3c2a264125e31a22a5b1d1b92e8d93671498b5f3d093bebdad2566362695c183

Analysis

max time kernel
200s
max time network
36s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

XMind-for-Windows-64bit-12.0.3-202206241736.exe
Size

94.6MB
MD5

f0186214e503891f98428c3ee06af9ce
SHA1

df01d2ad8155a8665ab49fe604b7b54d95b52e33
SHA256

3c2a264125e31a22a5b1d1b92e8d93671498b5f3d093bebdad2566362695c183
SHA512

d1e4bf352529c13ae8c93d5ea8a04666177905e178add6f9a3072ffc3562626d0a7830a80c21604bf20f2d1fec8df82acccddaabdcf65833e46ae954f6bc32ea
SSDEEP

1572864:0AgcWzgjFuXBX5jFikMcD41Op95BszWMZGZ7dH0eHW3sVFgHUofqkp8mA5ZEe:0AlWzgYDjd41OrzPZ9JVFg0BkpaOe

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\posthtml\package.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\regenerator-runtime\runtime.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\xmind-vana-osx-sandbox\build\Release\obj\addon\addon.tlog\CL.2572.write.1.tlog	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\restructure\src	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\domelementtype\lib\index.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\number\is-finite\implement.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es6-set\node_modules\es6-symbol\is-implemented.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\ext\node_modules\type\safe-integer\ensure.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\fn\typed\uint8-clamped-array.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\math\sinh\implement.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\htmlparser2\lib\index.d.ts.map	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\process-nextick-args\package.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\acorn\dist\bin.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\fn\array\reduce.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\reflect\has.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\anchor.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\modules\_math-sign.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\array\#\fill\index.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\error\#\throw.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\ast-transform\node_modules\esprima\bin\esvalidate.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\babel-runtime\core-js\reflect\construct.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\d\index.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es6-set\.lint	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\esprima\bin\esvalidate.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\acorn-node\lib\private-class-elements	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es7.object.values.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\package.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\array\#\slice\is-implemented.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es7.array.flat-map.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\array\to-array.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\isarray\Makefile	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\prelude-ls\lib\Num.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es6.string.code-point-at.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\string\raw\index.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es6.math.imul.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\object\get-property-names.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\has-symbols\package.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\convert-source-map\LICENSE	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es6.regexp.exec.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es6.string.repeat.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\iconv-lite\encodings\tables\big5-added.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\babel-runtime\helpers\_possible-constructor-return.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\fn\array\map.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es6.object.freeze.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\modules\_collection-strong.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es7.string.pad-end.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\fontkit\package.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\fn\typed\int8-array.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\system\index.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es5-ext\object\ensure-array.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\es6-symbol\is-symbol.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\fn\array\virtual\reduce.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\link.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\es6.math.cbrt.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\modules\_typed.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\babel-runtime\core-js\number\is-safe-integer.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\object-is\index.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\trim-left.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\readable-stream\lib\internal\streams\destroy.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File opened for modification	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\error	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\ast-transform\node_modules\escodegen\component.json	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\ast-transform\node_modules\source-map\lib\source-map\source-node.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\babel-runtime\helpers\asyncGeneratorDelegate.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe
File created	C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\fn\number\is-safe-integer.js	XMind-for-Windows-64bit-12.0.3-202206241736.exe

Loads dropped DLL 5 IoCs

pid	Process
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe
2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2716	XMind-for-Windows-64bit-12.0.3-202206241736.exe

C:\Users\Admin\AppData\Local\Temp\XMind-for-Windows-64bit-12.0.3-202206241736.exe
"C:\Users\Admin\AppData\Local\Temp\XMind-for-Windows-64bit-12.0.3-202206241736.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\core\_.js

Filesize
90B

MD5
d861fb3b00fb776dcb6fc4887c4ac80c

SHA1
8fcd44d9d8fe3703a8bf46e80bb8579bffae30dc

SHA256
ba4cb2dcf8dc6eceeab3abc32113c8638ae91846103d2d4c474b00db4e43c288

SHA512
ed28ca9a537c67b13f3ba920a54dd95d4d8c5b0b8640cbc363871c0c04fb588d9e93ae23d2540ff0ac4c28a4109ba94bd54fe2db64b1c37a99d93ef757eff75c

