quasar | b4f6e6290b1e185bff0baf1b1f3a16291bb2ceb3528051a2aa9528c43231e710

Resubmissions

17-04-2023 11:32

230417-nnmdnafe8v 10

05-08-2022 09:37

220805-lll9rshgh8 10

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2022 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bby.exe
Size

16.0MB
MD5

d7e48e5a49efe9ed774546fa7d35d71a
SHA1

06212065ffe07d1321c8d85bf5c45871683fb197
SHA256

b4f6e6290b1e185bff0baf1b1f3a16291bb2ceb3528051a2aa9528c43231e710
SHA512

7dcfc267f527d27d6cb58bd950241b4a8a658b34bc4696f308fd5448b4111d64b93078fedf8d2c138eef83b6148372d8c887b74aae8291fc05c665fbe3d4eeb1

Score

10^/10

quasar venomrat office04 evasion rat rootkit spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

Office04

cable-cp.at.playit.gg:21596

Mutex

VNM_MUTEX_c2q7y2ayYutZ2XaYe7

Attributes

encryption_key
GDDG0qqm5dHuoT6GjWWz
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Microsoft one Drive
subdirectory
SubDir

Signatures

Contains code to disable Windows Defender 5 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Paypal.exe	disable_win_def
C:\Users\Admin\AppData\Local\Temp\paypal.exe	disable_win_def
behavioral2/memory/3420-135-0x0000000000FF0000-0x000000000109E000-memory.dmp	disable_win_def
C:\Windows\SysWOW64\SubDir\Client.exe	disable_win_def
C:\Windows\SysWOW64\SubDir\Client.exe	disable_win_def

Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

Processes:

paypal.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection	paypal.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	paypal.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	paypal.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	paypal.exe

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 5 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Paypal.exe	family_quasar
C:\Users\Admin\AppData\Local\Temp\paypal.exe	family_quasar
behavioral2/memory/3420-135-0x0000000000FF0000-0x000000000109E000-memory.dmp	family_quasar
C:\Windows\SysWOW64\SubDir\Client.exe	family_quasar
C:\Windows\SysWOW64\SubDir\Client.exe	family_quasar

VenomRAT
VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
rat rootkit stealer venomrat
Executes dropped EXE 4 IoCs

Processes:

paypal.exeProxy Shifter.exeClient.exePaypal.exe

pid process

3420 paypal.exe
4772 Proxy Shifter.exe
1340 Client.exe
1080 Paypal.exe

pid	process
3420	paypal.exe
4772	Proxy Shifter.exe
1340	Client.exe
1080	Paypal.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

bby.exepaypal.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Control Panel\International\Geo\Nation	bby.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Control Panel\International\Geo\Nation	paypal.exe

Loads dropped DLL 2 IoCs

Processes:

Proxy Shifter.exe

pid process

4772 Proxy Shifter.exe
4772 Proxy Shifter.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
4772	Proxy Shifter.exe
4772	Proxy Shifter.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

paypal.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	paypal.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	paypal.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

21 ip-api.com

flow	ioc
21	ip-api.com

Drops file in System32 directory 3 IoCs

Processes:

paypal.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\SubDir\Client.exe	paypal.exe
File created	C:\Windows\SysWOW64\SubDir\r77-x64.dll	paypal.exe
File created	C:\Windows\SysWOW64\SubDir\Client.exe	paypal.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exe

pid process

5044 schtasks.exe
924 schtasks.exe
Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

3108 tasklist.exe
3124 tasklist.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

1512 PING.EXE

pid	process
5044	schtasks.exe
924	schtasks.exe

pid	process
3108	tasklist.exe
3124	tasklist.exe

pid	process
1512	PING.EXE

Suspicious behavior: EnumeratesProcesses 19 IoCs

Processes:

powershell.exepowershell.exeProxy Shifter.exepaypal.exePaypal.exe

pid	process
3600	powershell.exe
3600	powershell.exe
4412	powershell.exe
4412	powershell.exe
4412	powershell.exe
4772	Proxy Shifter.exe
4772	Proxy Shifter.exe
4772	Proxy Shifter.exe
4772	Proxy Shifter.exe
4772	Proxy Shifter.exe
4772	Proxy Shifter.exe
3420	paypal.exe
3420	paypal.exe
3420	paypal.exe
3420	paypal.exe
3420	paypal.exe
3420	paypal.exe
3420	paypal.exe
1080	Paypal.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

powershell.exepaypal.exepowershell.exeClient.exetasklist.exetasklist.exePaypal.exe

description	pid	process
Token: SeDebugPrivilege	3600	powershell.exe
Token: SeDebugPrivilege	3420	paypal.exe
Token: SeDebugPrivilege	4412	powershell.exe
Token: SeDebugPrivilege	1340	Client.exe
Token: SeDebugPrivilege	1340	Client.exe
Token: SeDebugPrivilege	3108	tasklist.exe
Token: SeDebugPrivilege	3124	tasklist.exe
Token: SeDebugPrivilege	1080	Paypal.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Client.exe

pid process

1340 Client.exe

pid	process
1340	Client.exe

Suspicious use of WriteProcessMemory 53 IoCs

Processes:

