEEP:	24:LIH6PYt38QOyYb85M8YJ8hQM8V0AzELV4H8rgx8UrXgiKZ/2k0I/:LIaDQOm5Mmh6VAUx1/JI/
MD5:	3148EFC3C138E7AA630E19FECFB41B52
SHA1:	250EA77885B562AEFE69A907E51C6A57BD4F3F86
SHA-256:	E7D9A91982A7553445750C17F85F842F06DA64D72A73941EE9ACE1B8EB942A53
SHA-512:	9FF1EE7CAC06C49F9D3822D4C2C2AF733E369431B1D14FFE7F63A7F9C67272FB8149F94B0297319DC87FC3083A41D03062782BAB8869DF289B7E598C57E57415
Malicious:	false
Preview:	function Init().... -- Define buttons.. buttonoptions = {}.... buttonoptions[1] = {.. function(menu) .. Game.SetPlayerData("prestigeShopTokens " .. 1000).. Game.PlaySound("mp_ingame_summary").. Game.CloseMenu("plutonium_customise_stats_prestigetokens").. Game.OpenMenu("plutonium_customise_stats").. end,.. "1,000 Tokens".. }.... buttonoptions[2] = {.. function(menu) .. Game.SetPlayerData("prestigeShopTokens " .. 100).. Game.PlaySound("mp_ingame_summary").. Game.CloseMenu("plutonium_customise_stats_prestigetokens").. Game.OpenMenu("plutonium_customise_stats").. end,.. "100 Tokens".. }.... buttonoptions[3] = {.. function(menu) .. Game.SetPlayerData("prestigeShopTokens " .. 10).. Game.PlaySound("mp_ingame_summary").. Game.CloseMenu("plutonium_customise_stats_prestigetokens").. Game.OpenMenu(

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_friends.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1692
Entropy (8bit):	4.113464043768281
Encrypted:	false
SSDEEP:	24:U4nMYsMXCH2PPc75CN9O+FCN9VbUBADx+F5diS5vVwvvV6vvKwpXtbHXY9r:FnMuc23D2iAEjBQv96Rc
MD5:	E62AC5730EF23FA96DCF67613FF18092
SHA1:	7AAD3918090585E3AE05CD83CCE24572BC3F6273
SHA-256:	E358C6CC5F23F96DA6CC77D63B878C8AC9D5C60B68B0BC175B6767C77BFE3E76
SHA-512:	499B1971CE2B5ECD3DC7DF90A0A3EF8B7AEC01F3B0CDBC30129FCCDC778C7A654B07966D78D837074AFDAC0F045399802843A08F5C9F1CE27FF0E969C5F513E9
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = Popup_Create("plutonium_friends", "FRIENDS", 534, 340,.. nil, -- onopen.. nil, -- onclose.. function(menu, item) -- accept.. Game.CloseMenu("plutonium_friends").. end, .. nil -- cancel.. ).... -- Create friendslist.. friends = UI.Item.new().. friends:SetRect(-267, -135, 534, 280, 2, 2).. friends:SetTextScale(0.3).. friends:SetFont(UI.Fonts.BigFont).. friends:SetType(UI.ItemType.ListBox).. friends:SetBorder(false).. friends:SetBorderSize(0.5).. friends:SetBorderColor(1, 1, 1, 0).. friends:SetItemSize(14).. friends:OnClick(.. function (menu, mods).. .. end.. ).. friends:OnDoubleClick(.. function (menu, mods).. Game.JoinFriend(.. mods:GetSelectedItemIndex().. ).. end.. ).. friends:GetColumnText(.. functi

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\plutonium_unlockall_warning.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1316
Entropy (8bit):	4.695793349033567
Encrypted:	false
SSDEEP:	24:00A04iasvo0K3rx8UrubAVOl32JL00NM5q:084vrx1SbAV4gY0NM5q
MD5:	2AF4D9C2BEADF98F07DC4378A8E4A6B2
SHA1:	BE675F335EAF3A0B1318B873DE17A179D5733A37
SHA-256:	55D14E4AB6BD2D20EECE88DCFA31FD3920FD10D4079E01725EA99665953C36B4
SHA-512:	1A8C19AB6770B7970C3EBD9498D57DA94BAA6F7B0D191F987848E02E0413C390A9DEF5733CAB29F83650D9BF3661FE823ED9A4BF74588B632B430569B68E027B
Malicious:	false
Preview:	function Init().... -- Allocate popup...menu = Popup_Create("plutonium_unlockall_warning", "UNLOCK IT ALL?", 400, 200,.. function(menu) -- onopen.. Game.PlaySound("tabs_slide").. end, .. function(menu) -- onclose.. Game.CloseMenu("plutonium_unlockall_warning").. Game.PlaySound("exit_prestige").. end,.. function(menu, item) -- accept.. Game.CloseMenu("plutonium_unlockall_warning").. Game.PlaySound("mp_level_up").. Game.ExecuteCommand("unlockall").. end, .. function(menu, item) -- cancel.. Game.CloseMenu("plutonium_unlockall_warning").. Game.PlaySound("exit_prestige").. end,.. false.. ).... -- Text.. warning = UI.Item.new().. warning:SetType(UI.ItemType.Text).. warning:SetRect(-195, -55, 400, 200, 2, 2).. warning:SetText("Want to experience the fun without the grind?\nThen

