cd0d05edff074baacf0686932cfa19885c22588e580319e3c6a99e1970aadcf7

Resubmissions

27-03-2023 14:27

230327-rsnn3adh24 9

27-03-2023 14:22

230327-rp3zksfh6x 9

Analysis

max time kernel
100s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vanta_free.exe
Size

57.4MB
MD5

a5b1c8309492a63c0ce56866298665db
SHA1

f08e6aea1da73ab3d4859b353d325f2b6b460481
SHA256

cd0d05edff074baacf0686932cfa19885c22588e580319e3c6a99e1970aadcf7
SHA512

03cfe515a7ea3a7db6111a73c7b7e60108861c47737e16b4f42c391dcf174db26329c6f73245124a78d4701ec63765b7e07b8c21d8b7dbdda2c38e148dbcc8b9
SSDEEP

786432:DMguj8Q4VfvFqFTrYAY8tIRS02PrmlNcicqmDAgpv:DiAQIHFkHl02SU58gpv

Score

9^/10

evasion spyware stealer themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

Update.exevanta_free.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Update.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	vanta_free.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Update.exevanta_free.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Update.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	vanta_free.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	vanta_free.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Update.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

vanta_free.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	vanta_free.exe

Drops startup file 3 IoCs

Processes:

vanta_free.exeUpdate.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe	vanta_free.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe	vanta_free.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe	Update.exe

Executes dropped EXE 1 IoCs

Processes:

Update.exe

pid process

1432 Update.exe
Loads dropped DLL 4 IoCs

Processes:

vanta_free.exeUpdate.exe

pid process

3980 vanta_free.exe
3980 vanta_free.exe
1432 Update.exe
1432 Update.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
1432	Update.exe

pid	process
3980	vanta_free.exe
3980	vanta_free.exe
1432	Update.exe
1432	Update.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/3980-133-0x00007FF6B3ED0000-0x00007FF6B6E3C000-memory.dmp	themida
behavioral1/memory/3980-135-0x00007FF6B3ED0000-0x00007FF6B6E3C000-memory.dmp	themida
behavioral1/memory/3980-278-0x00007FF6B3ED0000-0x00007FF6B6E3C000-memory.dmp	themida
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe	themida
behavioral1/memory/1432-281-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp	themida
behavioral1/memory/1432-282-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp	themida
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe	themida
behavioral1/memory/1432-285-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp	themida
behavioral1/memory/1432-297-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp	themida
behavioral1/memory/1432-315-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

vanta_free.exeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	vanta_free.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Update.exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

16 api.ipify.org
17 api.ipify.org

flow	ioc
16	api.ipify.org
17	api.ipify.org

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

vanta_free.execmd.exe

description	pid	process	target process
PID 3980 wrote to memory of 4336	3980	vanta_free.exe	cmd.exe
PID 3980 wrote to memory of 4336	3980	vanta_free.exe	cmd.exe
PID 4336 wrote to memory of 3080	4336	cmd.exe	HOSTNAME.EXE
PID 4336 wrote to memory of 3080	4336	cmd.exe	HOSTNAME.EXE

C:\Users\Admin\AppData\Local\Temp\vanta_free.exe
"C:\Users\Admin\AppData\Local\Temp\vanta_free.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Drops startup file
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "hostname"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:3080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3816

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:1432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Save-ISpLJN4RkQ\Browsers\downloads.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\binding.gyp

Filesize
1KB

MD5
c15ddfb3a6b52dfb1296423cd1742b79

SHA1
5974a5e7b7adf82c77d5ac39658efc92c95af51a

SHA256
82567c55bb0ba88de564bbc66e7e4557b1747caff6bb950ce568c87f73050e8e

SHA512
35bc7f00b8663d6fb18341d461f9031b7fee823cee87dc6ac6e1926be31db0503b1e32b5a6f08754194b2fa97207deb774b41322d7ff6dcbe0f3b9b73a5aba5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite-autoconf-3390200.tar.gz

Filesize
2.9MB

MD5
f00711818d0afc18f4b1b3b7207176f4

SHA1
fe360190393296b956c5db2a448ae2b5692d0377

SHA256
852be8a6183a17ba47cee0bbff7400b7aa5affd283bf3beefc34fcd088a239de

SHA512
c16b50ade3c182d5473014ac0a51e2bb8a5cfc46e532c2bda77ae4d530336e2b57aa4f12dccb6aa2148d60e9289305bf20842ac95dc52f2d31df8eb5f0599de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.d.ts