bby.exeProxy Shifter.execmd.exepaypal.exepowershell.execsc.exeClient.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 4960 wrote to memory of 3420	4960	bby.exe	paypal.exe
PID 4960 wrote to memory of 3420	4960	bby.exe	paypal.exe
PID 4960 wrote to memory of 3420	4960	bby.exe	paypal.exe
PID 4960 wrote to memory of 4772	4960	bby.exe	Proxy Shifter.exe
PID 4960 wrote to memory of 4772	4960	bby.exe	Proxy Shifter.exe
PID 4772 wrote to memory of 4636	4772	Proxy Shifter.exe	cmd.exe
PID 4772 wrote to memory of 4636	4772	Proxy Shifter.exe	cmd.exe
PID 4636 wrote to memory of 3588	4636	cmd.exe	cmd.exe
PID 4636 wrote to memory of 3588	4636	cmd.exe	cmd.exe
PID 4636 wrote to memory of 3600	4636	cmd.exe	powershell.exe
PID 4636 wrote to memory of 3600	4636	cmd.exe	powershell.exe
PID 3420 wrote to memory of 5044	3420	paypal.exe	schtasks.exe
PID 3420 wrote to memory of 5044	3420	paypal.exe	schtasks.exe
PID 3420 wrote to memory of 5044	3420	paypal.exe	schtasks.exe
PID 3420 wrote to memory of 1340	3420	paypal.exe	Client.exe
PID 3420 wrote to memory of 1340	3420	paypal.exe	Client.exe
PID 3420 wrote to memory of 1340	3420	paypal.exe	Client.exe
PID 3420 wrote to memory of 4412	3420	paypal.exe	powershell.exe
PID 3420 wrote to memory of 4412	3420	paypal.exe	powershell.exe
PID 3420 wrote to memory of 4412	3420	paypal.exe	powershell.exe
PID 3600 wrote to memory of 1596	3600	powershell.exe	csc.exe
PID 3600 wrote to memory of 1596	3600	powershell.exe	csc.exe
PID 1596 wrote to memory of 3064	1596	csc.exe	cvtres.exe
PID 1596 wrote to memory of 3064	1596	csc.exe	cvtres.exe
PID 1340 wrote to memory of 924	1340	Client.exe	schtasks.exe
PID 1340 wrote to memory of 924	1340	Client.exe	schtasks.exe
PID 1340 wrote to memory of 924	1340	Client.exe	schtasks.exe
PID 4772 wrote to memory of 1388	4772	Proxy Shifter.exe	cmd.exe
PID 4772 wrote to memory of 1388	4772	Proxy Shifter.exe	cmd.exe
PID 1388 wrote to memory of 3108	1388	cmd.exe	tasklist.exe
PID 1388 wrote to memory of 3108	1388	cmd.exe	tasklist.exe
PID 4772 wrote to memory of 1740	4772	Proxy Shifter.exe	cmd.exe
PID 4772 wrote to memory of 1740	4772	Proxy Shifter.exe	cmd.exe
PID 1740 wrote to memory of 3124	1740	cmd.exe	tasklist.exe
PID 1740 wrote to memory of 3124	1740	cmd.exe	tasklist.exe
PID 3420 wrote to memory of 4572	3420	paypal.exe	cmd.exe
PID 3420 wrote to memory of 4572	3420	paypal.exe	cmd.exe
PID 3420 wrote to memory of 4572	3420	paypal.exe	cmd.exe
PID 4572 wrote to memory of 4456	4572	cmd.exe	cmd.exe
PID 4572 wrote to memory of 4456	4572	cmd.exe	cmd.exe
PID 4572 wrote to memory of 4456	4572	cmd.exe	cmd.exe
PID 3420 wrote to memory of 5072	3420	paypal.exe	cmd.exe
PID 3420 wrote to memory of 5072	3420	paypal.exe	cmd.exe
PID 3420 wrote to memory of 5072	3420	paypal.exe	cmd.exe
PID 5072 wrote to memory of 4092	5072	cmd.exe	chcp.com
PID 5072 wrote to memory of 4092	5072	cmd.exe	chcp.com
PID 5072 wrote to memory of 4092	5072	cmd.exe	chcp.com
PID 5072 wrote to memory of 1512	5072	cmd.exe	PING.EXE
PID 5072 wrote to memory of 1512	5072	cmd.exe	PING.EXE
PID 5072 wrote to memory of 1512	5072	cmd.exe	PING.EXE
PID 5072 wrote to memory of 1080	5072	cmd.exe	Paypal.exe
PID 5072 wrote to memory of 1080	5072	cmd.exe	Paypal.exe
PID 5072 wrote to memory of 1080	5072	cmd.exe	Paypal.exe

C:\Users\Admin\AppData\Local\Temp\bby.exe
"C:\Users\Admin\AppData\Local\Temp\bby.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Users\Admin\AppData\Local\Temp\paypal.exe
  "C:\Users\Admin\AppData\Local\Temp\paypal.exe"
  2⤵
  - Modifies Windows Defender Real-time Protection settings
  - Executes dropped EXE
  - Checks computer location settings
  - Windows security modification
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3420
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks" /create /tn "Microsoft one Drive" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\paypal.exe" /rl HIGHEST /f
    3⤵
    - Creates scheduled task(s)
    PID:5044
- - C:\Windows\SysWOW64\SubDir\Client.exe
    "C:\Windows\SysWOW64\SubDir\Client.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1340
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks" /create /tn "Microsoft one Drive" /sc ONLOGON /tr "C:\Windows\SysWOW64\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Creates scheduled task(s)
      PID:924
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "powershell" Get-MpPreference -verbose
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4412
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k start /b del /q/f/s %TEMP%\* & exit
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4572
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /K del /q/f/s C:\Users\Admin\AppData\Local\Temp\*
      4⤵
      PID:4456
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\onMQSF7g7y7g.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5072
  - - C:\Windows\SysWOW64\chcp.com
      chcp 65001
      4⤵
      PID:4092
  - - C:\Windows\SysWOW64\PING.EXE
      ping -n 10 localhost
      4⤵
      Runs ping.exe
      PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Paypal.exe
      "C:\Users\Admin\AppData\Local\Temp\paypal.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1080
- C:\Users\Admin\AppData\Local\Temp\Proxy Shifter.exe
  "C:\Users\Admin\AppData\Local\Temp\Proxy Shifter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "type .\temp.ps1 | powershell.exe -noprofile -"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" type .\temp.ps1 "
      4⤵
      PID:3588
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -noprofile -
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3600
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3tqc1fov\3tqc1fov.cmdline"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1596
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD2F.tmp" "c:\Users\Admin\AppData\Local\Temp\3tqc1fov\CSCCD2E6716A5EC4E3BB4F431FD5F93235C.TMP"
        6⤵
        
        PID:3064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1388
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:3108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1740
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:3124

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3tqc1fov\3tqc1fov.dll

Filesize
3KB

MD5
cd3a220e675323ad647c0f9ad158e70f

SHA1
9a6a322223f464c3acfc65658caa31c5bbed366b

SHA256
20c01e4eeeede9283a1b7f24971ef13881638fcc37fb2d11674fbe0f47a2b11a

SHA512
539fd5801f55a93dfa211ca66c0e2576b0f113f56684597b84757fe85e19be490d88d69f521d5b4dfdec0f49be0fe6c9a0d56b652f6cb86cecc3429b697ebec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Paypal.exe