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\popup_callsign.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	429
Entropy (8bit):	4.806474664013379
Encrypted:	false
SSDEEP:	6:ArK1MdVjXmGEqv8E41lUr0WokS9qZgidEoawWkUxdMwWkU+8C6wWkU4HB/6uw:AyMrjWxaQ1+AMbEWU1UCU4hSP
MD5:	2E6196B5A0F5A28E9084A5FBB769FBA2
SHA1:	C5E0F8DE3365EF754FF64B21385CCAE26051ABDF
SHA-256:	D1FF3A18DAE3E94BFE6C4427264C419A19F176DC6A91C410012DD3D6FBEF2804
SHA-512:	B86A2665D79FB5916F7F783862BFD1B7953B8302453A02A6ABC9DAEF1B40AC024EC09F0E6CA54E88876178DB84876A88F9F94FE4163C524772E83D2CBB25153A
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("popup_callsign")..... -- Add menu buttons...Menu_Seperator(menu, 4).. Menu_AddButton(menu, 4, "USE FORUM AVATAR", .. function(menu,button) .. Game.SetPlayerData("cardIcon 0") .. Game.ExecuteCommand("upload_playercard").. Game.ExecuteCommand("updateGamerProfile").. Game.ExecuteCommand("uploadStats").. end)......end..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\ui_mp\serverfilters.lua Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1892
Entropy (8bit):	4.682499354285951
Encrypted:	false
SSDEEP:	24:p4nC38NbYzyDERblqNwsA6ctldKv2vsAXE3A0kKkRrg8VnyiRqngCVFWaV3Yh:CnfNbqyDERbcNwIctldzvqZkvRrwnze
MD5:	9DDFF5DA7006188BAF7D6C85EA9D7B26
SHA1:	B3E6DFE16BFAE069380BD05A61FCCFB040627053
SHA-256:	933E0DA50423CFFE3024094E4AA671C231F9AB1938205CD5287F705FD9988DC1
SHA-512:	B1B70EBB7CF99C9E78EEFE7BEAB12A19B2FD995A9127AE5C0D700560D0F38D3B5042F13716F6CA85002301CB58D25BD35F8674F376DA07A3D2FD7B30597B9D30
Malicious:	false
Preview:	function Init().... -- Allocate menu.. menu = UI.MenuOverlay.new("serverfilters").... button = UI.Item.new().. button:SetRect(((205 * 2) + 11), ((24 * 15) + 11), 205, 20, 0, 0).. button:SetTextScale(0.375).. button:SetTextOffset(103, 18).. button:SetTextInvertX(true).. button:SetType(UI.ItemType.Button).. button:SetFont(UI.Fonts.NormalFont).. -- Getter sets text.. getNoTrickshot(nil, button).... button:OnFocus(.. function(menu,button).. button:SetMaterial("navbar_selection_bar_centered").....Game.PlaySound("mouse_over").....if onfocuscb ~= nil then.. onfocuscb(menu, button).. end.. end.. ).. button:OnLeaveFocus(.. function(menu,button).. button:SetMaterial("").. end.. )...button:IsVisible(....isvisiblecb...)...button:IsEnabled(....isenabledcb...).. button:OnClick(.. function(menu,button).. Game.PlaySound("mouse_click").. setNoTrickshot

C:\Users\user\AppData\Local\Plutonium\storage\iw5\video\plutonium.bik Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	Bink Video rev.i, 1920x1080, 205 frames at rate 208333/5000000, 1 audio track 48000Hz stereo
Category:	dropped
Size (bytes):	19945136
Entropy (8bit):	7.933846414436967
Encrypted:	false
SSDEEP:	393216:TgXrU6CwMGKhC4bnvHHCVIT5U/9jf7hfJJnM:T4rpC/B/bnPfO/9ZBJM
MD5:	C51874D6A2A71486251CDF0CD75F9C8C
SHA1:	0CBE4FDC859BDBB82000F240C6DBA16309FE7B05
SHA-256:	9DCCCFB695DD1FDC6882CC46B4CE2CAAB18CB3D3CEC0C308569AF728BCE5E7E1
SHA-512:	B75947669229CB09F04FD19445B316E5C1C7E8E571D9F5D1343C2BDF498445A9ED6717DA79EA0483390AF11ED6E21AB501EA372994931FFD14E78CB220F03531
Malicious:	false
Preview:	BIKi.V0.................8...@KL..-...........:.....p....q.......XA..............4............[.........4Z..X..../...v......D.......k.........`{..(..... .p.".0W$.."&.X.'.d{).....w,.l...0./..z1..R3.\&5...6.D.8...:.D=<.d.=..>?..@...A...B...C.P.E.4&F..TG...H...I..K. 9M...O.p.P.`.R.lKT...U..;W...X.D.Z...[..\].. _...`...b.4.d..-f. .g...i..Jj..Tk.8Ml. Lm..Xn..\|o.l.p..&r...s.\|.u..bv...v.d)w..uw...w.d.w..Lx...x.Xh\|.....dD......d...u.................... C..........s..H.......0V...x........../..H...l...y.........8.......(l...N...`..x:......I..D6......p....D..T...\|...D....'...S.....T....J.......3..........lZ..\...h....b......"......L...\|F......$r.. ...HD......8...d...L>..`y.......(.......;..8........&...e..........T.......\....t.......f.......... a..........hr..0........G......pZ......lY.......p..........h...LP..L. ...!.X.#.X.%.X.'...)...+..U-.h...../.x.0..L0..V0......:....V B...a!....0......`P...0a...$.J....%...4..O#d,......D.j.....@",...>\|..a.9..zH9.........................

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_highrise.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	28812456
Entropy (8bit):	7.997961762584362
Encrypted:	true
SSDEEP:	393216:9Rh/0dYQvbNCe1vrZKOTqCFO2pP7JFah8H60OgYh/BEBythoFo6hegStfbNuGyfP:VqJDNCeGC9p9QIDOgYketDYGsIWwA
MD5:	76E112C7D8387C1C4F8E45DC0B1F5736
SHA1:	D29E8519058C49BCC04FDEDE0035B82548B82BC3
SHA-256:	96F4A3841940F3A57F021C42E820887FC34AB75EBBE063E4915B4717A06390C9
SHA-512:	50CD6B8302A40C5007864B5E5453714DB0E546AE1C981AB2CF58961BFC61AD67D048F7E8FA78DA25172E098BEDFF7F2386F28DC27CD75857543E2E6B3B416537
Malicious:	true
Preview:	IWffu100.............(./..`7....9..B.@[@..6c........e..z.r ..F[..3...?/..:p......7...m.X.&..V...2i4..q.d.&..{..._.<. ...v..2.........q..q//////////////.EZX@..E..)....................@ .....@....u].u].u].}^\8..\|>.....\|>/.EZX@..M.U.%.>.q..~.T....D.^JuX...6..[.........!.mT[K....Z.....X\@.~!xq<..L....m...qNv...7c..s...k~..i.Q.B.}.`...G.$y....$...qr.$.85...Y......M..6..u.n....p......Qn.8.....z..6.......\|8j.(.G.....k._XI'....pT$.]hm.F..7...p.~...(.,.......9j.qj...6.+.1W.6Do....O.....p.U.Fjs5A`.B..>..5..=...V.LCP...1I...jCT.Y<..\..@".4....h.5..h..9..$.[K.?.v...ho.V=.%.}hM...>\|1...Y..O9+V........B..&.Q..c....Z>... jE....`M.b.t...z9....v....gsM...d...k.z..Ev.....8D...D.V..J...X...\..H.I#......l..A..ut.m@..... ...8....g.]r.k..+]BG.H#h...>Yj3(.ES.775..z.*:.4i.^./..j..6.Az.%.t.m.Z.[mB.j/4-.'Q...P..2.'.%.j?;.P..aM..`..../=..O8Dq....M.k0.%.[c...l.I,a. .%j.H.............q..#...4.V..=..k..J..U..}8j..8.z.W.....l-.F....a.6..K.g.h.k....zm.....^..Q.~.4.(..