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\core\delay.js

Filesize
86B

MD5
63aac485c8a03510b81a0a4c2bd18336

SHA1
228e248f7f9bce1c79f1b01fbc1045cb6b399cc1

SHA256
4ef6161fba95bdc34b0fb5945e5b3f1355970f8313ac674844399f655e6c0749

SHA512
abc27628797b3cd178f5cf8b0154fb9462300cb9f8f8f2bb423f4591d13d650a9f03c1df3365736897ee1bdc5f18330cd14b38a3eb54f396ff027af624cb8961

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\core\dict.js

Filesize
84B

MD5
feba9cdeebb0c7261fab886a8170c624

SHA1
84914f9f137bc04a4752ee4cd07eeafb96caabc2

SHA256
304a950897124b7b29258e753a93b4b210ac81bbadb56430456ba13fa92bc63a

SHA512
6ee04f9a3a737ef0164fa64cb9da3ac7bedb21c62f48279234ee0e9239e018b29d92d2e9841e4d914d23aa7f6f9b93b886cc6023369e6066910e95d4707af210

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\es6\parse-float.js

Filesize
96B

MD5
f97592318c11d79ac384a28eb3373eda

SHA1
01735a2d9abd3d186c33628d650032c8bd975118

SHA256
23ffcf84d3fbb79d648aa6aa81630770167473eb37b6793d954e72a1ffd3f5dc

SHA512
7d475bccd7457cda247ee8ab41ea5b91c97537ef9122c872b9309adddfe634b2f32f5913668bde13cf24286691317d8bd3163333970e85c6a739d9864e45118e

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\es6\parse-int.js

Filesize
92B

MD5
e9475584baa3e867e8bd82b5149bc3aa

SHA1
76db73513547102678147feb20c7ba6cb08aa080

SHA256
1abbde1b0225f65ccee86057a43413a39a8d0afc19c53a68df09ab4d21f0495b

SHA512
161c9df7aa88aaca2f3309fbf73de74abaed4784ecc9e7e30ecb2c19e599e89ba0bf271a5e9f93081d9121ee616760f50b84102dc317fb599dd76a7faa982932

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\es7\asap.js

Filesize
83B

MD5
23332027d2dd56a4d6c979819e53dbf9

SHA1
886a1a46374a861e623fcccfcb0d366195961a1b

SHA256
8b55f5c7192f9e924ccb0b2242e0eed768edb5fb82a84afa99dd17c2329ae785

SHA512
0cb0292f95a6405cb7dcc353827a20d0dd487ff621109bc2d3f47ce63962c82c5d0e448f8f29ce6e447e29f49d8120ad7c7858fdeed4f72cec110fb82170df38

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\es7\global.js

Filesize
87B

MD5
8b496bc0ff982b0ccf81f5842ad9c525

SHA1
44f4d9111918bb8870e9bb1ea3d3646036704bee

SHA256
ca93cf817b932fe1b63ac6893032c909a18044af122f7e33edd23baf0f990b2b

SHA512
efbaeb94d885aff7c0dd42ea0e5fa42ef1bae612a68165315a5292b722fc62bd22df5460e62e67e281465faa87f481ec6c2b34b82f042ed4271a8d8a7fed42b3

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\es7\observable.js

Filesize
302B

MD5
2f3b12af0c02ed1a6e3ffc65938a2ff4

SHA1
52bf2478fdaebcef1c6175b92bc86dcd8bb7ca91

SHA256
f9e31ae42e64925f52e8c1fca5d076f0e5be5b569f58175547f2d3f10e4798b0

SHA512
cef46ccb458a7260fa617834dd3a9a0959e32dcc9b8404877d7bb414798d83cf010ae776136e54cca967ec2580f9b2bd15e01f258b8e4b41afd0fca5d324acf3

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\array\iterator.js

Filesize
107B

MD5
8af75261a9d4acd038eebe3e14f3e4c0

SHA1
ed8f2bf8f0494b0d4e0c48253794f2c5a1b589ce

SHA256
69882a5b076557ee650eda42dd08bf78af5d2c8e01c1b088f80a73a01e2662b0

SHA512
369fea607683418b3ed0be3eb275aaac870d81a7b3ca1420e0f2342cc10acc2ea2ea85835a9bd3397a9098b04692b51eeca6b207e04dc924d18d8762a0a95912

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\array\virtual\iterator.js

Filesize
111B

MD5
1dcae10ca0ff8eb66e087f2e4d7f965b

SHA1
39f0c9dc16b79ab1ef17a4294809f2b9e6c48979

SHA256
20135e71d292926d9eba2d671cc2640e5d8c30f0d959192205baca226aed6d6b

SHA512
b79bd8602aac31b6148b3c0417952fe3810c172ce9826852720314b662804258f76dfca45fdbf815d13e49e27deddea4d538543d9ccbdbead93993f72efe6be9