Filesize
672KB

MD5
561a7ddda53177362dc0ac85ec84421e

SHA1
1d0f2a9dd397a6d435063fcdd76f02dd04ab1b7a

SHA256
b3e2c9fbc435b5e2f552234b0e1c4ec7bb2ebe5f53413268b1089038cfe5748b

SHA512
8dfcaf20f68e0c9ba7e768929e12e930a466d352ae8f5b452af0e603722e048b60fb4272c280a52f87eb3d3f25ce691ed6afd4285f440f18d68af22fe8d6f6d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Proxy Shifter.exe

Filesize
36.8MB

MD5
7cbac120d865d4c4c218b06144580b0a

SHA1
19afc5f464e84dc362459ab53dd3b6947b708d2e

SHA256
77f211fe4f26bbf491ee2a4eb6ac07a123a1ae40b59062d88c222e61b60c082b

SHA512
439ffd9e287b9c7468c9f85b52f0734b8b98e4b917576b2e87a6775b0d65b3da3103341c743b93722726795eadf86148c1b2c573a6f4a7b1c2cf5f307cfca625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Proxy Shifter.exe

Filesize
36.8MB

MD5
7cbac120d865d4c4c218b06144580b0a

SHA1
19afc5f464e84dc362459ab53dd3b6947b708d2e

SHA256
77f211fe4f26bbf491ee2a4eb6ac07a123a1ae40b59062d88c222e61b60c082b

SHA512
439ffd9e287b9c7468c9f85b52f0734b8b98e4b917576b2e87a6775b0d65b3da3103341c743b93722726795eadf86148c1b2c573a6f4a7b1c2cf5f307cfca625

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESD2F.tmp

Filesize
1KB

MD5
b9ba97527d3cfe2349212b5aca7a9225

SHA1
b9aacccbe7402c7c5dd7adf716940adfff541bca

SHA256
22a79e7387353343254b21424bad0e9cec58d8153c54b9885d4c165a23ac9a45

SHA512
980f955b54ac527f8efe22da862e600952d10a30b8b7a74f82a317fb7fc131e04df3ab466600af18216b49ee542248a5c013a2cb57619741935b3f13cc53e807

Download Submit
C:\Users\Admin\AppData\Local\Temp\disabler.bat

Filesize
7KB

MD5
e266c8567fa86919495a208ad79ba615

SHA1
3c83f03a2df24ee8db840f09098d494fb98a1688

SHA256
c938e4d9a5bfaf87a1d2975eb6e8defa7beba61fd74dd47c850576f205ba9c62

SHA512
65370d923d7ac47bb6f212557318c51e60976de1a6136bd67321e28dcf6eba45b8d3f0cfe9723999c9a101b17f2c6ef1a11b6de77baff84cbfd5c71e707c6949

Download Submit
C:\Users\Admin\AppData\Local\Temp\paypal.exe

Filesize
672KB

MD5
561a7ddda53177362dc0ac85ec84421e

SHA1
1d0f2a9dd397a6d435063fcdd76f02dd04ab1b7a

SHA256
b3e2c9fbc435b5e2f552234b0e1c4ec7bb2ebe5f53413268b1089038cfe5748b

SHA512
8dfcaf20f68e0c9ba7e768929e12e930a466d352ae8f5b452af0e603722e048b60fb4272c280a52f87eb3d3f25ce691ed6afd4285f440f18d68af22fe8d6f6d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\LICENSE

Filesize
1KB

MD5
daaa6378e66cac5c1de3eabc51c6020f

SHA1
af2953c8dc440c83d917e16ca36146363a283af0

SHA256
09856b52897c91ab67e7456ef43067019f31dfd3b87fda72e655736b1ebdee55

SHA512
ab76e13a535d397ddd8e33caf39fcc9cbdc8b63cb8c5de70e4df328d4a85d19978b1da0a52bd795a2eb77a897ac2ede8aa2e65d17bf286e1eccfcd8ccbffcd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\README.md

Filesize
4KB

MD5
5f9a17c5083396ac603057fe717e86c7

SHA1
ed81a9593c67f57ef4faac225c833d4dae4a798a

SHA256
b723c612d73b5c072dd6639ad4484ef964ca1d42df5bc8d1a6fa99170169f215

SHA512
2b86c28f681f45ebf6bc4366d9b33fbfd735c6aab6cbd2b5f3ba3e69f22ea38d7568e8f0ad6ba755b53cc7b8a9d5108a3d2b1f23d3e5818ec381da3dc17995a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\binding.gyp

Filesize
793B

MD5
1e038f35a73212c8b3a7d5a21532ba05

SHA1
2fde7d1d7ca008943a77eafef2b7d95340938d28

SHA256
059e6bc89f2cb965773d221c621d84db1fca4a55c433892bac1eaf469ee99ff7

SHA512
a0fce7fc1abd1133ca2a2c90195912f4c4f565b8cd1502535950483b09863fb3cd1e4a517b789c5ea383b6ca85e1886bd3f75aaff4bc4688c747342bc1059b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\build\Release\better_sqlite3.node

Filesize
2.6MB

MD5
4b25dfb983845ff57360c720a429eef4

SHA1
51a9cad777b37f1c521c6d50b6f49379fb6d0a06

SHA256
53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282

SHA512
b808133885ef35cba2ea81d37a9f996b121a91e459c68cf5b98cab2a53f783927a0023ecc095b5664fef1bcd463f8b8b42b51f8511fda25e21141693aed4ec77

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\build\Release\better_sqlite3.node

Filesize
2.6MB

MD5
4b25dfb983845ff57360c720a429eef4

SHA1
51a9cad777b37f1c521c6d50b6f49379fb6d0a06

SHA256
53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282

SHA512
b808133885ef35cba2ea81d37a9f996b121a91e459c68cf5b98cab2a53f783927a0023ecc095b5664fef1bcd463f8b8b42b51f8511fda25e21141693aed4ec77

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\common.gypi

Filesize
1KB

MD5
bc44eafb20590feef28f6382e0db7ea7

SHA1
db26781b95d0b3e5d97371b8be96d842f3e7c365

SHA256
e71a565cd7733e05efc3a2792b54e260126f03f490325aa2a201202acbbdb315

SHA512
c8bb9777d8ba552668cda8e21bd5b7dfd57077b1d944b3ff2ea36502d2f2883374824f0e01ac57f9ceb98c9dcdbec3cd8a6c6d0cb8c79bc627c0d20cd34f8f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\copy.js