Filesize
6KB

MD5
ef8ef3bd8e4332d3fc264f0adf877b8d

SHA1
7e4d52f5e397ed1d51dcced24ace9a5e00f91500

SHA256
a39db87a3a3aa954ac3f6553b9fbfc642eb22bef7586cc1f0559e676aa073fa8

SHA512
5e456ee839f988fed95f816278a3da6998c8757403b98351c4bc26ca197146747b7a20e0c1a702818053547c4d9f9bcf9607bb778c88ca7cf22f21d9c9b4b091

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\package.json

Filesize
2KB

MD5
4092df8ba917fc1f5c1a894e82dbcda7

SHA1
64f6bd61b1f5add58797b1cb4b7f2c4f0209ee93

SHA256
6e76bbf0929f90c0fd803b4a5c920d2a3895d0d6d5f21aaec2d581ef55b54854

SHA512
878ab30b2a488caea72a0ebfdedb6769a84726811cc7dcc3723200244d2348ff525644637fd7a5517c4a034b19a1b4008ae9ae1ec4e8161f3b3092cbf5a1eb6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.cc

Filesize
13KB

MD5
0378851cbf52bbc5bde41bcc23532741

SHA1
ebdf918ccfd19a5b07e71d6e446d203468c32ff7

SHA256
c011d2d4e3ac82c55a8f9a9af39d4adea144ab5f1d2dc259299fbf6107b8a6d0

SHA512
cc7354f3d9a815156c5fd8cd134b61bd398df707a79a3d8d287018d58a9ec326cf0d238138a7dbc2e3f0ab0a6ef8063339b531769e25707263d4782cf88e5947

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.cc

Filesize
22KB

MD5
d3e2d9c6b33e40f55f6e7c8ca338ea05

SHA1
49a0f20904612566ad64b01e4bf32ac36f1e3acb

SHA256
9b799ccdcf9649a9b79d78dcc2882f60e1a9bfbac98949ad18cef97cb433b22b

SHA512
6012fa83d0cd547d8401b8f9342da046e940b1fe135e6fb71d79d80444ba7101ad161a157bf5e63ec8a24a8cf7a48f641de1d4578ab4b49204294f8951030a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\node_sqlite3.cc

Filesize
5KB

MD5
7d033e9b15e4f2230d8ef59cde708c69

SHA1
9b05c5cf3f4fc9b2c20ba46420002bb48edceb21

SHA256
e80fae190ace1a5153a397ae9fe55d6d28651471fb7bebf9bbb5528095d70f44

SHA512
0e709a8c58b73cf6d90f99ce2e0d9f2dbd8defe8dc8bc8919f82ab8ce66e7b4435dacb25b919e3a75030777e6a91beb2132653424b129f12d1169e6a28ab163c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\statement.cc

Filesize
29KB

MD5
e4fdd4a8050136f79a1812970449eaaf

SHA1
2aaf4df70fd3b3acc34c258dd6067c259de33a18

SHA256
f868e9b32074053bdb621d6d1ffc8d8dbe65d14f95b273d57d97b0479741731a

SHA512
0ca732aa6c706bc0c0c54d09ff31e9c648c7baf5fa81ea44606276072767664f0d72cbe3f8c354eec120f5f2040dcda52481d9d32ba286f22c23cf51fa6919e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\statement.h

Filesize
6KB

MD5
13d7bf3557e57ef3036bad68cfa8faae

SHA1
94c1af952f38e9f1ad2d722ec3a063fbe666e66b

SHA256
2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf

SHA512
63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f\win-dpapi\build\Release\node-dpapi.node

Filesize
137KB

MD5
56004171b2d27b113a96327ac3240d9e

SHA1
6b481e8a255ce889b0500a63162452fffa44fd08

SHA256
e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f

SHA512
67c23466a5a7fa276391a08d40122ad6336d989e7c33515f7de68386448a8cf6c5a826580416d3b0ee49c1a31e73a55b420bb0794d64087ef593358706c3ff7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f\win-dpapi\build\Release\node-dpapi.node

