e1cfebcd1cbfb8927441823c7d1b3480b536b54d2130c14d77ea82bda32729a4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-fr
resource tags

arch:x64arch:x86image:win10v2004-20240412-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
23-04-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpineGame_x64.exe
Size

57.3MB
MD5

fe621b19391699b8e625b561a09dac17
SHA1

62cb031b458f70046df8364f5480641bf89c8266
SHA256

e1cfebcd1cbfb8927441823c7d1b3480b536b54d2130c14d77ea82bda32729a4
SHA512

dcc069d20bae30ea4d7ddab42c3d8bfe0e581dbd3f21cfef5a069f4e9f2e9786e93d4a09683b2cdc59876907d636f95e9849e87be5a203a6f49a886e2f7e4f17
SSDEEP

786432:XMguj8Q4VfvVqFTrYCgCmxlrBl3wT3q0mGIan7awETWyW:XiAQIHVkH+xl0qD3jrW

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
4820	SpineGame_x64.exe
4820	SpineGame_x64.exe
5960	MsiExec.exe
5960	MsiExec.exe
3828	MsiExec.exe
3828	MsiExec.exe
3828	MsiExec.exe
396	MsiExec.exe
4880	MsiExec.exe
5264	SpineGame_x64.exe
5264	SpineGame_x64.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
115	5772	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\json-parse-even-better-errors\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-json-stream\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\path-scurry\dist\cjs\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\CHANGELOG.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-ping.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\README.md	msiexec.exe
File created	C:\Program Files\nodejs\npm	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\diff.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\lib\run-script.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\mod.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-token.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\rebuild.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\run-script.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\core\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cidr-regex\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\name-from-folder\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\convert\xml.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\scope.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\is-windows.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\exponential-backoff\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\graceful-fs\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-core-module\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\negotiator\lib\language.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\RGI_Emoji.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\npm.cmd	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin\node-gyp	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\explain-dep.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\protobuf-specs\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\foreground-child\dist\cjs\watchdog.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\is-package-bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-search.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\src\layout-manager.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\index.mjs	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\which\node_modules\isexe\dist\cjs\win32.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\set-envs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@tufjs\models\dist\base.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\CHANGELOG.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-test.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\display.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-update.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\set-path.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\protobuf-specs\dist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-retry\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\package-spec.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\package-json\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\foreground-child\dist\cjs\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\workspaces.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\env-replace.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-license\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-adduser.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ip-address\dist\ip-address.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmteam\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\lib\depth-descent.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\errors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\lib\content\write.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\esm\bin.mjs	msiexec.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI4590.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4F76.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\SourceHash{637236E9-EF59-4F9D-8269-3083C1A6C6D6}	msiexec.exe
File created	C:\Windows\Installer\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7619.tmp	msiexec.exe
File created	C:\Windows\Installer\e584459.msi	msiexec.exe
File created	C:\Windows\Installer\e584457.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI789B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e584457.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI45CF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4D81.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008b5ebddfef16308e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008b5ebddf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008b5ebddf000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8b5ebddf000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008b5ebddf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583672011443977"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 30 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Version = "336330754"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\NodeRuntime	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\ProductIcon = "C:\\Windows\\Installer\\{637236E9-EF59-4F9D-8269-3083C1A6C6D6}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\DocumentationShortcuts	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\PackageCode = "AC6AA920FB9737143A7998E5BED98A71"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\9E63273695FED9F4289603381C6A6C6D	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E63273695FED9F4289603381C6A6C6D\SourceList\PackageName = "node-v20.12.2-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E63273695FED9F4289603381C6A6C6D\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3288	powershell.exe
3288	powershell.exe
1712	chrome.exe
1712	chrome.exe
5892	msiexec.exe
5892	msiexec.exe
3792	chrome.exe
3792	chrome.exe
3984	powershell.exe
3984	powershell.exe
3984	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3288	powershell.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeCreatePagefilePrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
5772	msiexec.exe
5772	msiexec.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 1280	4820	SpineGame_x64.exe	91
PID 4820 wrote to memory of 1280	4820	SpineGame_x64.exe	91
PID 1280 wrote to memory of 1332	1280	cmd.exe	92
PID 1280 wrote to memory of 1332	1280	cmd.exe	92
PID 4820 wrote to memory of 480	4820	SpineGame_x64.exe	93
PID 4820 wrote to memory of 480	4820	SpineGame_x64.exe	93
PID 480 wrote to memory of 3288	480	cmd.exe	94
PID 480 wrote to memory of 3288	480	cmd.exe	94
PID 1712 wrote to memory of 3804	1712	chrome.exe	98
PID 1712 wrote to memory of 3804	1712	chrome.exe	98
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 2096	1712	chrome.exe	99
PID 1712 wrote to memory of 5108	1712	chrome.exe	100
PID 1712 wrote to memory of 5108	1712	chrome.exe	100
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101
PID 1712 wrote to memory of 4752	1712	chrome.exe	101