Filesize
781B

MD5
4c688e3dc69551c36f75fb67e58ffe54

SHA1
74d3d1a83a8b6442f3800de22e2cfacd9ea3c339

SHA256
01d0025410db9810592f74913baa7bf85a92e8873402bff910311c3d00d64c4f

SHA512
42ef79ace1f7216d1a046a50bbc980e594f95d8800bbeda4cda658d8fa2e90ca21095ac54dcae5e9a90419de63cf4206c0bba91a21a2fc70a96eedf5ac0ed3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\defines.gypi

Filesize
1KB

MD5
f9f5e79bc615d1fc169bbb5111fb3485

SHA1
f7547422f3e7f4abaaaada3c0dafad32b6b56212

SHA256
85efd034ab20457496314f7dbaf8fca0395cc413eb837da6f9d8c6f320ff305d

SHA512
29c9726718f5f3178710f59f46cf8d11a1d3e7b9bd66f28af24cffe183a393af21ba8b966f71dcc50fa4ead121378d587c2724531bb170d7e6d5e2f3b7573b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\download.sh

Filesize
3KB

MD5
7ee63552f419ae0a327b1f1dbff2786f

SHA1
503c9764c5ae18b3859bc2b7440aefe86c318d01

SHA256
93fa77336d496fcf59afa2f07c0c3ab38ea70d813fa8fe618afa0334f74d1423

SHA512
a0fa7119170c7275ee632ddd6a06ea7fda40b71aa9aef7f4cd25ee50c1f9c4fab4d0c0552f7cdc2437bd297f2d7df3c401023557660be30f53dada69215bab30

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
680dd2d54c2daafcddf4097c030ee810

SHA1
98586d399c5a78008e96dfa1e096d4fc1608068d

SHA256
b7ba45ff9af4df332aabf248e6cf4176b642f432d1d972ff6748cb5acfc322fe

SHA512
53959797fd34056e9a55ce71122d1806e2f33f06a8a7bd8254226958215c43d1f3502606e098a9edd287260e96e8eee68351b313d2d9c6eefb2301c1b04127a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\sqlite3\sqlite3.c

Filesize
8.1MB

MD5
e75680ffc7df73d060b0606c038acda3

SHA1
01884eaa4b082313268d0b7226cde0fcecdef2fb

SHA256
a14656dda33e8cc26092aa50ff0b32a0680401119c1f3553af492f45499cb69f

SHA512
35046ef167be5e93ab8da4a485fe2946b1181d53d21bde13e51083c16a03ad189ab32913590b29d09863081a5ae718c41f53dbe2610376d1a9bfbcb0792a6e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\sqlite3\sqlite3.h

Filesize
599KB

MD5
bbfbb99c53e99e88e99fccd893b0a0eb

SHA1
deaefc1a050bacdeef7ccfad3ebf2e2b82383f7d

SHA256
abe0057c5506263d399da1f3d577f957b1f4fdbb3f340481f8cd4da7dc9f1ae5

SHA512
c6ac370a4a892d6c3ee115a1d9186b677e16440c22d14438c2cc17893ddca0daec5f41126a638394d3936571a5f1913fc83ffa1191dc822bb9a5bfbff8cccb4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\sqlite3\sqlite3ext.h

Filesize
36KB

MD5
f24ca63ce331bcd2fde20e5f40cfc7ae

SHA1
9c949ee96507083e75a95df9219e73511b29acd0

SHA256
7f9ae3bab94bbc62d909fbb0149861b4a0832299f12d7ccbfecc7f28a8d27aa2

SHA512
311c8cdefd72c6921eabdc0704148a32c542969204052ae459a47ef40b789702aae776e4129c65ac25d5cbd6d87f172514a59e57568f8289e2dc165b0c051ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\deps\test_extension.c

Filesize
588B

MD5
0e6f9c6c729b15b527ec67c0de02384b

SHA1
f998b9e3a6b3513f1ce2730663a53d2e835b9b0f

SHA256
4fb2c0e7b6acdc4362895ca610549b70110bce553cce2f3fac1b87675102896b

SHA512
93323961092db446c3a12e2853005e3bf3a60c6cdaf952952201a48b823f99255570550223d70931b8adce700f98622c6d724a77a295e2a7ff13f0e27b2ffd6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\database.js

Filesize
3KB

MD5
24a936b15ed57fd9ae402e21fda5ae2f

SHA1
c2f0c811a96e06903d451cceab499e3a234d4014

SHA256
07f26eedf4cdd08273a6509a13a7f34de77a455282abf6c8ed9e00e8221fe8d0

SHA512
be9b94a4b3ea85c239ff0008e327e05a50debe2e100929c81f59a82c332494311737ba3d20dc495842d7668a465c1f03521214651ef52dec0550fa200b61a751

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\index.js

Filesize
110B

MD5
26660b3078523a953ee252b4e86e1c8b

SHA1
f7c22bdc8183f6a9cb73a9b4a735a5bab7ca01b4

SHA256
82db11c4ee43a41d859988c5db42c3771dff565371f94bacbd1e4d8d6ceb47cd

SHA512
d4f32ba712ff15e8b6a1634eee089057a4716318b90e932b95a1c1cd30945ba708e7e725316fc824107637d2e97a2a64193ae81c0a3d2484651f52122bace99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\aggregate.js

Filesize
1KB

MD5
25fdd950809b2b22d0ba6917fe014c35

SHA1
5555b3223918668b5bf244e892b1d6a258f0099a

SHA256
e9f74eb919ec93fe089c95ddf25a98f1f631c80418fa34fb2346ca1bc29f1b82

SHA512
50516a2d2265513dd7ee727cf9cf21d118601a0ee2b9de61111c6f5fd8933915f3029ef6f764f7803cf5438725c6017002d7f58cc36988d97cc1bdb805dd42c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\backup.js

Filesize
2KB

MD5
69638dc10c19961a0c05350ae333d6a4

SHA1
5941988b67c6fa083358002ba36538f1e39ad03b

SHA256
ea29d34992bb02e006d0fdeda9675ac5d2bb227aaf57468decd997e9fc9c7dbf

SHA512
495ecffdadbc8c9bb2e886f9f7a93668fa5b2192a0ba79a7e1a9d3c2640e0520e39f2d2c6f3a26b55c72ff882bff43ed6439c0ad7c7622461e6ccaf1ee8f119a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\function.js