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_highrise_load.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	740
Entropy (8bit):	7.743822136153416
Encrypted:	false
SSDEEP:	12:73b+H3FtT46T8nQxWtDNBhZ0OgA0lBIQh2+uDwxRyeDVauC2E/+KFFhTn9XaLQn:7rAFMyqdRPV+8wxseDV/C2EXFhTn9QQ
MD5:	3BBC4520C13EF745127C101EA6E5A1D0
SHA1:	1D57D1F573806F20D8F45A65B5017D92E9BA1F66
SHA-256:	30477A8B6783F5A6EE9DADA3C8FBA6BCC535D66CF756500908976C717736C5EA
SHA-512:	552EBC2A00BC9840EB297C2F09D1E4FAE9523E19C9FC922773103C16AC8EB1E99A6F4B7E2B63698C0A2EBA25E5BA8E9ECCC2CE3E5A5F97990101FF3C108B0CDF
Malicious:	false
Preview:	IWffu100.............(./.`0.-...F..6k)L.q....v...?.V....._.n.f.Z..1.n....6J.'...........<....a.G..#I"e.l.q.~.2w..W.N...hv.z....i.Q....>.....h..u.......!.}..H.....s({..Q$P$Sa..g^p.p.^./....$.Zi.M#.b;...1.V\K_.....y.b.hZ..bg[...Ma.1......{..f...ys...F.%z.....5.z...Y"...%z.^.&&&(...)...R.wA1$S..w...e.lJ...5.8.g,.....{..9......?:.(.6.......2..S..1..@D/3.rD...i.q.....8A...K..DC;HB.X..P....@t...a.BE.K6...n.\|.-..v.l:9}c.5.&.;..r.....4.<7...h.T0........x.....G..?.ioX..h.{.S._....#.+P.....6..sJ#..`.].~../.'Dyd.S....i..V!m......g.;...vKiV .f.f...$%..t..aI.7.xm....Y.zk..4.s3..dF(f.........#...8.....OE."\|.y]s.$.................".K...G.W(7..hW.6..~.2X.3.Y..?.... M..ui....>...i.9..G.z+FZ......Gf........5C

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_rust.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	25014836
Entropy (8bit):	7.99851792220897
Encrypted:	true
SSDEEP:	393216:ZzIW7N73s/XbygOhsEPj2RBTp0CdGF8RB8vL7rFQLGr/yzSKXzu0GdZPcqIeFue:ZzIOrs/XTOhsEPj2R50XroDKjUbQ
MD5:	A2AD1DE1972D9247374D59CF43B4B991
SHA1:	3E89F65FC33C295E8C8BA1C3E45C27C5F3779FF4
SHA-256:	9BC6E501CD51BAF9AC4DFDAFF2D505162542DACD1C61688B373DA2B6327ADD6F
SHA-512:	D6CE05DF4CCCD08054F5A9CDA2007312329F186568F8A603B812C4239A31225D46763D85C5FB9E4A1EAA3D84F600F217B5CB6194CE8243B4FFFE6C23E48D7DEF
Malicious:	true
Preview:	IWffu100.............(./..`..........4\0..7...T7..."...\|}.x=x{...<P%..w$.b.GD...C3..b...e^.R..B..e..N.%.].!g.......t...iW.1..L)......%..[.w.........Y.=l.a....).,..F..O.....b.u._....w!c..8.\>.M..o.\....#.'I._.u...@..AG.9.Z..H....., .F...Q].o..Q8/.>.uhh.?]8.$..FT~.C...E.q{.99.....G.....O. ........P.Q.Q.O.V@..O_V.S..... ....fh...e.Y....If...e.hbZ.Y.Y.e.~V.%......h#-.]{.....0.Q.0...q.^.....J{-.r@+((......eP.`.G.2m.0......Yu.._..K.P#^]P.7}-.._.Ba........"7D...T%..."C....".&{.....J[..x8.a..V8za.Y.. ./."....J.PK..N.....9,....._ N.p....+....+....Q.P..].8s9.R......5.....1....aj...1.....{......=657...=W."En...bScm..0K.PP:.(.c.!r9..LBj<<f...U.0..Y.).j6.......i...n..E.s...yx.\f}8....^Z.....;.Y..P...M.l.PuE..0.Q..>y......@....:..oV.....,.q..\|MEJ..tU...y...(..A.....zn.1.4..n...)b.T_.-..7[.N...tmn.;./...z..g.8...&f....U.4.....P_..........+U.z.H).pl.@..?b.,..<...ip .['..".>m...,.?._Y....T.#...2.d7....6.m;44...h}..K ......G\M..W....@^i.!{..%l.N.>..}.

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_rust_load.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	698
Entropy (8bit):	7.660102516386352
Encrypted:	false
SSDEEP:	12:7FxgYJDNYxjKfQ4Ep8CLW6ZDAdHXeRfIxK9tn5cS1PDNK1UyjQlBMWSx2v:7EoyKo42sdKQA9HVBNK1UdIWt
MD5:	3FA08706E5D25B66D37B7F4B2865C025
SHA1:	8114818A129EEC71162A5B21ABF272C9A6E70F9C
SHA-256:	D368C9D954222051E2185BDBCE51162986703062C287CB312AA7B2C44F154FBB
SHA-512:	F41848DC7DC7685992E5075CF4C218BC43D62C8C70A6C1C157849302A2CA317DE5BDE008D5221F6226F56B742B5DF4C569C2A4398C3AFDDADF1AD8C90E831976
Malicious:	false
Preview:	IWffu100.............(./.`.....v.zE..6......I.(`..".@....@8y.K..)-.`0...A..f..W.....!.L<..I.a.0@gR......e.i.q.....j....b.....h...y....0..).............(C({....../.......v..Cy..6j..qa.Q:.`....,......J....f.N:.z..[d....-.zr>._.Bg,......o].E..&.....+....a.2.D...D ....HD.....D.....9.L'......(....<..md.U./0.B&..7.OG...K.`".(..\|@.....G..q.......c.....v..BI.@..N.C2...^.\|......>....~Q...r...L.....2.R....,%\...t.z...e..).F....l".>.x2.w=\|...@..7...Y>..7.......5.M.]NL...'..v.]Y.......}..v.}H{..c...'.c...V .f...\J...(...r...]A.s...i-.5T..i......,`.u.] /k... ...81..gQ...........\Xw{bQy...vd.r........(....m...k...c ..;s.uO.......D.Y.&..0.#M....c.=&..b...M(.\|3.e>.<Cl.qG....