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\SpineGame_x64.exe
"C:\Users\Admin\AppData\Local\Temp\SpineGame_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "hostname"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1280
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:1332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -c "Get-WmiObject -Query \"Select * from Win32_CacheMemory\"""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "Get-WmiObject -Query \"Select * from Win32_CacheMemory\""
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfb56ab58,0x7ffdfb56ab68,0x7ffdfb56ab78
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3560 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4972 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3216 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\node-v20.12.2-x64.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1908,i,3145563654140329589,7008590753331470359,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2376

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5892
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding C3592F17955BA3618003D5CD6647FAE1 C
  2⤵
  - Loads dropped DLL
  PID:5960
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1804
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 71ED35664574B239B3BBED65474DEC3B
  2⤵
  - Loads dropped DLL
  PID:3828
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 45BD2E73A80B25BCC11F0E51862C7BEF E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:396
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D5A4384BDD06BA959B5ACFAA7AEE118C
  2⤵
  - Loads dropped DLL
  PID:4880

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\SpineGame_x64.exe
"C:\Users\Admin\AppData\Local\Temp\SpineGame_x64.exe"
1⤵
- Loads dropped DLL
PID:5264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "hostname"
  2⤵
  PID:4380
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:4892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -c "Get-WmiObject -Query \"Select * from Win32_CacheMemory\"""
  2⤵
  PID:5740
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "Get-WmiObject -Query \"Select * from Win32_CacheMemory\""
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e584458.rbs

Filesize
823KB

MD5
d1fee8fea681aef475708c1a0b3a14b1

SHA1
b5861ef97e93046780603372e238e5722d5eaad0

SHA256
fd938731f5af6ed9e28f17964f9cbe65546a7fb1d4ce08da19826bcd572264eb

SHA512
6676cb700b1496a2e26f17195d01c004b1fe4d843770ed1987e5d8e0e307027d9862a78c0819012f858cfa32579033b9ec8e078c5e100a0e44483691ef56a578

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\tuf\LICENSE

Filesize
11KB

MD5
dfc1b916d4555a69859202f8bd8ad40c

SHA1
fc22b6ee39814d22e77fe6386c883a58ecac6465

SHA256
7b0ce3425a26fdba501cb13508af096ade77e4036dd2bd8849031ddecf64f7c9

SHA512
1fbe6bb1f60c8932e4dcb927fc8c8131b9c73afd824ecbabc2045e7af07b35a4155a0f8ad3103bf25f192b6d59282bfc927aead3cb7aaeb954e1b6dbd68369fa

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\verify\dist\shared.types.js

Filesize
79B

MD5
24563705cc4bb54fccd88e52bc96c711

SHA1
871fa42907b821246de04785a532297500372fc7

SHA256
ef1f170ad28f2d870a474d2f96ae353d770fff5f20e642cd8f9b6f1d7742df13

SHA512
2ce8d2cf580623358fef5f4f8925d0c9943a657c2503c80048ca789bf16eacdb980bfc8aaaa50101a738e939926fcf2545500484dcad782c700ee206d8c6f9b9

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\license

Filesize
1KB

MD5
b862aeb7e1d01452e0f07403591e5a55

SHA1
b8765be74fea9525d978661759be8c11bab5e60e

SHA256
fcf1a18be2e25ba82acf2c59821b030d8ee764e4e201db6ef3c51900d385515f

SHA512
885369fe9b8cb0af1107ee92b52c6a353da7cf75bc86abb622e2b637c81e9c5ffe36b0ac74e11cfb66a7a126b606fe7a27e91f3f4338954c847ed2280af76a5f

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\env-paths\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\ignore-walk\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\commonjs\package.json