Filesize
1KB

MD5
1036ce624efbb9fbbb387fec25fd1bcb

SHA1
35395f7ef4c18b845582b9289bc802d87c9e3c11

SHA256
f431d49303b8bbdc044b1f1b455bdad21fc9b74b007de0acb22f08f25b4febd3

SHA512
7d65a4bc5bf5c9b97dce021cdb8c888cf975ad24613b12b239db1e03a98dda89faf7b1b204c906f6dde5439d22414d9b4410554d01eea8fc121287ed8821f9a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\inspect.js

Filesize
174B

MD5
21784edff107eaec0e9ef7e66e83552b

SHA1
6b59caa4cc8a568a8ed3f184a075d66c68f17d08

SHA256
4975a78daee850adee62ba98719d0f223819a0ec135a07c0e302994bd8dbff61

SHA512
9bf6d36dbc01dbad11d5d01c0b662620bf6c0cebd85c0065882e8ec57e3304bc4d301add25bf57ea425a270f3ace6a44fcb958dcc8bf993f411eb81a5369adfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\pragma.js

Filesize
536B

MD5
9354074a096ee1cf58905ca8dabfd60c

SHA1
63e6c02339c45c252ae3bb24267610a636117eb6

SHA256
8b1c54475bd4340b15e25c50d53d06308be65f8f919ecbe4aa9d285ca859ad5a

SHA512
32bdf8866d1c4e3db8a2ca65df2c1bd0d33c064d4cc526e264587cbf9c09ba7b97c8adc430a9dc019d9863e0e90b4318442ffb5cd08e0de52cdd4f081b5150b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\serialize.js

Filesize
625B

MD5
41cfeffe67a2975f68aeeaaed0bf384c

SHA1
321f3f817bc095c34b76d060d706ed2cc48f204d

SHA256
7a10ee5c2735384b7f0c361811bc6d017db29f62b203fd3c68a35f667e2c2605

SHA512
8a0ad9732b5a07866eee742b2e884e521111f213af9ae39ebd92fa029d88f087c43f8826672d1fac5c571d14b284f20ae25e12aa4058a7881d6fd5e93c0b0a0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\table.js

Filesize
6KB

MD5
43137a36158617045d106a2ff534edaa

SHA1
f365ee98f7e36d1bab09e58187d467dd5f73b6f3

SHA256
97c42d9ded1aa96c7d916b5b92f96b4e59581d50eaf629cd2c7afb78ff26a9ea

SHA512
f4330d881ae76d41083d3ba9d0056697abd634638a9951a4ebe4044fb79eceff4da034d22d9ba2ad4cd1a208fb0ec1c47855da781d9c9dabc34979f6f7f9eff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\transaction.js

Filesize
2KB

MD5
24ebf5ae6622b899148042f1eb9f63c7

SHA1
6facde1733ade716aad6affbf3b128f720f005bc

SHA256
cc472f59d5aa3487f4aebd53a1d886edc6aa418f79be90828a05cbe6cf97d4fe

SHA512
ef1a396860792bfb07eec777914caadd7506dd135f673a4b2febd7154e33daa691803281ef3167061c1ad6977923f0b150c188b4a63d410c5683fd113cacbbc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\methods\wrappers.js

Filesize
1KB

MD5
9e2ba6058f66127065c27ea3e81b8e68

SHA1
92346423dab9536ca4afa50e7ef171843d5eba5d

SHA256
a150a6271d23f4e5f8953b129f370ff096c7cdc4b812afbf080a6cf4ab741bcf

SHA512
2b6644404fea27117b74f904bc608fa42e36e3b100f51010394ef917df7c48f40af018e5b06243d31d7ccba5ab05cb32541566e79775df482e09a107524d091d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\sqlite-error.js

Filesize
717B

MD5
e1372372ca8f94dd66666d886a81f9b5

SHA1
437034e71dedf15013967b540db157cbe3eac3ef

SHA256
2582d61c27680dead168543f392eb102be621dfbef282a4ca4c7c21aa5e7c75d

SHA512
5bbfce635aa1b10b30f1703eded4256224500705e3b14c7cefcd522ad703596d15d6cfee7914dd70700827afd01a50d61bef1954d29b8788bf6347f96e9cd8d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\lib\util.js

Filesize
331B

MD5
a5d75fb36bedb4938a8b9dc6525fd515

SHA1
b5270aef455a7de04d31d19713ed7dfceb55fa06

SHA256
92b2e39e2151b43a2252e10b6d6de876ecaf0008336a4fa1dfe1317b20f1916f

SHA512
c181b25f5b991826159125a4f7af8ec0f8a7bbceba674121f144f401295670136daa64598d4e0f48cb8ea2849000ac8e7f59881220f6a30a4905ce9309db8067

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\package.json

Filesize
1KB

MD5
01dafa1f0a68f87e0a00b6455bac0027

SHA1
87f5aa630d3c6955717274bc5e0f1f9ca4b9f675

SHA256
9f9859cee9e590e1d7c2f50b00d67fd8a36bdda041b5e2de1408981e2dcd5c45

SHA512
115b2575e2751debba9033f62a26613f68df60e74a8d288d6506ffdbc7f35425b6eb3d20cf6ffc5f2d51efc4e98418d5400bd630a1823930970f66d592c4d8bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\src\better_sqlite3.cpp

Filesize
126KB

MD5
89d78729bf0adb1688cdcd63a2f9c1c8

SHA1
f1323db4b178309fe832c134d222d2bee81e313c

SHA256
c85a4053adf167882d1599eafba6240ed08629e4c156b450842e828967a64d4e

SHA512
4422768d7f89d3e9c5bf69527073f6600d77de8886145bdc2f8c7d69e21b96c94ec928fcfcefc4449e9e7b0a9f128b7e48b0fc922e2ee399bb56913e0daa063c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\53b88af8a78050718e1a282af077701921f1e2c7e0b4592d197eab2018240282\better-sqlite3\src\better_sqlite3.hpp

Filesize
42KB

MD5
054b68fc41abc6ee165b5886f7aae461

SHA1
a03e43b00b717ebd4a51df31458f78a5c4078b59

SHA256
569d67f29b6ddbb87a3e648f9b006187c0ceb973d7289c05931b0b7c1d17ee98

SHA512
47a1ef9f2cadd3541e4e16739733c2903061aacf22aea319a656f1ec662360b657a3cdb2285648ab176228beaa0f248a77e1f137a0c8984451f9719a179ac294