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\mp_test.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	366321
Entropy (8bit):	7.995792671526227
Encrypted:	true
SSDEEP:	6144:lDQbwGXq5XIXKqAnw3xMUsqiNa3Lyjn28qqJmLti7rBNt0GNK/fYX9eNfrs/YTJ:lDQ3Xf6qxHZiNaWnZRJHC/QX4SyJ
MD5:	A2F757E4C407B8626CD82B70A9C556A8
SHA1:	9286E51F2F41FCF039D560E1A438FD1E4D868078
SHA-256:	1AA9A16BB1B98666655F3E77561CBF7E9BA150F04EF7D17090B833536EBA357D
SHA-512:	1854326D331EB8DD16084579C07D8722AD368D6CD908E185954194645AC783F67C0C0C371AB7D4C7BF612B11303B7E7AD93C7DDA822762449751956D934E8ADF
Malicious:	true
Preview:	IWffu100.............(./..`.C.,/....X\ .Yu.W.-....5.U..S....O.v%...g..+.XE#...&X.&..(w.:g....z.<.<r.`VG .u......k....'i..$.....n.t.3.9......Q.#.F.F.O..8..%Kv<"..!.....A(........ODgqJ....."..8o..;.Y.N~.....P...$.'......^...r..........^Qx.3P........Y.=.-..1.g.....+.....[..^.$..$@.;.y"....F.M.%O.eyd.5u.v.A[......YE.#,...:.g...:...3...b..d..d....t..Q ...Gt.....Bt:.c...t..g.W..b...1..........v....y..P...;....s....v9..t..a..?'L......`.l..l..........&.gHf......=..h+1:7i.........t<..[..^....@b..p.3....b..<.....P.....................a.$..{&.r..a..;..o...\..>.c1...#ys..{...=.1V.....?.....;..^.3.....3....~.{.rl.......D..q...../.....#.&j.~&..$.A2..pD..v....Bz,.....6.C.geyT...Y.D...U7..n...r..O...5.]-....A..R.....+Oq\|.... ...>.-#...[..6.b.....IO...._......M...x1....wp.58.}. .....c.~.I...F[.78>....b.3...$.=p.0a...O.7..p.Q(..b.fR.........;.u.....?....tc.A...."..{.....Hf.D..<..x...c!O4........[.5T.....,..r5....j.......q.9.~..KU....nD..'.3......Of.

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_code_post_gfx_mp.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	35351
Entropy (8bit):	7.991037839353682
Encrypted:	true
SSDEEP:	768:1LLYZ8tv7E6t7h2ZedEopm1uQiyglQNtK4JkVLdEqVccOUbbN:1gZ8ltc8dE42i/ll4kVaqVZ
MD5:	E65416611C91640CE54EE7103FA88083
SHA1:	613C89978E0F20438335841737699F38831E16FD
SHA-256:	392B35D839BEC08799B42A1B804A61541319356385F2F403971E27BC42370590
SHA-512:	E47924B0D7CA2FD201BCB4675FBB60FEC10BDBC9BEAD45F4D610BB18AE2BB68C9DE32CD157E2B9462657D21F6E6EDA4F9DF7C6F64212146ECE791913A5C499D0
Malicious:	true
Preview:	IWffu100.............(./......l.....&S..(.(l..i..A..=....(.....}.f..9.j..I.....&.I..T.v..v...7....}....O>.?.x.......j.)].K.;.%XH.>........s.1.....fOm..K+l..u=.\D].dc..Wt.>JW.ito..mkiU..2JB..g.....OX..(u..v..ik.....9.s......P.....y.Hcv..`.jg.W.{...ZzW.........e.x9.V...{t.S..C.4...3....(....T...E.....m..h..!....k.C.3....L...$.jP7..W.D.C.........."..r."...=.d.m~.rm.l.....u.X...Z..V.^....H::$T7..]..k!....SS.Q.......F.m..;M.OmV.g...Klm.JQ:J..e;...}.X].Bj'.s.Q.f...v-M.V.....%@.8!...D......#....3..I....!8OR\.h.....32l8@".hD..&B0...3CD./\`n. .b...T@@........h....A....a$J.(Q.#./....8....x......>s.......h..t.......D..0.`...........d..O^..?..T...v..?.?.`...B&D. .....[9(O.uL..'.]f.. J.(Q..\|.....+#V.......l...!..-....)*J.n/..X[.Z..I.T.....(..&[.U.r......Z.f@.e...8%{Bg-?...d=..........-Y..{.p..b...m x..J.Fw....].J..m..N'.jN......=E.j.5W.....Y......[.k.S...9..M....W....j.[T..\|.....&h.%.3YO..XC...k.Z.S..]9..k.Z6........L.b+..I...3.I..P.V.(..SWt....U

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_common_map.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	9449128
Entropy (8bit):	7.990665340821185
Encrypted:	true
SSDEEP:	196608:4TrK5FvTQITdbUSVZXQEX6VX6sLHd/kp70Y1wEqyhT4G:4Tr0Jt1XcVpHRkpIY19eG
MD5:	20E7FD0A307CBAC6FC399A66FCCDBD97
SHA1:	88F0DADD65B9A06A72FB3086584BE7975E1358C4
SHA-256:	A6C1E2D388DE427AA04A500E11A4D2A0CA86DE28E44A10439A3569F255F3C603
SHA-512:	4A817922D6C3C199079C567EF00A9A38489559078B81874287C16B3BE4C500F2F68A7D8FA7B51B1C66C0C071E47E4E4CBB67356BEF2A48083685C722C293BFB9
Malicious:	true
Preview:	IWffu100.............(./..`.8...#....7]0..M.K..Yq5h..\|.._B....=._^.Rrb...F..N..........\./....0...GB.8.CA....I......F+wJ)..}.:.L.r.]B.q7.F...1.8.>.s^[S...y.M?.N.....O...@...^o...u...Z.~...L..u"y+.,zL.../...5..]/W{......H.?.{....I..n.#I.J.Z..T.A...H....u.X.a. J.aF.(+a.....0....-...K.3=.......3..T.......F.....e..t.2v..h....i....f..bF....i#e.....}.C.!.W..h...z..9..N.f.....L.s...^..\|u"...?U.....}gr.J.u..u...._.&..sQ...O%..C..t.......>...O..Q..X...F.......!..........H.Jd..#..?..i2. &Z9.).I0.-w..`6RV.hB..`,.r..r.........z_......./i.....H%"6.H.Y...lE.........O......c...e,r...r.[..72o.?..O.(........_.PP..l8n.N..2G..&.....N..N..j<$..e..%.g.._...IS. .a..f......'....E.S.."h.Fo/._>..u.\<...<....o.L...p..?i.~........aB.O... ...V..H.::.,.d...h....Z..)......x\|....l:rH}...:SMW.x..Z)..!uECh5!7..6 ...9.3.6............w..I....-....H.MG&.p1].?..h.dddZ21.V..j...db....k%.".....m...T.0.Xy..i..h9..#.\..7..4M...B.Y>t.2..+.I.._..@KEX+1d]..*......:_.g....T.......}...