Filesize
28B

MD5
56368b3e2b84dac2c9ed38b5c4329ec2

SHA1
f67c4acef5973c256c47998b20b5165ab7629ed4

SHA256
58b55392b5778941e1e96892a70edc12e2d7bb8541289b237fbddc9926ed51bd

SHA512
d662bff3885118e607079fcbeedb27368589bc0ee89f90b9281723fa08bda65e5a08d9640da188773193c0076ec0a5c92624673a6a961490be163e2553d6f482

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\esm\package.json

Filesize
26B

MD5
2324363c71f28a5b7e946a38dc2d9293

SHA1
7eda542849fb3a4a7b4ba8a7745887adcade1673

SHA256
1bf0e53fc74b05f1aade7451fbac72f1944b067d4229d96bae7a225519a250e4

SHA512
7437cf8f337d2562a4046246fbfcc5e9949f475a1435e94efbc4b6a55880050077d72692cbc3413e0ccd8f36adf9956a6cc633a2adc85fbff6c4aa2b8edac677

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\index.js

Filesize
17KB

MD5
cf8f16c1aa805000c832f879529c070c

SHA1
54cc4d6c9b462ad2de246e28cd80ed030504353d

SHA256
77f404d608e2a98f2a038a8aa91b83f0a6e3b4937e5de35a8dae0c23aa9ee573

SHA512
a786e51af862470ae46ad085d33281e45795c24897e64b2c4b265302fa9cbfa47b262ec188adbc80d51cfc6ba395b500c0d7f5d343ca4fc2b828eaedba4bd29a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\index.js

Filesize
15KB

MD5
9841536310d4e186a474dfa2acf558cd

SHA1
33fabbcc5e1adbe0528243eafd36e5d876aaecaa

SHA256
5b3c0ac6483d83e6c079f9ffd1c7a18e883a9aaeaedb2d65dd9d5f78153476b9

SHA512
b67680a81bb4b62f959ba66476723eb681614925f556689e4d7240af8216a49f0d994c31381bf6a9489151d14ed8e0d0d4d28b66f02f31188059c9b24aaa3783

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
1c1f6159630c170b596af7c9085f8bb0

SHA1
ac26cfe43e10a9f76aee943f9ceff3dc77df29fd

SHA256
61403502b3d584ab749a417955dda3d6c956e64109cc4ac4e46e44b462b7c4f0

SHA512
f93d2e86c287ed4e50a0c00bcd9594c322cfbd0507bbd191d97c7dd2881850296986139df9580ba1bbaae8abab284335db64c41f6edde441e34fa56b934c3046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
ddc479d21c448dfbcf2f85fe1e7534b9

SHA1
d2b4da585aea51fc5fb2c347f7272627ca0baf31

SHA256
bbf9ee059bd896cb6b041ae66e3e04613f8edf7928a75d1798e2a6c4c0d24ae3

SHA512
880337e34f966452886036fe2570e1bef26bd629ff3918a1140240c4d2c54a03034cf313d058d7d25b201860f1882d558eb84a749625156959a95ed63863b46e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

Filesize
727B

MD5
f6cec9b9b11aabd0e8a100dc8114663b

SHA1
ef9a6661efab6189039d2d732b77892a8624d8e8

SHA256
11d25f2a89fe83ea325b1a1625b2e64896a2f115d02ff09c6f5f35a0cc431a05

SHA512
445f97f0a9468b3587020a4d99ee40f37cd7202ff65d327327ec04eb5195aa50636f40bb33504f058850e19eee1c5fc17ec8174870721cd4a04bb468ed5b16bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
5a2f55932a33a33eb8a332f8d9a633c4

SHA1
132a352b4a40c3ed0452c2388119524a9874c9d0

SHA256
666a6c6c02f553c7b188feec8ca392314146ca6dbc1f7dc9050d47d3585837c4

SHA512
be18e8372bb88a4318e65b682c0714b2a9790bd21ae4d6de280351b954c535890071495f2990f4e5807ed2fd83aa9b5f33beefc85035533ec9a3cfe738122be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
0a9ce96124ac7111d937391d39b32dcb

SHA1
2a1ac6eb7e61c05ae7e139381a8067ecd7633881

SHA256
8fe0291780e3eeb15db9c063a8bdbd51e36ba74ea786ab62228b8e9187dc9e73

SHA512
56d9febb1f78a2c8647ea51e4cceb9837d7629982fc68dbcfebf067ac744b3f764a26adf7924fc49e226548d1dde22d62b94b33973a311b9e69d5b5c2abb54ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