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\LICENSE

Filesize
1KB

MD5
9aefff5edfd041fb76b4cbb7f495af7b

SHA1
aaee6142c0a583cd894312742fee18e15502813f

SHA256
717f0211701da7642cfb0523da4ea6b0b06266bb154f084037de2f6afe0c612e

SHA512
ebd7ed4790491338a1c15a6171a33b6559a2905d7ca0499e89079e54312a0e5d43ea4f33908507acaf412a62b320897574cc7ba99f9afc2af7e9226dfb03d86f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\README.md

Filesize
1KB

MD5
97f48a44833d649411525b34f1dc4ec7

SHA1
faf7cd99ab884c7cbc8054bafd76ee8eddcfd0b6

SHA256
a5fff805b69e107391b4b9acfc2282838faeb8912aea9bef98980166de2ce469

SHA512
d24a6be43669c6dd9326421e4d4b48aad56f27febea3b259429943121d9643f0e043a18803549eeb3d8ca5f005f6bf149185d6fbcafc6e91775f7acfaf23fbff

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\binding.gyp

Filesize
258B

MD5
1bc6aa9e438b78e8110628d98f5cf2b4

SHA1
bfa6e3adb4b5680a52cf722a5cb6c4d45f23f2c4

SHA256
a218ef5a1dae1855ed810643cee24ad38f9701bee633c054cf08d6d9bec06353

SHA512
86fcd4f0ff490ae01457310b008d3a92c33c163d30c85329ef9573d4ed6779bdc24560d7c8453ed2c94679ae1d721a68cc5f0039627b0881be80231964a31622

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.exp

Filesize
801B

MD5
4d5ded7f611c940ac65d3d14c76e4064

SHA1
e5f84814a9d43bb4a059f9111f11053b46ad4c38

SHA256
662e6d3cca85e995a44b14045d45eaa4506a7bbc0314f049bbe2227399c3f17a

SHA512
6397bec9c5dc1425f195f6a106d321623f0b57503c8f7aca89702c589ec79c027959e34d37ef071a045481df9c3182c9da218ee32f4a0ff52ef120781f8fd77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.iobj

Filesize
285KB

MD5
99e84ab9cbfd7445817d3b300c36e870

SHA1
caea9a3bb669a811612943110be9488433dc9286

SHA256
3f4e1c9279afc912cbffcd10a1bf15a5afb7bcda18fb3edb22c336919518289c

SHA512
432c8c39bf8af2ee34a4b526a0e7d89f9bcdc6f12935434dd0a6a12725b9fad5e6c7b89979d4af30149374418a38e4294f8955a1dc2a0244d3f64c4d3f7a1274

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.ipdb

Filesize
94KB

MD5
a11b44e28d00ae05ea17973fb5a59bbb

SHA1
6a55ec887b2078f643ed929f5face99956758046

SHA256
b643e6da920d54742a4298522ec919f85161746552ded05e8a08c8f4cc0f4a8f

SHA512
04e439e2bf4b850f47164098923d462288b783d0bec2be2ec24f01f980a166de7b4f6f920c742467b19c38d363da6ebfa6f4288ea281dbe0ae3284db96133ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.lib

Filesize
1KB

MD5
baefa4ed6ea38a5805c121577fd920ca

SHA1
244df23ff89a218f3b843610163afc3d6dd36339

SHA256
acebd2d59670f05777f8103bb1d0b9127ff2f3321a66171713ebd69b32f209f0

SHA512
6e710b260575bacc7324dfa2ecc80dd3bf34905da3aba67de52ca46382bccd13f6702a0e5fa5fe9bfe6faa652f57696038e4167678beca4a9c789048f5f9b09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
dc92b8e77d869866a6af82409fae0af2

SHA1
a0edf2ddf35304854a134eac14637239fe319292

SHA256
81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2

SHA512
dbfb1656b9aeb116993e9034d8a422a8d61d89f861221e15491d8dde04231eaa357573de59eab65b49533e03f06699a508dd27ed6b85ac94c882f505d22a0bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
dc92b8e77d869866a6af82409fae0af2

SHA1
a0edf2ddf35304854a134eac14637239fe319292

SHA256
81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2

SHA512
dbfb1656b9aeb116993e9034d8a422a8d61d89f861221e15491d8dde04231eaa357573de59eab65b49533e03f06699a508dd27ed6b85ac94c882f505d22a0bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\node-dpapi.pdb

Filesize
4.2MB

MD5
2759c80459081fbbc415d1868d7b405d

SHA1
107a82d7a5425c0580dfd08305e678d5c982e49e

SHA256
7d05c8e5c81a58bfe7b2029e50311afe2b131ccbc7165f956fc6a2c9c9b0f202

SHA512
bdcedd39f6ab5e547a40ae46de42daea0f4c96918126332983373902830ce178132daad7d299ef93dc4178cd469076be7cee593d7a1408041acd0dfb247d1299

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\obj\node-dpapi\node-dpapi.node.recipe

Filesize
315B

MD5
56c98bcee13b792ccd89e9f451c87d37

SHA1
5a1c670f46c8010e1d978a87bf22e867a6986e8f

SHA256
c023cd0c79c0c378834a16f3941f1ebb1abc06c45faf7006eb448fe9286480e0

SHA512
316972ede3cd1f643edcc76da2bb3fbfa0c4cacee9bc2d4f109707e0442af79cbc53d39c994161b9b45485e36fd6aac5892b89515ea3f47b5e72ec255a6ad0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\obj\node-dpapi\node-dpapi.tlog\CL.command.1.tlog

Filesize
5KB

MD5
1550a093f447eb9b9b1ffafec2b054c2

SHA1
746fa82dd40620d9b3561d443f0651fa3dc3c151

SHA256
ec662b8030c45bc2cf410ec7b574782ee211960a1724bd01fb39df46fc34080e

SHA512
63043f595e7356f2d7c0376f5ad3a707610a5abd9a3bfc4a1dbdd562b1ffea49ed9bb8eff4ab3bfcd48b14ce6b89448f282f8c2b62261fa44d3856f9b94c8da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\Release\obj\node-dpapi\win_delay_load_hook.obj