Filesize
137KB

MD5
56004171b2d27b113a96327ac3240d9e

SHA1
6b481e8a255ce889b0500a63162452fffa44fd08

SHA256
e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f

SHA512
67c23466a5a7fa276391a08d40122ad6336d989e7c33515f7de68386448a8cf6c5a826580416d3b0ee49c1a31e73a55b420bb0794d64087ef593358706c3ff7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f\win-dpapi\build\Release\node-dpapi.node

Filesize
137KB

MD5
56004171b2d27b113a96327ac3240d9e

SHA1
6b481e8a255ce889b0500a63162452fffa44fd08

SHA256
e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f

SHA512
67c23466a5a7fa276391a08d40122ad6336d989e7c33515f7de68386448a8cf6c5a826580416d3b0ee49c1a31e73a55b420bb0794d64087ef593358706c3ff7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f\win-dpapi\build\Release\node-dpapi.node

Filesize
137KB

MD5
56004171b2d27b113a96327ac3240d9e

SHA1
6b481e8a255ce889b0500a63162452fffa44fd08

SHA256
e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f

SHA512
67c23466a5a7fa276391a08d40122ad6336d989e7c33515f7de68386448a8cf6c5a826580416d3b0ee49c1a31e73a55b420bb0794d64087ef593358706c3ff7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f\win-dpapi\index.js

Filesize
150B

MD5
3435964bc7dfac0e215f796b2ac3be34

SHA1
7d7f4783ef7e73ea1badc8627d3285230cfd90f4

SHA256
006729b3f92963f13ecf83480eb36b8f61ed88e9dc3afcb4b18c7c11e7710d71

SHA512
b4db24d916b2e9a2e0e3a45acc723933029ff9e9681ae04b6e37764a3f1b9d7859c68973f25923403aa02b5d2795137d9b5f934e2c09045f99c1deb578339100

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\e10aac7f4d6da58e15d7dd196cbcace09cb6c9a0c9c83fbf6fa9df14f3bfba2f\win-dpapi\package.json

Filesize
493B

MD5
8555a0a4293d7aefc1574b8d3879a83c

SHA1
a7d434e9418d9ce81ecf2d25b45c3dde4fa9661a

SHA256
ccf44393a655268646df56d826085d733023ba3d4232d57b55b57df390d3914a

SHA512
0730b5453494a674491715c6a7bc2237a691c379dfec3152147aab3a448dc11bc94a79d11c7d6cea3fae28060a2f34e5bcb92d51e7c0828e4b6d992f78d38ab6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe

Filesize
57.4MB

MD5
a5b1c8309492a63c0ce56866298665db

SHA1
f08e6aea1da73ab3d4859b353d325f2b6b460481

SHA256
cd0d05edff074baacf0686932cfa19885c22588e580319e3c6a99e1970aadcf7

SHA512
03cfe515a7ea3a7db6111a73c7b7e60108861c47737e16b4f42c391dcf174db26329c6f73245124a78d4701ec63765b7e07b8c21d8b7dbdda2c38e148dbcc8b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe

Filesize
57.4MB

MD5
a5b1c8309492a63c0ce56866298665db

SHA1
f08e6aea1da73ab3d4859b353d325f2b6b460481

SHA256
cd0d05edff074baacf0686932cfa19885c22588e580319e3c6a99e1970aadcf7

SHA512
03cfe515a7ea3a7db6111a73c7b7e60108861c47737e16b4f42c391dcf174db26329c6f73245124a78d4701ec63765b7e07b8c21d8b7dbdda2c38e148dbcc8b9

Download Submit
memory/1432-297-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp

Filesize
47.4MB

Download
memory/1432-285-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp

Filesize
47.4MB

Download
memory/1432-282-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp

Filesize
47.4MB

Download
memory/1432-281-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp

Filesize
47.4MB

Download
memory/1432-315-0x00007FF6BDCB0000-0x00007FF6C0C1C000-memory.dmp

Filesize
47.4MB

Download
memory/3980-133-0x00007FF6B3ED0000-0x00007FF6B6E3C000-memory.dmp

Filesize
47.4MB

Download
memory/3980-278-0x00007FF6B3ED0000-0x00007FF6B6E3C000-memory.dmp

Filesize
47.4MB

Download
memory/3980-135-0x00007FF6B3ED0000-0x00007FF6B6E3C000-memory.dmp

Filesize
47.4MB

Download