Filesize
404B

MD5
79327ba1041738469da8d539d79f348f

SHA1
694fda6289329e6eabae0a3c6fc5d3dd1343d626

SHA256
0e11b02b72fd8dea3b17735222d02f393a4849cf893c628f1bd622f713b3aabf

SHA512
b1f4f7d6a88f4da60e5d3f974b7aadce365d97f946d6ffc5eaf45df5778d6e6ca89cffbc6a9d7ad7f30b8ffa0da455f95b9db85f48da687cc819a3a95c002af4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
075078d9fa4cb39292ba1f375295adf7

SHA1
e0bd985f3c8620ee63de101b9b728656fdd088cf

SHA256
5b0c004a7a863a534b178da2ad6c39e994a2ef91121215dafc9d512a41a1d87d

SHA512
3433dcfe4028c419f43083d66c1061599f0c3a4ded12f9ad6a87218dab8cbe39cccd4422d0a403ddc14c54723d58c0bb094ebef60283a4aee3b10a2af906e549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
5c5e02ae9688e39921aa6e5a546d117d

SHA1
9fc945416a7348b5c4132fcffac9e894ed839e6e

SHA256
f8ebd7d9023fbc7f3a889c616d9d133eab290da3fe5dab6d3695e5609236f248

SHA512
f2c14affd5ffd65623e9bdb673c35c3c7c0c91a27bf4fc6b1fa791d6249ef88a9a9dff795129716f32f51d08990bf03c21b06360b9635777f273a059df16723e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c4fbb08c498af690b2b3ead889ed9463

SHA1
ebff14c436a5b5bc4c600eee3fbfc2b18d36c545

SHA256
81ba5deeed32fc0079a366d7cb822f3dd6ba08a3edff57a3af796369167f582d

SHA512
3f0830ddb601209ec6e1f52ff2956b4134a698458312827d1eaf19d8b2a36ba50946271b69c1c73663bebc5d94578e73fe4ad3fed342195534c302e8b7aa730d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
978c8ddf3ef673da11c0833f8a24cc5a

SHA1
d91d647bc44a14fa901142ed136a1d7a033268c7

SHA256
bcc29d380c14b7a6dc19d6dc07fc0b3653b4f67ccac924f09441a8c703ce3108

SHA512
5fecba0b62f386be5d842c35daf7244bd33964c9869c3ed370b6d9db80a8a38ecfa1a8823c31d5c96f82e0a0b04050c5d28e8fd54910060f8d9a595781958964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
cdf8cb23fcaa103d0fc79e060c07962e

SHA1
749aa65f79eefbbb2b088c3ffeac6ed222d95d28

SHA256
a4b1fd6cfe3924efc47f24b796fd039dbee5359c584a2c652fe4e07700b5f3a7

SHA512
c82348a4f7923230fd7e0899af5ea0f6ddce988bcdcce89393859172067ace1ce82ec6ca237528abeb2656b6cc80ae940d8d697bd928bd04ce780ec78b66c486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
c520b154e6fe9c28c49458f765eb2562

SHA1
f87aa3b4ce8f70fa290748fc15024f764067fe8b

SHA256
df675c48e2fcd146ef788d323fc2dc010dae8f6f58f0ec7598b95de7a8c42aa2

SHA512
726e4c20f01916e107ce083c3ecb7ab14847c6cdc27e8d4e37460bd0ee9af6c87c18cc8efa061d623b6bc386b5aa90f17dd09d72bfbc7e4c2d8737d09d9c7937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
fe3fb3ce1216a3244b8a1632e5fc34e3

SHA1
bf4f07dfa57d1104108160f5bb705836499fcdc1

SHA256
62dc46aa27410332b1649b0e176a703fca878811803c1d886479d9aa4dacdb12

SHA512
e99039ceb2b720b5d5dfa4fc05de3ba13c7b3674c0b861ce09b066df53e6cbe3fb23b4c8f1f23de1f777e9f0ab961b5330a8a71e3697c56e7d89fbff3e36bb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2e6036b0e641808ad84cf47654afe7c0

SHA1
d6d1a202cb5de819e5c1b14af46ff5b48545f538

SHA256
293f18e3beb202d00eea5a7b198a4a5c09b0896849fade021ed6a2e1900e5241

SHA512
74ef8515b900493c512598e076a97eef5b039e490e0d37caccc9bf8d1aa3fc3c271973329b56f2b710d530e0fcd5c77bdd1a9b33f0564cfb374ee0ff3bfb1842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d0af64981a91a57481b38a8711cbda4a

SHA1
bf7527ad93113f9fe6e24eb33c65d17339f1a9f2

SHA256
b95492120ffbcd3a01aaa28d9f868f62b23549e03d11657fadcf57c024b19c71

SHA512
04c6328dc146399c7f36bcaeea1cb88a4776d141f9b8e4daab43b31e3aab9329f2d0433334b3af0563591fa9b8606d67e8b85996e64cf72a455956cc9ef327ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
53df54f27baf56d3b480ff8ca85ac295

SHA1
808cf3b3fc999e705dc48519fc424c977f5059b2

SHA256
cb272d5d49ab2bb1c4a7af5c560cf1f8b5adc6edf6835b8c327d65f45ce56ffc

SHA512
95efd8fb7ff8d68e1de4c0961e4d448f7aad3e89e73c1de8807accbc06360bdbb63d07c1d1519984964dd04afed9644f8c2d7787278ec1cf841a8ced2d345741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ca21bd572626ebf8b6bfd2d5f053062c

SHA1
48d25b516060f469c4fd0856335b8bcb5050e678

SHA256
1a5c63e3a397006b68b10f7c524a26f27a362ef732716687a26236f220b5cded

SHA512
ec02218e986286dd0cb063bb79c03f4f83aa272ee2cf243fcf582a092b37c559bf92533ce77b4978a36b41b367447e34c82f4f270418898d4edac32744e25bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ee218f459ae012fa2cc6412442c322dd

SHA1
ad9c4e185ae6648fbba3efbf3d848be16350535e

SHA256
fd3bbd4898eae417d09119ae45ddd4d21d2cae4d44f01bbb3869df51a8cd90ff

SHA512
ebeb40919b58269320ad7db59188356903919bae283e18de22cde01128854b817fad3c1caf7ba3d64f3494a8dd2ec510a8404b548ef6a120e7b210b6da2c7f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
7d80cfd592838b68ac9efdee02342d4f

SHA1
316d2ac3db7e9e180a74a723703214c2da2d27ce

SHA256
514cfd4da32db49a2b9d29ec660f34ad855a9fda5c732598a6d9f321348c0654

SHA512
ed8e3a5cbe022c1606c30841038cd0081d50d9b78271fa35ff5bd0da17b57c5847e1a568dbac539d4fa96774c673dab9fc142da9e47789c2a0b2a40161ac5b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
ffff43a998c90cbae95957dbfd31091c

SHA1
467fd1d6e034b783a756b214cb4e3b5a81eddf0b

SHA256
525063820d8b6c8d146a086f48025c6248ffb70bfcb8e44c49e551ed4df921f1

SHA512
371aee33cb4d9f558373a391f2b61d68e4277ecaeb60c92b35664e94f2f56e9f2a7cdf2406ad725ab25729974ed793e6498f3a9f27d862e9f26ca95a5c444d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fc90.TMP

Filesize
90KB

MD5
65fcb124d25b03ae4a7819c660d4e2dd

SHA1
08c605e97e6ace007f4ecffd9900d7eba557c18b

SHA256
d2953819bcb3374a2f0af2fbca0733069b155fc50392ad70d82b3d2c22b18840

SHA512
190259e624aa4038799030d9e1214e1f6d9414f1b7ef26fdf8d50abb0c862fa17b580d7eda8c3f621b4e488cbb35ece01db141f0375b42a423731f9d1ac51a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID958.tmp

Filesize
125KB

MD5
a6c7f0c329b28edb3e7f10d115d85c6d

SHA1
f36faaf4af452ab0bcd30ef66de7291bcee21264

SHA256
8f2e81c6f8ccd01dd1727cf93b82fe35b3abb8cf1ef3045dcd6cdf3346a59d03

SHA512
d7fb6997c9ff0dae74634422b8953a276604c0aa27b1e8d9ce4c87220fd469c6eecac6d86da857ff75378c535d2a684b4a120927c62f5267f1bd4dbdc05a72cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDA44.tmp

Filesize
390KB

MD5
80bebea11fbe87108b08762a1bbff2cd

SHA1
a7ec111a792fd9a870841be430d130a545613782

SHA256
facf518f88cd67afd959c99c3ba233f78a4fbfe7fd3565489da74a585b55e9d1

SHA512
a760debb2084d801b6381a0e1dcef66080df03a768cc577b20b8472be87ad8477d59c331159555de10182d87340aa68fe1f3f5d0212048fd7692d85f4da656f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h4xquk5d.ve3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg-caNI6x\3cb442a7039ddcad2aac3f8bd5bfd6a4f9ff253ce47c1616b3a4495f11a5d0b9

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg-caNI6x\59b07c111ff3cdb6a2d6d93c23513b9ec89195f53f0a55a3a7769a9f164e6041

Filesize
137KB

MD5
108440900bc61220e09bb1d0a4102b9a

SHA1
841697d9325d35df5fec9e607eebd40f16690e3c

SHA256
0de74a34d95a30eed84cdf31f0dc5868c59b7977d3d496845c9363812235b768

SHA512
cc9a7c732c8fe4864c72ab650abfebc8264ecb7b38ed2a6875e7dbe2da4fd0a80ce894767af07b2b16f24575ee3435a261f899e4c1b63e01e4e3d94253e244b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\LICENSE

Filesize
1KB

MD5
79558839a9db3e807e4ae6f8cd100c1c

SHA1
ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2

SHA256
7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c

SHA512
b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\README.md

Filesize
11KB

MD5
c36e5433caf9c2c42c4ab89038a3921a

SHA1
8189c05f4a0842f510eb252d5fcfe829e5a60cd8

SHA256
4284c6d885c5716fdf709dbcf3a74c48f0622d9693afca0ba44686678bd729ac

SHA512
5144a68839d96e39836e9556ed31f85a69f3385e39ed0edb059e317a87efeacf5e8da2b5cde438f3dbbc9c740d4495d5f4c606894b8cb95e9c841c27a8f7c6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\binding.gyp

Filesize
1KB

MD5
c15ddfb3a6b52dfb1296423cd1742b79

SHA1
5974a5e7b7adf82c77d5ac39658efc92c95af51a

SHA256
82567c55bb0ba88de564bbc66e7e4557b1747caff6bb950ce568c87f73050e8e

SHA512
35bc7f00b8663d6fb18341d461f9031b7fee823cee87dc6ac6e1926be31db0503b1e32b5a6f08754194b2fa97207deb774b41322d7ff6dcbe0f3b9b73a5aba5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.d.ts

Filesize
6KB

MD5
ef8ef3bd8e4332d3fc264f0adf877b8d

SHA1
7e4d52f5e397ed1d51dcced24ace9a5e00f91500

SHA256
a39db87a3a3aa954ac3f6553b9fbfc642eb22bef7586cc1f0559e676aa073fa8

SHA512
5e456ee839f988fed95f816278a3da6998c8757403b98351c4bc26ca197146747b7a20e0c1a702818053547c4d9f9bcf9607bb778c88ca7cf22f21d9c9b4b091

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\package.json

Filesize
2KB

MD5
4092df8ba917fc1f5c1a894e82dbcda7

SHA1
64f6bd61b1f5add58797b1cb4b7f2c4f0209ee93

SHA256
6e76bbf0929f90c0fd803b4a5c920d2a3895d0d6d5f21aaec2d581ef55b54854

SHA512
878ab30b2a488caea72a0ebfdedb6769a84726811cc7dcc3723200244d2348ff525644637fd7a5517c4a034b19a1b4008ae9ae1ec4e8161f3b3092cbf5a1eb6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.cc

Filesize
13KB

MD5
0378851cbf52bbc5bde41bcc23532741

SHA1
ebdf918ccfd19a5b07e71d6e446d203468c32ff7

SHA256
c011d2d4e3ac82c55a8f9a9af39d4adea144ab5f1d2dc259299fbf6107b8a6d0

SHA512
cc7354f3d9a815156c5fd8cd134b61bd398df707a79a3d8d287018d58a9ec326cf0d238138a7dbc2e3f0ab0a6ef8063339b531769e25707263d4782cf88e5947