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_common_mp.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	3967706
Entropy (8bit):	7.997683484213792
Encrypted:	true
SSDEEP:	98304:wts55qUdyC0SfpPvChrpaojylR1nykpI+n/fVQkp5o:wmHlyC0QP6hlaojylznyk3/N/o
MD5:	378A3D2BDB60B6F36FE14A82B3502D33
SHA1:	A06EC9992259BA9F39CEA85462178010E9F5ACEC
SHA-256:	193B870180CDA17500B9D2211B900D287241D456A4B7987F726579ECC5EA7B8B
SHA-512:	86C96D5BEB0C0B73DE91A65FF8CF367201C9722EC39B8C127ACCBE31DE053C06ED37A2203287C80766C1B929FEBD806915CA32BDEA7CB714F0145626EFFC4140
Malicious:	true
Preview:	IWffu100.............(./..`.<........4O0..4..2....8.H.1.]...'..p....2.5y..A$..{I7^....K.U.>....i...D....hO..?..i[J)S..<.....4....].m~..[e......_dg.."..?js...<G.d....=...R..F2...2..9.J....P..M6R.N..JII.).S..+.Y..J}.4..c.........S.q....8DCS..@z&=s..$o?#..e3$.....sS.....\|..ZM..gm....r..-..>..p."..xU....je..q....+........~-....m.Sy>..P..Hf.u.Y...:..e.u.Yg..4.%Y...J.$sL.I....Z..l$.(....b1.H....b1.H....b1.H.J]..#...Z.....j...v.$-...].:K...JM.g.+.Y..S.i...-...\|JzJ..Hr..g.c2..$.dB..n$Gr$Gr$Gr$Gr.4.h....T.A.Y).R+..L"I.g..oL.E2.qL.6.Br..8.171.:M..3).....+b..G'.x..H.8.L.u.Yg.u.Yg.u.Yg.u.Yg-....b..S.$..^J.d1.+.R.i!...i.:..:.a.W.a..u,..:.....r....2.6:.pL.S).5..uPVrYg.p.p$.....MS.4Q.fx.J..u.Yg.t.f.N..e1]y.`.H...<KZ8..9.pl.G.ti...=k2..dof...dM,.Q.K.eM....'.rLJ....%.:+..3E.\..G'Q.8.V..<m..M.ue..I....y...6j....$=.r#...,.[M<O1..Z>G.X.T..PI<1..i....2..KpP"BS<(H....R...x.8-...E........W.....2i.m..6;M..}.....f.h.!(.CV..K.Ac8.......g....z.[..[...x....

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\plutonium_controller_mp.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	4996
Entropy (8bit):	7.788233221229079
Encrypted:	false
SSDEEP:	96:DZtKe35f/HUlQ0rBhKe6FspfJsthbtxETwNCMn9X+/QYR/IVdhj9chjQI23:DZZh/HUlQ0rj6FspS7bzZYu9cQVd/chK
MD5:	E036E1C88D1F061F7D085DBFFC70884A
SHA1:	95CFA5118DA4D6F65AA9B955C559B4AD10F3EF14
SHA-256:	FA9D38484ABB4F921B1CB569E5FB0EB3AA12BEDE19C9003D73FE87CE4821AF27
SHA-512:	EED33A8CF22D4A585CA05A9F3BB7DDB93916DC4E00DC412EF111E23212050271AF7A2AA83049989E080D7C1A9E8B30211FF56DB50869987A56C536AE51DCD41F
Malicious:	false
Preview:	IWffu100.............(./.`^.-.....2........)...............&&..............ppcc0t0t0......p...trivial_vertcol_simple.hlsl........CTAB............. x...D.......\l.....viewProjectionMatrix........worldvs_3_0.Microsoft (R) D3DX9 Shader Compiler .Q..........?......................................$...@...........................................................4.... W...P...0......@colorMapSar.......p..........B...../........../.2d.....0...0...0.......j.......^.......A.......gamefonts_pad..../...........0.../cp..%..0e......."_glow%."........-..05Font..... ....?)\.=...?.p.>..(.9.;J...L..Z.]k.... ....m?.(.>..}?..+?....={..>....66!....>...>...>.Q8?.L=....>333?..(..9..J.L[.]l....++.....>...?...>..k?....***....=.z.?..4>H.z?. <{..>...=...?..=.2>.B>........KEY_BUTTON_A...B.X.Y.LSHLDR.R.START.ACK.TI..TRIG..DPAD_UP.DOWN._LEFT._RIGH.....s.._default.cfg.x.u.]k.0......%....@?.)......1=.b....e.~)s`...<..9...F..%;..F...c%#"y...#o...x2>T.......K.t.....#}..qA#.FJ.5.v....<+Fdz.\......a.....S...

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_delta_multicam.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2403896
Entropy (8bit):	7.995485813448489
Encrypted:	true
SSDEEP:	49152:WivCTUK7j6scs89u7HbiGjwmrZH6zTFsyI6IdK0HWPMO:Wh7lW+biYrl0TFsSI80HWL
MD5:	6DCF48F9B4C5C5D4695893B88CBDCEC7
SHA1:	1B708E9370BCD2FD3CCAF4302499342D9CE60D84
SHA-256:	E8A2CBD37E79A91F07728EC49F9E36B0F1617FA0B551FE36352F6BF9D493F80B
SHA-512:	6930C5B0B00ED737068FC7DF838FD7DCCF3FEF28947C0BB165EC3E59EEB829C6661AD26D8117C7C0BF94B3134C2517680D804BC1260BBBB6A7291278EBAE9942
Malicious:	true
Preview:	IWffu100.............(./..`...l.....-RP......0..<.0g...b.i..x.R.l.... ..H....h7%.2...$L.$.NH.&......7.. .da>Cn.HI...=........bW$..M.S.BD.I.PH..%....Y....Q....@..m.f.O.m..1x....................A6.....3?.s.u....I......yxxzvV...)..)b..%..N%6...aB6@B@Kl..@.F%:gg.".\...3#W..G.....Hd..L.T[c.L..F..s...s...#.4.o.........<Pr../........T.g(KO..)....E.m.A:....<.......@.;._.R.V....b8..f...x..R...$SY)..J....g...d...C......8..$...%.b:..9$.[.q$..............V..j.Z.V.E..X..h0.e.iR.I..R."ed...e.4.L2....2..b..jk,..4\|..Z.....L...U.N.L...Vh..8.....U.$lf.0.t.(9T..[..X...4.vt...U.^%m.,2.0v.)CQ.8.E.<RQ....N..,..8.t$.,.!Q...,=U.F...[f.lF..#z.<S..ea.&.".3\|..X....E3Q6._%).I."..dY.gj.E..$a-2...S...Fc...z......1...h.a.tTi'......QV.Ic.....0.#1...2.L.2,KqhL...]...c/j.f.{.i..ey....&......m.sI...yX...,7A.e.S......Yg...9....^~..{er...?4.b....y.....^.;.c\|s....\.I......w.:u.TI.........v.-....t....4.<...R........rt......BiE..T.d....L....\.t..$U1......VCK...S../.u"xL

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_opforce_air.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2117511
Entropy (8bit):	7.994929130531341
Encrypted:	true
SSDEEP:	49152:IGRC+QM3BThbIVkpCfgqmLMqMOmiF2iYJkME0H:IGRisThWgCfgr4qpmiwiYJkje
MD5:	16FE4845F661858E13F1C25CA09FDAF0
SHA1:	8C92B00106DCF7527B557A03C94BAA842699503E
SHA-256:	F92D396B74E7E3D555D94E8663BC4207321AD97B8043DF51FE368FF9A7CFBDD2
SHA-512:	6E190BCA9218965DF63B46F300E18ACA1F4F4884DE94650D0F263C2560B1E4A612E33A0E7E179BF37FEDF69328E830F1948D7F24C78A1C85C90C08A7E38DEBEB
Malicious:	true
Preview:	IWffu100.............(./..`.hi.L..../RP........N.......@..g...1.I5{.a. ...c.Z.J&d&.)I.Dr....BB..$d.0@.0.I..0.V..................#@s.v.l9....s.G...II7....</..f.R.#..L._.BH..E..+.......,...f...`....H#...........m...u....\|.s.........Ks.L....R.?#.#.Wi.q.......QA@..........)+.......(.R..F..vnP.rV.-q.S..7s......&%%.H<Qp.Y.h+....Q(:.q\|<6.=.o...?.k.......U...;..Y.....0.'#Y~..$......M3...w....q....u.{......Y_8.[.T...@....H$.X...=....)...4S.T.G.....S.J.-Y_h..Yx~..0....8....(.........d..-...N........x.e..........G.R.T.J.Ba/.D..%....).O.H.t.2.(../....E._.$........D[.H....DQ.<.....:.N#.4Y.k....:.a..,M04j...5."lF.0Rt...j.-..8.L.I3....i..Hc.E$....e.I.C....F.).\.Q....W..Y?...Qd...+gg..0...."..f..14...I...._.Y~/.}9!.....q,OR,.}..$.^ z..Rf.c..N.....}....s.!l.A.Y.h..\...O.34*.0..........Qy...]`..b/j.......w..X.....I.}...u].{E....`.....ga...3.B.....6{....qn...QV.#....v..f!.N.V].s..........:...wx.5....RV.;.sY..9....N.8p..4.b....u\...........t....O.+...;P.8..w....v.

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_opforce_henchmen.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2140308
Entropy (8bit):	7.995270459584679
Encrypted:	true
SSDEEP:	49152:ALie+xUBb0aLP/gdZl/efOgmUe52ybhLFB6uxzQhAMCOwL:AgUBbtP/gdZl8O3hLF7sheL
MD5:	ABD932B72DFD891E4B8E4DFD36AC0C4E
SHA1:	697713EA1263B9071FAA50F1FC3EB4130130285E
SHA-256:	91ED43F5110FD344586D4C2CF63DB3298BCFBF538D76521E5E86877617DCB761
SHA-512:	94DE37B7DCF14C6AB143EC0793759F90E3B2DBAE7E41FFC1AF4301DA8D195D4A3E9072D8D727AE440A62EC301DFDBB3FB5B5B4AE47A722F00613EC07001CCB0B
Malicious:	true
Preview:	IWffu100.............(./..`2.o....j.\,UP....3D.....Z..Fm&....C...Rx.....X........ ...P.9.\:.OLEH..A.=..g.E....2bs..!.m.M..........a..x.E........Gm.VG..-K.....es.`w..s....`..:....\|../..8...\s.\.w..[k.\|...9..H......j........t,I.v..I.8#..".2r...;7j.Y;S.y..'.!...L..OOOW"SU<b......t(i$.h.{W.y...._.......... "I...vL;..e...,......f..._D.....S)....d..L}...=.PF..&.X,..5....c.i..^cRht..Le&..J.e.X,.VOH.>...E;U.\|.#.jc..H.X..X.-....8..&.b.H".2Q..........i.Z.V..j...L..\|.l3Uf...I.1..#id...e.4.L24.i..eHK.0=U.X..i(..$..&..4.L..W.+m....,4OT...`.+..#9....$c'J..`#.D.K.jCmIg9.b..%+m....C..H.....<Rkd.....t.Ig........$_.Z..Zz...F..K...T....LMR..F7I....LT.R5.(<....(+IQ]2O4..V...Q-4.1...eH.L..4.,OUD....I.Qh..9.1q....BOU=_a.,.qiL..<...,.U.I.c.&..+4zL.g..`...=..4L.<a..}.&..B...m......r.?".Vc6x...]R.k..'....e.;_......g....~$P.....P....L~@Ha.[.+.6..d.._g:d....S).......S9.N..R.......*k.T.B.#H.x.(x:.y....T..m...r.A....x..y...\|Bx.......3..<a.X&..JCU4A......x..=...}.Z....g.o.w...;