Filesize
91KB

MD5
13de1f2bf57f9f9d9489a3199162dd4e

SHA1
bfc6f97489037be1bf3dcdab9c7c69f02d0e20b5

SHA256
abdae1531751b5567bc0712000845983c7cd55840d3c9cff34e6fc1c098f2c15

SHA512
de42fe83097e99567461f6fa976f475a197f02169291930844a0f15a272fd586f8faa4ae3bd73a265784f6e65769b0fcba5323e5b3bb1854b967b91fef4456c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\binding.sln

Filesize
857B

MD5
1d29918ece1b855fe9e30e57c3913b93

SHA1
23edf350710ecbefcddb60c280f9b83779052beb

SHA256
75473105ac66db9105a1571d7c8898729088385d2b36e70b51a4c16afdd9f421

SHA512
51f137435416f503c2ca2b109aa376b21918ee2b0d986d28ea1239912e26c936a6105857968c09f13522a8360b02866a107216b8f5df2f31228ba63bcdd3fd10

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\config.gypi

Filesize
11KB

MD5
0f38041d40882bfd54f5d9186eb3bcc1

SHA1
030dcb713e5f8faeda9b0ea534d753386f681ff1

SHA256
49ddb56fc8fc0fcd583b30af107f19d7a9386ee58795786324bee2d63df2d5bd

SHA512
9132c4f2060f20e1496dc8b195ce14303b3a5548bf04290b60527d085f11883ebb1c15414c5572a551927f53a41ebf3090b276fb3c09fe821b799534ee057983

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\node-dpapi.vcxproj

Filesize
11KB

MD5
6b772909446184a5973860e013993cea

SHA1
9022f8aaf60e785651e6ff656fdccda2a4855e02

SHA256
001247d590932899db3ee64f172cb745ed7712714728b37e9d6fe2f8d256bcfc

SHA512
a792793d661d198da3f79819c450f43ba4fc65c793d77656e351b3638ad5272a292e1acfdf6a3fbede372402c20b5af35d3f23a3b49cd98480e67e7acf03f3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\build\node-dpapi.vcxproj.filters

Filesize
2KB

MD5
e57557774d92cfa4e16981d28bf1bf7b

SHA1
a07201941a8b97396851e0b05daf7cd4d7f111f4

SHA256
1420051bbbc50609306adfa90d5812891b090507b21909b323913f6328612f0b

SHA512
95c58c997f0b1e05cb6810898599c6d1bd961c59727241f16f9f12759a584b8df4ee407dce9459662ad31d172b31a92aa219ee518eaae19c368162101ce4d0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\index.d.ts

Filesize
356B

MD5
2db9bfb26513a90e105f9aac10c7c5e1

SHA1
bdc56cfaf28634d321fd33a071fdb05e1a803463

SHA256
b50b63943caaeb1d0284bf01d61ae185eda2b2d98b7ff9e9ad89e1b677396f76

SHA512
03a80e56ea6673c578585f909a8be68e9ad27af1da1846d29c5de82e3418297c66c8dd263d4686bbfab35dbdf8cf3b300213d8ca9673ae88011dcc46caf94f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\index.js

Filesize
150B

MD5
3435964bc7dfac0e215f796b2ac3be34

SHA1
7d7f4783ef7e73ea1badc8627d3285230cfd90f4

SHA256
006729b3f92963f13ecf83480eb36b8f61ed88e9dc3afcb4b18c7c11e7710d71

SHA512
b4db24d916b2e9a2e0e3a45acc723933029ff9e9681ae04b6e37764a3f1b9d7859c68973f25923403aa02b5d2795137d9b5f934e2c09045f99c1deb578339100

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\package.json

Filesize
493B

MD5
8555a0a4293d7aefc1574b8d3879a83c

SHA1
a7d434e9418d9ce81ecf2d25b45c3dde4fa9661a

SHA256
ccf44393a655268646df56d826085d733023ba3d4232d57b55b57df390d3914a

SHA512
0730b5453494a674491715c6a7bc2237a691c379dfec3152147aab3a448dc11bc94a79d11c7d6cea3fae28060a2f34e5bcb92d51e7c0828e4b6d992f78d38ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\81aab2bb7227d24493d1f0d2483a307be716c84a733b54f69e671071715e10c2\win-dpapi\test.js

Filesize
772B

MD5
015e1a86204dd1ec03bc57880ea3c68b

SHA1
46b12b578970ffb5f0e8dc6abd3fb046a62e1418

SHA256
33faaecf1767130e5fa01b420bdaeb810d095ac71fcc9d24f3fa590708085c54

SHA512
a72ff480daf0ee5d1b99a2dcb3dc7a86bd27cacd307047acfeec444bce5941810a2c3a0649d46bdd2d02e52153a555690808f957628fc43ae5ca4babc0c20f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.ps1

Filesize
419B

MD5
bf77c98084bde13aa379a5527a0f5850

SHA1
8a4d1307c3952d00ab3279baee4a03f899de7f1c

SHA256
c88eb353b4e1fe7f02529f9e8b48b21cee2c813674b32843136861f885053e3f

SHA512
8237fb209695c2568f4d3ada3181eb9a65ad16140896a5f8013ae267048ecd6994cddb25fc7ca0849bb0c484ba7be7a738a3ca0cad6e85d75587c4a2c37c60ef

Download Submit
C:\Windows\SysWOW64\SubDir\Client.exe

Filesize
672KB

MD5
561a7ddda53177362dc0ac85ec84421e

SHA1
1d0f2a9dd397a6d435063fcdd76f02dd04ab1b7a

SHA256
b3e2c9fbc435b5e2f552234b0e1c4ec7bb2ebe5f53413268b1089038cfe5748b

SHA512
8dfcaf20f68e0c9ba7e768929e12e930a466d352ae8f5b452af0e603722e048b60fb4272c280a52f87eb3d3f25ce691ed6afd4285f440f18d68af22fe8d6f6d1

Download Submit
C:\Windows\SysWOW64\SubDir\Client.exe

Filesize
672KB

MD5
561a7ddda53177362dc0ac85ec84421e

SHA1
1d0f2a9dd397a6d435063fcdd76f02dd04ab1b7a

SHA256
b3e2c9fbc435b5e2f552234b0e1c4ec7bb2ebe5f53413268b1089038cfe5748b

SHA512
8dfcaf20f68e0c9ba7e768929e12e930a466d352ae8f5b452af0e603722e048b60fb4272c280a52f87eb3d3f25ce691ed6afd4285f440f18d68af22fe8d6f6d1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\3tqc1fov\3tqc1fov.0.cs

Filesize
331B

MD5
290cee718da5975e051415a46af47a4a

SHA1
8099250c47bb93d821def350b467521e7cf8d5de

SHA256
26d220f0926af717fb195e1ec05f2ecccee3fbd37fa92148774bb5604557c9c9

SHA512
306d86ec0c4bc64594b4ca336822030926eaea0873ccdbcf989a721d307b19831761a15b3a222f6ec0dcc44ba0fbacac6ffbe7da0f7a447d5d34d76f3f029510

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\3tqc1fov\3tqc1fov.cmdline

Filesize
369B

MD5
23d84c33e3bd1e001601ea1df79dc02e

SHA1
a6940e8daa291e9206f27b6a96e477c2e1b84f37

SHA256
77b557ef3e3237d7fada6c478666683e2643dcfc28179e3a4365904dd811075c

SHA512
f1ef62fee9639bc96216619d206d26f11a3d27b520ac1522872f1d0c64512766c1b40a7f16ac2aa912d321f1cd8ce8272bf6e85af1bc40ed5b49349722c7f8a2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\3tqc1fov\CSCCD2E6716A5EC4E3BB4F431FD5F93235C.TMP

Filesize
652B

MD5
85932a0f0b85d0e680f173c4673f86c9

SHA1
c37880126a712d9c1e42553f91daa96b1850154c

SHA256
8061e051b98c84516bab572e573a6ab5b715069c181ceaa47f4d993805119760

SHA512
207efb6b5cb52ed4795f73c9beaf8ceca8a627919285647983c6cd867399b01541f4dcae81d01e42aceb31d3ea986965fd6f0ad98180e2c205c6daa94e002b98

Download Submit
memory/924-168-0x0000000000000000-mapping.dmp

Download
memory/1080-241-0x0000000000000000-mapping.dmp

Download
memory/1340-171-0x0000000006FA0000-0x0000000006FAA000-memory.dmp

Filesize
40KB

Download
memory/1340-151-0x0000000000000000-mapping.dmp

Download
memory/1388-179-0x0000000000000000-mapping.dmp

Download
memory/1512-240-0x0000000000000000-mapping.dmp

Download
memory/1596-157-0x0000000000000000-mapping.dmp

Download
memory/1740-184-0x0000000000000000-mapping.dmp

Download
memory/3064-162-0x0000000000000000-mapping.dmp

Download
memory/3108-180-0x0000000000000000-mapping.dmp

Download
memory/3124-185-0x0000000000000000-mapping.dmp

Download
memory/3420-135-0x0000000000FF0000-0x000000000109E000-memory.dmp

Filesize
696KB

Download
memory/3420-148-0x0000000005E80000-0x0000000005E92000-memory.dmp

Filesize
72KB

Download
memory/3420-149-0x0000000006B70000-0x0000000006BAC000-memory.dmp

Filesize
240KB

Download
memory/3420-147-0x0000000005A50000-0x0000000005AB6000-memory.dmp

Filesize
408KB

Download
memory/3420-137-0x00000000059B0000-0x0000000005A42000-memory.dmp

Filesize
584KB

Download
memory/3420-130-0x0000000000000000-mapping.dmp

Download
memory/3420-136-0x0000000005EC0000-0x0000000006464000-memory.dmp

Filesize
5.6MB

Download
memory/3588-140-0x0000000000000000-mapping.dmp

Download
memory/3600-144-0x00007FFAF1BC0000-0x00007FFAF2681000-memory.dmp

Filesize
10.8MB

Download
memory/3600-146-0x0000021D64230000-0x0000021D642A6000-memory.dmp

Filesize
472KB

Download
memory/3600-141-0x0000000000000000-mapping.dmp

Download
memory/3600-167-0x00007FFAF1BC0000-0x00007FFAF2681000-memory.dmp

Filesize
10.8MB

Download
memory/3600-143-0x0000021D62840000-0x0000021D62862000-memory.dmp

Filesize
136KB

Download
memory/3600-145-0x0000021D63F40000-0x0000021D63F84000-memory.dmp

Filesize
272KB

Download
memory/4092-239-0x0000000000000000-mapping.dmp

Download
memory/4412-154-0x0000000000000000-mapping.dmp

Download
memory/4412-160-0x00000000058C0000-0x00000000058E2000-memory.dmp

Filesize
136KB

Download
memory/4412-172-0x00000000706C0000-0x000000007070C000-memory.dmp

Filesize
304KB

Download
memory/4412-183-0x0000000007680000-0x0000000007688000-memory.dmp

Filesize
32KB

Download
memory/4412-173-0x0000000006600000-0x000000000661E000-memory.dmp

Filesize
120KB

Download
memory/4412-174-0x00000000079A0000-0x000000000801A000-memory.dmp

Filesize
6.5MB

Download
memory/4412-175-0x0000000007360000-0x000000000737A000-memory.dmp

Filesize
104KB

Download
memory/4412-155-0x0000000002750000-0x0000000002786000-memory.dmp

Filesize
216KB

Download
memory/4412-156-0x00000000051E0000-0x0000000005808000-memory.dmp

Filesize
6.2MB

Download
memory/4412-161-0x0000000005990000-0x00000000059F6000-memory.dmp

Filesize
408KB

Download
memory/4412-170-0x0000000006620000-0x0000000006652000-memory.dmp

Filesize
200KB

Download
memory/4412-165-0x0000000006060000-0x000000000607E000-memory.dmp

Filesize
120KB

Download
memory/4412-176-0x00000000073D0000-0x00000000073DA000-memory.dmp

Filesize
40KB

Download
memory/4412-182-0x00000000076A0000-0x00000000076BA000-memory.dmp

Filesize
104KB

Download
memory/4412-177-0x00000000075E0000-0x0000000007676000-memory.dmp

Filesize
600KB

Download
memory/4412-181-0x0000000007590000-0x000000000759E000-memory.dmp

Filesize
56KB

Download
memory/4456-187-0x0000000000000000-mapping.dmp

Download
memory/4572-186-0x0000000000000000-mapping.dmp

Download
memory/4636-139-0x0000000000000000-mapping.dmp

Download
memory/4772-133-0x0000000000000000-mapping.dmp

Download
memory/5044-150-0x0000000000000000-mapping.dmp

Download
memory/5072-238-0x0000000000000000-mapping.dmp

Download