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.cc

Filesize
22KB

MD5
d3e2d9c6b33e40f55f6e7c8ca338ea05

SHA1
49a0f20904612566ad64b01e4bf32ac36f1e3acb

SHA256
9b799ccdcf9649a9b79d78dcc2882f60e1a9bfbac98949ad18cef97cb433b22b

SHA512
6012fa83d0cd547d8401b8f9342da046e940b1fe135e6fb71d79d80444ba7101ad161a157bf5e63ec8a24a8cf7a48f641de1d4578ab4b49204294f8951030a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\Downloads\node-v20.12.2-x64.msi

Filesize
25.3MB

MD5
0df081aa47e7159e585488a161a97466

SHA1
2dc9a592dbb208624aff11a57f97bea89a315973

SHA256
20c578361911d7b0cf153b293b025970eca383a2c802e0df438ac254aaca165d

SHA512
2e1b58add6a714281f2ddeb936069c0eb8ce24ae2e440941379c4273afd7f1a96b162d5b88211e8678804bad652e48c99a4993e0e0d0da4d1abd7550d397e836

Download Submit
C:\Windows\Installer\MSI789B.tmp

Filesize
341KB

MD5
74528af81c94087506cebcf38eeab4bc

SHA1
20c0ddfa620f9778e9053bd721d8f51c330b5202

SHA256
2650b77afbbc1faacc91e20a08a89fc2756b9db702a8689d3cc92aa163919b34

SHA512
9ce76594f64ea5969fff3becf3ca239b41fc6295bb3abf8e95f04f4209bb5ccddd09c76f69e1d3986a9fe16b4f0628e4a5c51e2d2edf3c60205758c40da04dae

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
1a30c7b70719dade5f5fa59d7e355362

SHA1
9525aacb8a6625c9d7dce158dba198f4d762b1ed

SHA256
e06bc74722b72f56c81bbd694373114d060ee56467a9953018083cd7fd8c62bc

SHA512
b9151f00bf2a931b4ea7bec35fe21a66ef6d36a08150f7d0ba189df2cc3d6a952cd1249f682cbc33c2a7c9454c537e4c476be3b3e25fa4dd2566c6a5f4fd19a8

Download Submit
\??\Volume{dfbd5e8b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f2625dee-a774-4a90-bad5-c5dddf120096}_OnDiskSnapshotProp

Filesize
6KB

MD5
131a925d76e86f5c9b13e7dd965553eb

SHA1
2ff153bce97151b7d9f579b3c142baaf1979ea98

SHA256
66ee3efbae6c85d7256bca70d4deeeda7dba5bd154b4b98640e60e01a6bdd7d5

SHA512
c1d69f5e92368ea044d0a4d57dd49015fc98f428d01ad6058033aa036a8fbdb497c30d1b049c981b1d00486d948b2a94626b8608102f828cac395db0fc32e467

Download Submit
memory/3288-133-0x00007FFDFA660000-0x00007FFDFB121000-memory.dmp

Filesize
10.8MB

Download
memory/3288-130-0x000001A000110000-0x000001A000212000-memory.dmp

Filesize
1.0MB

Download
memory/3288-129-0x0000019FFDD70000-0x0000019FFDD80000-memory.dmp

Filesize
64KB

Download
memory/3288-118-0x00007FFDFA660000-0x00007FFDFB121000-memory.dmp

Filesize
10.8MB

Download
memory/3288-128-0x0000019FFDCF0000-0x0000019FFDD00000-memory.dmp

Filesize
64KB

Download
memory/3288-116-0x0000019FFFF00000-0x0000019FFFF8A000-memory.dmp

Filesize
552KB

Download
memory/3288-117-0x0000019FFFE70000-0x0000019FFFE92000-memory.dmp

Filesize
136KB

Download
memory/3984-2655-0x00000232B24F0000-0x00000232B2500000-memory.dmp

Filesize
64KB

Download
memory/3984-2650-0x00007FFDF5B90000-0x00007FFDF6651000-memory.dmp

Filesize
10.8MB

Download
memory/3984-2656-0x00000232B24F0000-0x00000232B2500000-memory.dmp

Filesize
64KB

Download
memory/3984-2658-0x00007FFDF5B90000-0x00007FFDF6651000-memory.dmp

Filesize
10.8MB

Download
memory/5892-514-0x00000234ED1F0000-0x00000234EDCB1000-memory.dmp

Filesize
10.8MB

Download