C:\Users\user\AppData\Local\Plutonium\storage\iw5\zone\team_sas_urban.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	2086185
Entropy (8bit):	7.994740781546474
Encrypted:	true
SSDEEP:	49152:9cAkG3IAaJfGPWaZv/C6MAE98MmYddWuQa1Fbt:2ATY2WaxCzAE9h1d4u91Fh
MD5:	F10BBF9FB561C717E6BB95150920ABCC
SHA1:	491F0E145E2E288FCDFB142C2CFD4535A84249AE
SHA-256:	8032BF24ACCC2FA409FAA689011D4CCEA071F394D06552EAC1532C9D244C2CE0
SHA-512:	BECA9D2AF82276ED44FB050F146571F37F8F4A8AFC62F8E7CD398DB572C14A9D7D0CB7542C9230816FBBEBC6BF39B3B0E381C46EB575E0C535C6E78FE9B3DB36
Malicious:	true
Preview:	IWffu100.............(./..`b.v.D.....0RP....3D.....j:.Y.@.d.D......D.B.o\|.$3.\|B.X...L.Z.l...\bj82)+...U.U.L.7'...l.....=......R.-...z...?.v.!.....`..E.O...9Z..R.....o.#..g(..`.$6...L.{.g.L.'..T. x............;.{.\|RG... -..a8...<M..+...v.......[./..?..8.9w.....:m.......9......'....#=F.z.._...q.M..<X.M..&Ln.....<.ec......dK.....+........#h....$b......!......M...7...%.7@h...\HZ&-S.P..z.......H&z...#.s..i...U..T3....f...Z........sy..u..(..}L].}\|..I..X.>>>>A@?.X...t@..4G..#=..+.o.....$..gz....Q.s...\.<3(((((((((...........!..y.F...D..2..../0..c`..}a...D.K.8C...Vz]9../<....3.L%.gT2.L`.4...p6.d..:q$..I...u...a2.&.#..).>....".1....gFH..(T..../0F.3..>Q..L&..^..h2.a...^~#.!h.n..#..a].]b...\.?..8.".... .X.$...X.....A..iI...1.%}.)..Q.$.b2.).=3.8..Wz_.^...._,..\|..g.,I0.Mo....3yI]._........9..h.....\|..4.J..s..9....;..4...>X.t%.'vI'. ).jN....aj..9..pd........7Gh...g.T..W..7wk.=...vk.Fk.."t....Ck.<.g.)......h.k[..l...7.....vho.U/.[%tk.S...7....}yv.4...o*i_.<

C:\Users\user\AppData\Local\Plutonium\storage\t6\dvars.json Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	200604
Entropy (8bit):	4.89534775536787
Encrypted:	false
SSDEEP:	3072:qmzlLygLHQSkzE+Lkufkb2LElwdmG6aV1bu2Jp4lvSuAE47MkFvV3N8hTDi:q6FYolkkbmoGDDbu2f4lvSuAEYgTDi
MD5:	58730B88BEBD0897E32BB7C88FC23AC3
SHA1:	9329EF837A4C63B396904DD516F61D03C1A7F70E
SHA-256:	4199539054119313A88D3DC892724E119D0E0A52DC0A8DD2F8D119D80255FFC3
SHA-512:	D4BD7D0CE6FF21999EC43CFA04EBED20CF7A59553067A0B4A769FCA5AB9A5EEB325A06753E318CC86C69AF93D3A0003755010EF404F6E97140166B4C9C1D84C0
Malicious:	false
Preview:	{..."actionSlotsHide": "Hide the actionslots.",..."adsZeroSpread": "Immediately zero spreadAmount when fully ADS",..."ai_angularYawAccelRate": "yaw acceleration rate",..."ai_angularYawDecelFactor": "yaw deceleration factor (decel rate = factor * accel rate)",..."ai_angularYawEnabled": "turn on velocity based body rotation",..."ai_corpseCount": "Maximum number of AI corpses",..."ai_debugAnimDeltas": "Display animation delta debug information",..."ai_debugClaimedNodes": "Enable debugging information claimed status of nodes",..."ai_debugCoverEntityNum": "Display debug info for cover",..."ai_debugEntIndex": "Entity index of an entity to debug",..."ai_debugFindPath": "Display AI 'find path' debugging information",..."ai_debugFindPathDirect": "Display AI 'find direct path' debugging information",..."ai_debugFindPathLock": "Find path lock",..."ai_debugFindPathWidth": "Display paths with the given width",..."ai_debugMayMove": "Display debug information for AI 'may move' calculations",..."ai_de

C:\Users\user\AppData\Local\Plutonium\storage\t6\zone\ffotd_tu13_mp_147.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	43600
Entropy (8bit):	7.9938864455787915
Encrypted:	true
SSDEEP:	768:Kcpwp1fbo0EVLS6w5LZFyme8G1BMzfSwKKvwK7ksMBtm1OpCerB47lLIj6pJ4UrJ:zeE0EVLSbFQmeHBM7AKvk3tpO5Ij0PrJ
MD5:	F028F92B49BC75250DA6EFE3815853C6
SHA1:	5665073DCACF4E488B6494D65DC02B81D16C6550
SHA-256:	A45CAFA827EDE96B6D11805317C5F6356D7D225A454BBAA9F9D8E07A0955D332
SHA-512:	4D91BD8F885512F7E4CB7DCD96E80411AF2AAABCF08B8DF7FD8DB7375C760BB52421B4B6A4EB5ED20191EA6AA793BFEF312D97A92F635DC4132B2E92219FA8F9
Malicious:	true
Preview:	TAff0100....PHEEBs71....ffotd_tu17_mp_147...............v..;Z?3........0...._>8F..E. ..@..........7.......+........z..Xnd....G..).nG!oe..2.b.]M.dL......]b ..^...S........E.........n'p$,1.s..................%..+.}..._...?"Z.I!.'(..j....Pw_..M...UG....V..@....n.j...Hh.4..e...A^j..........[..A}.........Iu..../..BY@{....(....>...X..wx`..0.c.........}.D.....j.G..;.......]N..;+.!..._N.O.VzF./....-c..J$Y...U.}..G.f...B.._..UC.....4M.\E...........~..3.9.lwV..$i.x...VG..+c..0.{.~p.;Yz...Cu.,m.<...T..}/)>]Td\.u...um..=....j...<..n+....2eWz.?-P..;pLG..l..h.R.hr....e._.5Q..{.....=....{.x.V...&..?Z.....I..$<.k....[Ha8#./....2.U.7x...5.8\|...u.z...\. c@M.n.p)+reY.W.`>.T....1MC...X..vr..~/..o]~...}.....i.6%...h(.......l.2.....a...$....u_....m..........>o.<._..}j..(....o.LW...-^..z.&W:k...[...Jr ..9.....l...s..@.@......u>......0..9 ...d....{+2..D......a#F...)...(e@.#C....O.=.9..C`v..cS.nk...q1...z..b.ZA8u.........`...k...E.yN.....I.Y.....G.\|....ukG...:n.gUV...

C:\Users\user\AppData\Local\Plutonium\storage\t6\zone\ffotd_tu13_zm_147.ff Download File
Process:	C:\Users\user\Desktop\plutonium.exe
File Type:	data
Category:	dropped
Size (bytes):	29840
Entropy (8bit):	7.990348527960037
Encrypted:	true
SSDEEP:	768:YycJhfFZNS6NhIbznSelhAqgHK40YRMThQc4xLS3VIfaKyLWIEvG++eO+/:YycXfFZa/nSamqtYG9Qxl5ydY9O+/
MD5:	8DB82333FE7A039CC0F898BEA4992E1E
SHA1:	80B8FFC20B1C0E1E0295450763A714EEB9B90444
SHA-256:	ED1C190CB88E19DEEFD8E32B918E9A89EC93F9570BB379E6E86E2B9847A3966C
SHA-512:	63101B24D2FA944B033DC2F8D9A002FC04FC1902DBB80A063692214EB3179F5816AEF6CEFFFA80F9CFC32D3F8B228D35FF8C03614ACC032B4DEACE750997474F
Malicious:	true
Preview:	TAff0100....PHEEBs71....ffotd_tu13_zm_147.................)._...y...U..8l..=9....:m..~..#.~.k\|k.f..u.d.H..xnP.QE.,...{B.9U.k.!...'@.W.G....sU8.l...s...O..8...w...$.f.B2b< .bD....RX:....y....\|.f....^..9oV."..Q7.p.dDC..1..<..y..hp...YY.'...].Q...,....P}.-a...O...0\Q....%........m>..v.yA.J%>.'P.[NJ...e....iU..\|..BnQCg.;....>...;.2......a6....dw.....gzv....R..3U..?#.b.9Q. ^....8=Q..rV=.46,.0c#7.'...X-M....eSe.k.H7]..bQ.5..X....a`...........h.E........9.9.j-j.cY..8.nB..]\|...J9~."......4%....+.1C.c.):.9$j...............y..,...<~.,..3...d[...\C.....Pb.6..@\!....G.\.....B....E.....T.......zZ...K.j...@....o.^?7...?t.0\|.$..<.g........^..n..n.n...AL....}2j..S...D<..."..w..U....e...J...)...=x........".K..V.T.......b.(z(....................X&C^.9{...J.r....i,#*.....\|..sHs.D-.@..f..O..G.a.....B...7S.#_;..u....lY=...R...........t...n......`.u...'F...m]9...;...O..Z.o'...-.V'".u.P..a..V. ..N.}..y.. ...cv....Am..........B....BXs...W.z...?...E......G...

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.9955138679736395
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	plutonium.exe
File size:	4221392
MD5:	dfa02a2643fab4ad9ec916206b073dae
SHA1:	d77d9e4862fc1d9296f0e116dc1e466145722ea4
SHA256:	9959ed060bc3f7c88ac0e1fbaeea3baa72f19ee44ea5285de5416ee5bcb5d5fe
SHA512:	7d9ec6214c85254c706861147f6b2772d713671c036220a7d3af449cb296e7f3afb8e8fb3305720c15b2ed9f6bcf20c687c463f281ad41f966509df4ee5fcc7f
SSDEEP:	98304:ojafTby+9HWlDKYj3ORepwg0z2c96hWFUx47t1hrltiFWQ0mFGvmNZWHw:ZfT+kHWYYTTpaz2HsM2tniFWuGe7WHw
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'................0...?.........n.?.. ........@.. ........................@.....Ew@...`................................

File Icon


Icon Hash:	973379607969338e

Static PE Info

General
Entrypoint:	0x7fe66e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:	0xCFF127F3 [Sat Jul 20 08:01:55 2080 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Plutonium Root Certificate Authority, OU=www.plutonium.pw, O=Plutonium Project
Signature Validation Error:	A certificate chain could not be built to a trusted root authority
Error Number:	-2146762486
Not Before, Not After	4/9/2020 3:06:27 PM 4/9/2021 3:16:27 PM
Subject Chain	CN=Plutonium Project, OU=www.plutonium.pw, E=services@plutonium.pw, O=Plutonium Project
Version:	3
Thumbprint MD5:	B762F66E8640F8621026A5B26685CA0C
Thumbprint SHA-1:	B82175A5BD7ED5414063AA99FD96011DDDE79FAB
Thumbprint SHA-256:	7E395F57D4B9187816BB0B007494B8D75058E0B00B716DCFBE79E33E853A5913
Serial:	4B718095149A0FA246AC0829561056AB

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3fe620	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x400000	0x8424	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x405200	0x17d0	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x40a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3fe55c	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x3fc674	0x3fc800	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x400000	0x8424	0x8600	False	0.221635960821	data	3.89785511831	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x40a000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x400160	0x468	GLS_BINARY_LSB_FIRST
RT_ICON	0x4005d8	0x10a8	data
RT_ICON	0x401690	0x25a8	data
RT_ICON	0x403c48	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON	0x407e80	0x3e	data
RT_VERSION	0x407ed0	0x354	data
RT_MANIFEST	0x408234	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright
Assembly Version	1.0.111.0
InternalName	Plutonium.Updater.App.exe
FileVersion	1.0.111.0
CompanyName	Plutonium.Updater.App
ProductName	Plutonium.Updater.App
ProductVersion	1.0.111-45448b5
FileDescription	Plutonium.Updater.App
OriginalFilename	Plutonium.Updater.App.exe

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: plutonium.exe PID: 6648 Parent PID: 6020

General

Start time:	02:47:51
Start date:	17/02/2021
Path:	C:\Users\user\Desktop\plutonium.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\plutonium.exe'
Imagebase:	0x159d92f0000
File size:	4221392 bytes
MD5 hash:	DFA02A2643FAB4AD9EC916206B073DAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.640871016.00000159D92F2000.00000002.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report plutonium.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: plutonium.exe PID: 6648 Parent PID: 6020