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\trim-end.js

Filesize
114B

MD5
8d512324b9d6076af859b59db71d9cf0

SHA1
de59c3f523cceabea6f82661084cff2ee4f26de5

SHA256
90f0b9b385056e6ef1f835e61ae9b570eee316996c25e9475de05868c7a5643a

SHA512
7279f6bd08d3ffa9fd15b5394ee6c7e365fe5e03c5c6760d0c3e9992e4f62d162ac9411299a26232bfcadb7af0759b5de343d77e9ad12b480ee30126a064c2b8

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\trim-left.js

Filesize
112B

MD5
c20d7e5fe76586da1ca03eb874dadcfd

SHA1
005ad020f1f4eed2f58d3d45c6dfecee9102a26f

SHA256
01ecb3f44047f84ae19e19cb04fbb1981858a76f10e31c8348aea5d50733e9e1

SHA512
d7ac9e9016d6fd72574b1b926e58931978c776fb7d9a8f9bdef8c010d66efe20d4455b49447534c0d62746544f55d18f9c81dcf49cbcb91f4419ac490704c7ef

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\virtual\trim-end.js

Filesize
132B

MD5
12c991cc36c539d9bff707683095cc51

SHA1
78e99892601b60b7ba2d6eb4f7215321a1bd2a5c

SHA256
8d2bf543e52a43287fe02f0629594217a0074f4f33316acf9357e2ae6da4c028

SHA512
7e813177c98b003bea79c788d57beb1fa2506076a5a9361d9b72adb096ae9396e7275f91d084802916454ac94bddd842649d6e7d56416635a2ead3d6de03240b

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\fn\string\virtual\trim-left.js

Filesize
130B

MD5
1ddc49fc1cb2ecdc2bdabdd87203a8a8

SHA1
392ae1870d0e5f5e63b8ce5dcec3f9ece242065d

SHA256
d77989a2bb34e82a0385b08e4228b303cadcfd1add1a0fd3694d8771f8b56420

SHA512
efe1a445197e53a7b73c2df27303693246755f21724cd3a4c9c2a581873faf0e468fa0209ec6d86d9bbce38532cd22d054de1c74569728da9d6682247b9df6b1

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\core-js\library\modules\_regexp-exec.js

Filesize
9B

MD5
8733db8bb02cf7abd5d7d07601acc332

SHA1
9f8c54fe2dad4a5f9adbac98d1f814b1a6728bec

SHA256
909c50607a29630c8b3ba42ccb712816ced4a96ad97d346cab88e3b0ebfc02a2

SHA512
912775ee690a8850d06086fa3a000af67c38687d587972d021ece658f6e663a43bed3c0f6b88243b1ce211dbff6be1337513fca4778909a464f0293f365bf9e7

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\domutils\LICENSE

Filesize
1KB

MD5
d5b9cb3bc7f6ffd7bea8661f30447c11

SHA1
a4b5765e26b195e972e961e2c241a54eff51dafb

SHA256
cb992345949ccd6e8394b2cd6c465f7b897c864f845937dbf64e8997f389e164

SHA512
ea3679d79a1a7161ff68dd4265d7e89b9ee2bfff4f32d8da4802692d6fdc5c1706ff9edd5dce36ad4e88f7aa5f76061cf4cc8794a010efbf39b5bcb1ef08a550

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\estraverse\LICENSE.BSD

Filesize
1KB

MD5
e74cede38e957fe3e525b0e53a510bcf

SHA1
e74ff75ee8a455b69f308ecaeef9804e6c9c8fd8

SHA256
0e74697a68cebdcd61502c30fe80ab7f9e341d995dcd452023654d57133534b1

SHA512
60a97bf6c9abdb4bdd20a0b2f9fc8ffb3b1cc901f0caa0cc34464ec152c43a343123182db35cf492506b703b02211d893eb701d349e19bc6c2cf8eee0b1db848

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\ext\.editorconfig

Filesize
288B

MD5
d0a659a1700857990a78667d6afa3fc0

SHA1
d45f7f68b281c0fdb09fe3eeb23d5b5f011ce0f8

SHA256
1a8d6feac06860df9742d39a173e76557ed4b85254ec67d384c77d187f1d6a17

SHA512
531154a7723ee71b98832ac8dcd1abc6dd4f736da0a66a5c5985e32e07fb0c4287cbfa8230de3f02eb823ab9be5b39e2a28191395904c8361aa15922bdb170a3

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\has-symbols\.eslintignore

Filesize
10B

MD5
0549babc2213b12c788bfeb5c47cab97

SHA1
8525adbdf9ac9a497e638cc69cedd64804151830

SHA256
5c5daf48fdf4db42e16c29b5b3de54984bafe0c2ff367a186ca97f1d4ed48290

SHA512
54b84472aba9dc81d7b5924fb74ed962803d24d463cb58e153f354e35630e04f2613279aff3fba6f0e612f796108ed3da638bd134047d90dda0d775cde2f7306

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\has-symbols\.nycrc

Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\is-regex\.editorconfig

Filesize
286B

MD5
6e089132bbc839003220249f345aaf01

SHA1
b613101963356bfaf6118fc55cf67bd5f5567303

SHA256
0a73be687a86b6f0e5494b1be555fcfbb886108794948837170c28f18820aae2

SHA512
803de242d802ed98054bdee9c99a91d053e330dc9101f6adf1d8a96d22f6f22889e81d4c3f974378361e1273f9b18313cfcc21408937139be5b64da473224911

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\minimist\LICENSE

Filesize
1KB

MD5
aea1cde69645f4b99be4ff7ca9abcce1

SHA1
b2e68ce937c1f851926f7e10280cc93221d4f53c

SHA256
435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b

SHA512
518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\object-is\LICENSE

Filesize
1KB

MD5
d22b3eb619d81197fd4f3ca47c2c1ea5

SHA1
cecc49e000ac69f8dc602f6967a3d9df155285cf

SHA256
dc0fe5a22d9336f345ee984f9bf56f11f22877a3aa5fd16a1db9a8ca0e23a5d1

SHA512
54069fc3a9f8378d57bc0b11fa7fa211daf4cd320435af21ca6514b4b19166d340133aca36ec253dd1bfe175532bc6e08e138ba72dac391269fd0aa8a512be62

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\prelude-ls\LICENSE

Filesize
1KB

MD5
7733af876e78a187f3a51e7c276ae883

SHA1
7bc795bf398cfa51e99e85dc51931c3b0d1b5a79

SHA256
b9eb082c39fe245e38793699074c394c43a722c51fce031c3c165cb92a31035c

SHA512
164ca6658b71df6f4298868edc777368767a5ab2f90598ff3462d655a33a4ee36fb1b61c0674e339de98cef8ba9497cb5405b4a091a197c98af442882e8a580e

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\regexp.prototype.flags\.editorconfig

Filesize
276B

MD5
21da6a90c8609948afe0be1430baa42d

SHA1
41dcc6e5dcfee2cc601b47fdcc716306ccf8f0c4

SHA256
ede54e8b6b96147c61efd0ddc56d3683508a26066a8baabd63673d2779a06f23

SHA512
a77e4ed2536be5bf0085ae0dd5d9ecfd9cb7fab57564bc7a7df49572b95447313e5b7cdbaf2bb406443ab6219e4a0a76e3c9cff7867151af22066b69d687199e

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\scope-analyzer\LICENSE.md

Filesize
628B

MD5
8dac565a09a15ba65bd1f95a4abc0644

SHA1
c20c5efdcff19323246abec5e2b941918fda7ff3

SHA256
7eb14a7bb0599785afd77bf111ddcf81ae619aaa4fff9fcd0562a12744ad9d47

SHA512
93beb653764ac0777d3c9c080c3a762420d54a41f61e2594eabd11e656daea242c3bb1f05be32f529b5646b9d5950f35ba69c8d1379298334738ff3461e2d562

Download Submit
C:\Program Files\XMind\resources\app.asar.unpacked\node_modules\source-map\LICENSE

Filesize
1KB

MD5
b1ca6dbc0075d56cbd9931a75566cd44

SHA1
914d42b13ad394be4aa75b4d93fde94b1e79cbbd

SHA256
6cb0631f71c7749763fd3dd1d5bee52dd1070ec17f2edc1710079ad070bd2fbd

SHA512
6b8aae75aeaa2150548d86f1f0025cec9ddbc7dfa3c1f51e87de87721ec64ef31b60da2b04871838ca951cea1bb83af0dc518ab16d08e5334119d12aef4de27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoA323.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoA323.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA323.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA323.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA323.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA323.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA323.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit