Analysis Overview
SHA256
d92446ebe791e563e3db4d04adb539740b37e6b85b29df275c0bc17c9b41a990
Threat Level: Known bad
The file ZippedData.zip was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Suspicious use of SetThreadContext
Enumerates kernel/hardware configuration
Reads runtime system information
Enumerates physical storage devices
Program crash
Command and Scripting Interpreter: JavaScript
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Runs net.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20240220-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\data.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
Runs net.exe
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\InjectToolInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\InjectToolInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\run.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\installer.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\1.bat
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\net.exe
NET FILE
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
C:\Windows\SysWOW64\cmd.exe
cmd /C "C:\Users\Admin\AppData\Local\Temp\1.bat"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\net.exe
NET FILE
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 1
C:\Users\Admin\AppData\Local\Temp\data.exe
C:\Users\Admin\AppData\Local\Temp\data.exe -p"bfeuebfmd9AD" -d"C:\Users\Admin\AppData\Local\Temp\"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wprogs.top | udp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 5.161.81.32:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\mock-registry\.eslintrc.js
| MD5 | 1f007186be8b5260ff53b341af5655fd |
| SHA1 | 1858997a42cea3d5f66c92cd4e2c709a1f96eb4b |
| SHA256 | 191b99c3205d8862bd3a11af48cfe1dd884203817d109e5ca0817a743cc3d6a1 |
| SHA512 | fb3b32d9811be0ee8d27c5bbebdefb70607501157365e9b680ad4eaefb0b3024920d21def3e8c918e718b1b693bd81945d9e680388ef3f076a719f50a5e01ba3 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\mock-registry\.gitignore
| MD5 | 8da13f306c8c0f4f4a32960e93725b42 |
| SHA1 | b9ee3f4a8b64284a8f698206993e4ec2cf83f66f |
| SHA256 | ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0 |
| SHA512 | 59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js
| MD5 | 12148d2dff9ca3478e4467945663fa70 |
| SHA1 | 50998482c521255af2760ed95bbdb1c4f7387212 |
| SHA256 | 1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6 |
| SHA512 | f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js
| MD5 | 7b33dd38c0c08bf185f5480efdf9ab90 |
| SHA1 | b3d9d61ad3ab1f87712280265df367eff502ef8b |
| SHA256 | d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88 |
| SHA512 | 22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@isaacs\cliui\node_modules\strip-ansi\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@npmcli\query\LICENSE
| MD5 | c637d431ac5faadb34aff5fbd6985239 |
| SHA1 | 0e28fd386ce58d4a8fcbf3561ddaacd630bc9181 |
| SHA256 | 27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21 |
| SHA512 | a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@npmcli\run-script\LICENSE
| MD5 | 89966567781ee3dc29aeca2d18a59501 |
| SHA1 | a6d614386e4974eef58b014810f00d4ed1881575 |
| SHA256 | 898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3 |
| SHA512 | 602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@sigstore\sign\dist\types\fetch.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\@sigstore\sign\LICENSE
| MD5 | f03382535cd50de5e9294254cd26acba |
| SHA1 | d3d4d2a95ecb3ad46be7910b056f936a20fefacf |
| SHA256 | 364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0 |
| SHA512 | bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\ansi-styles\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\cross-spawn\node_modules\which\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\emoji-regex\LICENSE-MIT.txt
| MD5 | ee9bd8b835cfcd512dd644540dd96987 |
| SHA1 | d7384cd3ed0c9614f87dde0f86568017f369814c |
| SHA256 | 483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a |
| SHA512 | 7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\inflight\LICENSE
| MD5 | 90a3ca01a5efed8b813a81c6c8fa2e63 |
| SHA1 | 515ec4469197395143dd4bfe9b1bc4e0d9b6b12a |
| SHA256 | 05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8 |
| SHA512 | c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minimatch\dist\cjs\package.json
| MD5 | df9ffc6aa3f78a5491736d441c4258a8 |
| SHA1 | 9d0d83ae5d399d96b36d228e614a575fc209d488 |
| SHA256 | 8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a |
| SHA512 | 6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minimatch\dist\mjs\package.json
| MD5 | d0707362e90f00edd12435e9d3b9d71c |
| SHA1 | 50faeb965b15dfc6854cb1235b06dbb5e79148d2 |
| SHA256 | 3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a |
| SHA512 | 9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minipass\dist\commonjs\package.json
| MD5 | 95b08bc3062cdc4b0334fa9be037e557 |
| SHA1 | a6e024bc66f013d9565542250aef50091391801d |
| SHA256 | fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f |
| SHA512 | 65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minipass\dist\esm\package.json
| MD5 | 6138da8f9bd4f861c6157689d96b6d64 |
| SHA1 | ee2833a41c28830d75b2f3327075286c915ed0dd |
| SHA256 | 6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1 |
| SHA512 | 0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minipass-json-stream\node_modules\minipass\index.js
| MD5 | a8c344ac3d111b646df0dcae1f2bc3a3 |
| SHA1 | d8a136b49214e498da9c5a6e8cb9681b4fda3149 |
| SHA256 | dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c |
| SHA512 | 523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minipass-json-stream\node_modules\minipass\package.json
| MD5 | 1943a368b7d61cc3792a307ec725c808 |
| SHA1 | fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c |
| SHA256 | e99f6b67ba6e5cda438efb7a23dd399ee5c2070af69ce77720d95de5fb42921e |
| SHA512 | 7c05f03f5d3db01798c56c50d21628fc677097630aacf92e9ea47e70ff872d0e4e40217c1c2d5e81fc833ccf5afe9697f8f20a4772459b396aa5c85263289223 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\minipass-json-stream\node_modules\minipass\LICENSE
| MD5 | 78e0c554693f15c5d2e74a90dfef3816 |
| SHA1 | 58823ce936d14f068797501b1174d8ea9e51e9fe |
| SHA256 | a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53 |
| SHA512 | b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md
| MD5 | 1750b360daee1aa920366e344c1b0c57 |
| SHA1 | fe739dc1a14a033680b3a404df26e98cca0b3ccf |
| SHA256 | 7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad |
| SHA512 | ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE
| MD5 | a5df515ef062cc3affd8c0ae59c059ec |
| SHA1 | 433c2b9c71bad0957f4831068c2f5d973cef98a9 |
| SHA256 | 68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14 |
| SHA512 | 0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\node-gyp\node_modules\minipass\LICENSE
| MD5 | 5f114ac709a085d123e16c1e6363793f |
| SHA1 | 185c2ab72f55bf0a69f28b19ac3849c0ca0d9705 |
| SHA256 | 833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39 |
| SHA512 | cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\npm-audit-report\LICENSE
| MD5 | 5324d196a847002a5d476185a59cf238 |
| SHA1 | dfe418dc288edb0a4bb66af2ad88bd838c55e136 |
| SHA256 | 720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d |
| SHA512 | 1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\read-package-json-fast\LICENSE
| MD5 | ff53df3ad94e5c618e230ab49ce310fa |
| SHA1 | a0296af210b0f3dc0016cb0ceee446ea4b2de70b |
| SHA256 | ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475 |
| SHA512 | 876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\text-table\LICENSE
| MD5 | aea1cde69645f4b99be4ff7ca9abcce1 |
| SHA1 | b2e68ce937c1f851926f7e10280cc93221d4f53c |
| SHA256 | 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b |
| SHA512 | 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\tuf-js\LICENSE
| MD5 | 391090fcdb3d37fb9f9d1c1d0dc55912 |
| SHA1 | 138f23e4cc3bb584d7633218bcc2a773a6bbea59 |
| SHA256 | 564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10 |
| SHA512 | 070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\node_modules\wide-align\LICENSE
| MD5 | 9d215c9223fbef14a4642cc450e7ed4b |
| SHA1 | 279f47bedbc7bb9520c5f26216b2323e8f0e728e |
| SHA256 | 0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11 |
| SHA512 | 5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\quant_wavenet_r9y9.wav
| MD5 | 4a1d53e7fd0f268a7fd23fb9b3139ee3 |
| SHA1 | a80942c3cab97ea97b2406fab965bb4b3c16c2fe |
| SHA256 | 7832608e235911200d1c224c201d3aefefe3b154911a53c2507cd83e31447c1f |
| SHA512 | cc00e720b65246bd0ad30dec09a35a5bc0f409645f47d8576649036408a258b7a372c0e4f5f16b222a9965a92cd2dd03fd6f782bec5f1a85438a339c310dfd01 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\real_birds.wav
| MD5 | 0390e78a8086536f56e11b0b40be2d62 |
| SHA1 | ba61e82cce9e0ef301db174f83e94b9244faa799 |
| SHA256 | 9102b9e757cea1fddffd0f82888ff829af7f11f6c522a31939fd54daf0b3aa22 |
| SHA512 | 6182190e88ccbbb060a6779b97e27794aa69252f4196b307165006d57234aeee62283c1cfb41d405847c5079d3828706cab648281d40dafaf9cb10984868b1e9 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\real_piano.wav
| MD5 | 5b88b489ce5a9207f1b60669d32f7a0e |
| SHA1 | d2ba6f65e8091324b5042baefd58bde2177fa724 |
| SHA256 | 216fdaac90960ee05ff540fe214cfdc314b4ae57892437c940eb7b0edb9bc87f |
| SHA512 | df3bf926e4c85adc21599348442b4e8093885030d9dd0fda3ea0a50606cfd1cd805ee89cdd7f43c48863671e68309955fac14e50bb157590e6984a2233333b29 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\real_tatum.wav
| MD5 | f764169bffe65099eda80ace5f90e046 |
| SHA1 | 82bcaec9920ffabc3c6ea08a277511c2e871b230 |
| SHA256 | 88341a5ee3600529b8026d421d2b6004299d9bc3d89bdb3e2a8643cca107f3ed |
| SHA512 | 3eedf74feb8a30e2ddb6767b25580625e7d200e34e8a20a7412bc4e60d8ca5194c7d2436a632cedc676d93841a560bd0de9470d48f6eee4a4ad3b7d5f4064d80 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\real_timit - Copy.wav
| MD5 | 9c82673085c3d170dfa63a6c7be31776 |
| SHA1 | 3a753da6e8fef9a09e841dc2cd1f7d97832dfb65 |
| SHA256 | 0fbf274c9a44e2e2842423bdfe570a5ba7cbd4e1c4ac5446e45c56d022fb1fb7 |
| SHA512 | d42e2caf6b76a715139d7da3e172d1b7abecbc424fe7a8fa4ce4ad371d2c199873eca4882b0f51df81c8c18749d846c887f49d92b4d83ef77708436d83e64638 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\specgan_birds - Copy.wav
| MD5 | 189ae0c626d6d7287e0ffed4389ccb05 |
| SHA1 | ec64c9f7b9fa6d6879793317e8431ac69338ddb8 |
| SHA256 | f43a43e58ecd71a43a1393a6c6a3056228e525963704ed75ae04bd5fbcd2305f |
| SHA512 | 973e344a2d266a1eb1bd848945c3cfcc16e5c4f0aa9e71f6fdfd96b9e7a18cbca630239257bf69b0922dae275e364068609be6d42f6a6209e853b2ff0600790c |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\specgan_drums - Copy.wav
| MD5 | 6eb8849162425bf473a9a86f8765e014 |
| SHA1 | 4d439d545b09d5711a3e85c68ff43c6c39934a85 |
| SHA256 | 33c47e6d4a82a09134205811a63ed78a1de4af1f61fb04c921785ad91e3ecaef |
| SHA512 | a630af5c1a517bd652f689c98e8d6c4438c1a34c2e847f52aa61dcb1c64f5296b286a6fee715a865061ee3b26a72b904617c913c34299f0c402f8149d2d7f943 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\specgan_piano.wav
| MD5 | ee5fb4b49fe3d85f8a18d622d155c1b7 |
| SHA1 | 3cb420a5b81952e8b02c71402f79fb2d14ae696a |
| SHA256 | c4017d513a85a3dbde5ea42ee0c500e19a392147793c30e51f4b8e4af0afd751 |
| SHA512 | 48df84936ab9940d809930a595e6ddbf77b9ca00f5a2426ca0b5e77c30a636a44fddbcad99c16bb40805928f6aa1be34308425549fc318440a3c87d52a7f5d74 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\audio\specgan_sc09 - Copy.wav
| MD5 | 9d8691fd2b28078cac74060d0fd33bf7 |
| SHA1 | 21d9fa20835c46cec90641380ea9aa71c57ab85e |
| SHA256 | 1bbf3a28bc06757cb8a3b19bc7186c583594b18ac459df231cf9c9aabb1f3bb9 |
| SHA512 | 626e71144737ba2e057a426a7f6c59f1b92dc52141752f6a8711af969574e441c1582c038b4254c917126ee656f17281bea7a8a093e1e05eff55b4d54dceea50 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\run.bat
| MD5 | 5c4ba7f8583109bcae0e9f91498f2a66 |
| SHA1 | 69b16412d8a614349ce4cbc441b71df20fd8ec89 |
| SHA256 | 09b63f856241a67cb21ee79b57fcbd8b03d0b484d9f962d420398ab6fdcb274e |
| SHA512 | 5d551f6ec8d79c492b77d9d6b5c1763dcd7571c452716ed66130268ab20846a78f9a031150247c8245b522f53f497e85667db23f65de4495e713c2b4c4452c0f |
C:\Users\Admin\AppData\Local\Temp\installer.bat
| MD5 | f6e9e7979f1b31f8d3970cedf70b7bb9 |
| SHA1 | c9dcb989fcc3a8fae5b95879bf47bea0f4b15cb7 |
| SHA256 | 974660e9c9d44f7e4efcb96135347f5635b2dde3af11f36d2616c92833016ae1 |
| SHA512 | ac46f30930cf366b7b7f4b2187504f9c73247fe6cb0c0a34f6653eb2cba93075304ee73a34d11199e0a0637df18faf3d21693a389ab0dc36a1dab94efe5962d6 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\1.bat
| MD5 | 38251d8e9ac84bf0d4812d508c1bb9c8 |
| SHA1 | 3f30ce2fd53ef0b0da8da3b26402756683049f5f |
| SHA256 | 32ed5b352ae03c6bf5faa4304b699131be3bfb6c62fe0fa2ab8af8b4d864a918 |
| SHA512 | f54ba90642f6ba1bbe77c19fccbcbad980351ec4424d5ed4fed89e856dad42efabf3f971861e457bd529ca639aff72c53a9f277c0db20619b363012a3ec9bba9 |
C:\Users\Admin\AppData\Local\Temp\7zS456A5C06\data.dat
| MD5 | eb9eac6427698e35e1daf70d01bee66c |
| SHA1 | df8e185ffbec4791d07a4f4502a0da793c1d6eb2 |
| SHA256 | 3f1393f2bdd27f9345b9a1458d4ede43488621bfcb172197f031b220e650eb55 |
| SHA512 | 14c4b86b9c72408b676e1fec66278c539b167955701d7bcc41abf6fa718200b7237ebe5a1377fb273121633f2036ed0157d2381ff4693abd4f8d01a4c6f17552 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 8e2cc9c1d207606e9aa7fd77311312af |
| SHA1 | 1a10265526b3be5a20319905883b07cc67da0272 |
| SHA256 | 19b5fad28831bc845151ce81904d9d38104776f3c3f2685a6baa35a386b19aba |
| SHA512 | 08fe99f5df75d71f9acce7b6c2fe5fdf0ac3a2c71d1e21e7c6d19991534c9dacc92132b90333017fcd196dd72fc20da386c188f01ca23a62c17d88ae466cd2d1 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1364-6652-0x0000000000F90000-0x0000000000FB0000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\.github\lib.d.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20240215-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\datamian\.github\workflows\set-version.vbs"
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/datamian/bin/tsc
[/tmp/datamian/bin/tsc]
/usr/local/sbin/node
[node /tmp/datamian/bin/tsc]
/usr/local/bin/node
[node /tmp/datamian/bin/tsc]
/usr/sbin/node
[node /tmp/datamian/bin/tsc]
/usr/bin/node
[node /tmp/datamian/bin/tsc]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:48
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/datamian/bin/tsserver
[/tmp/datamian/bin/tsserver]
/usr/local/sbin/node
[node /tmp/datamian/bin/tsserver]
/usr/local/bin/node
[node /tmp/datamian/bin/tsserver]
/usr/sbin/node
[node /tmp/datamian/bin/tsserver]
/usr/bin/node
[node /tmp/datamian/bin/tsserver]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.3:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 195.181.164.14:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:46
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20240221-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\datamian\codeql\workflows\set-version.vbs"
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20240419-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\.github\ISSUE_TEMPLATE\types-not-correct-in-with-callback.js
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:46
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\.github\ISSUE_TEMPLATE\types-not-correct-in-with-callback.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.167.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\.github\lib.d.js
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20240508-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\.github\types-not-correct-in-with-callback.js
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240426-en
Max time kernel
106s
Max time network
154s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5016 created 2564 | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | C:\Windows\system32\sihost.exe |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\InjectToolInstaller.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\data.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4300 set thread context of 5016 | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe |
Runs net.exe
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\insta3d311.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\InjectToolInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\InjectToolInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zS474C0957\run.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\installer.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\1.bat
C:\Windows\SysWOW64\net.exe
NET FILE
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\cmd.exe
cmd /C "C:\Users\Admin\AppData\Local\Temp\1.bat"
C:\Windows\SysWOW64\net.exe
NET FILE
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 1
C:\Users\Admin\AppData\Local\Temp\data.exe
C:\Users\Admin\AppData\Local\Temp\data.exe -p"bfeuebfmd9AD" -d"C:\Users\Admin\AppData\Local\Temp\"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
"C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5016 -ip 5016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5016 -ip 5016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 440
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wprogs.top | udp |
| US | 5.161.81.32:443 | wprogs.top | tcp |
| US | 8.8.8.8:53 | 32.81.161.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\mock-registry\.eslintrc.js
| MD5 | 1f007186be8b5260ff53b341af5655fd |
| SHA1 | 1858997a42cea3d5f66c92cd4e2c709a1f96eb4b |
| SHA256 | 191b99c3205d8862bd3a11af48cfe1dd884203817d109e5ca0817a743cc3d6a1 |
| SHA512 | fb3b32d9811be0ee8d27c5bbebdefb70607501157365e9b680ad4eaefb0b3024920d21def3e8c918e718b1b693bd81945d9e680388ef3f076a719f50a5e01ba3 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\mock-registry\.gitignore
| MD5 | 8da13f306c8c0f4f4a32960e93725b42 |
| SHA1 | b9ee3f4a8b64284a8f698206993e4ec2cf83f66f |
| SHA256 | ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0 |
| SHA512 | 59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js
| MD5 | 12148d2dff9ca3478e4467945663fa70 |
| SHA1 | 50998482c521255af2760ed95bbdb1c4f7387212 |
| SHA256 | 1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6 |
| SHA512 | f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@isaacs\cliui\node_modules\strip-ansi\license
| MD5 | d5f2a6dd0192dcc7c833e50bb9017337 |
| SHA1 | 80674912e3033be358331910ba27d5812369c2fc |
| SHA256 | 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3 |
| SHA512 | d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js
| MD5 | 7b33dd38c0c08bf185f5480efdf9ab90 |
| SHA1 | b3d9d61ad3ab1f87712280265df367eff502ef8b |
| SHA256 | d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88 |
| SHA512 | 22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@npmcli\query\LICENSE
| MD5 | c637d431ac5faadb34aff5fbd6985239 |
| SHA1 | 0e28fd386ce58d4a8fcbf3561ddaacd630bc9181 |
| SHA256 | 27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21 |
| SHA512 | a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@npmcli\run-script\LICENSE
| MD5 | 89966567781ee3dc29aeca2d18a59501 |
| SHA1 | a6d614386e4974eef58b014810f00d4ed1881575 |
| SHA256 | 898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3 |
| SHA512 | 602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@sigstore\sign\dist\types\fetch.js
| MD5 | 8963201168a2449f79025884824955f2 |
| SHA1 | b66edae489b6e4147ce7e1ec65a107e297219771 |
| SHA256 | d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230 |
| SHA512 | 7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\@sigstore\sign\LICENSE
| MD5 | f03382535cd50de5e9294254cd26acba |
| SHA1 | d3d4d2a95ecb3ad46be7910b056f936a20fefacf |
| SHA256 | 364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0 |
| SHA512 | bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\ansi-styles\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\cross-spawn\node_modules\which\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\emoji-regex\LICENSE-MIT.txt
| MD5 | ee9bd8b835cfcd512dd644540dd96987 |
| SHA1 | d7384cd3ed0c9614f87dde0f86568017f369814c |
| SHA256 | 483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a |
| SHA512 | 7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\inflight\LICENSE
| MD5 | 90a3ca01a5efed8b813a81c6c8fa2e63 |
| SHA1 | 515ec4469197395143dd4bfe9b1bc4e0d9b6b12a |
| SHA256 | 05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8 |
| SHA512 | c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minimatch\dist\cjs\package.json
| MD5 | df9ffc6aa3f78a5491736d441c4258a8 |
| SHA1 | 9d0d83ae5d399d96b36d228e614a575fc209d488 |
| SHA256 | 8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a |
| SHA512 | 6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minimatch\dist\mjs\package.json
| MD5 | d0707362e90f00edd12435e9d3b9d71c |
| SHA1 | 50faeb965b15dfc6854cb1235b06dbb5e79148d2 |
| SHA256 | 3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a |
| SHA512 | 9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minipass\dist\commonjs\package.json
| MD5 | 95b08bc3062cdc4b0334fa9be037e557 |
| SHA1 | a6e024bc66f013d9565542250aef50091391801d |
| SHA256 | fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f |
| SHA512 | 65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minipass\dist\esm\package.json
| MD5 | 6138da8f9bd4f861c6157689d96b6d64 |
| SHA1 | ee2833a41c28830d75b2f3327075286c915ed0dd |
| SHA256 | 6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1 |
| SHA512 | 0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minipass-json-stream\node_modules\minipass\package.json
| MD5 | 1943a368b7d61cc3792a307ec725c808 |
| SHA1 | fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c |
| SHA256 | e99f6b67ba6e5cda438efb7a23dd399ee5c2070af69ce77720d95de5fb42921e |
| SHA512 | 7c05f03f5d3db01798c56c50d21628fc677097630aacf92e9ea47e70ff872d0e4e40217c1c2d5e81fc833ccf5afe9697f8f20a4772459b396aa5c85263289223 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minipass-json-stream\node_modules\minipass\LICENSE
| MD5 | 78e0c554693f15c5d2e74a90dfef3816 |
| SHA1 | 58823ce936d14f068797501b1174d8ea9e51e9fe |
| SHA256 | a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53 |
| SHA512 | b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\minipass-json-stream\node_modules\minipass\index.js
| MD5 | a8c344ac3d111b646df0dcae1f2bc3a3 |
| SHA1 | d8a136b49214e498da9c5a6e8cb9681b4fda3149 |
| SHA256 | dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c |
| SHA512 | 523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md
| MD5 | 1750b360daee1aa920366e344c1b0c57 |
| SHA1 | fe739dc1a14a033680b3a404df26e98cca0b3ccf |
| SHA256 | 7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad |
| SHA512 | ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE
| MD5 | a5df515ef062cc3affd8c0ae59c059ec |
| SHA1 | 433c2b9c71bad0957f4831068c2f5d973cef98a9 |
| SHA256 | 68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14 |
| SHA512 | 0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\node-gyp\node_modules\minipass\LICENSE
| MD5 | 5f114ac709a085d123e16c1e6363793f |
| SHA1 | 185c2ab72f55bf0a69f28b19ac3849c0ca0d9705 |
| SHA256 | 833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39 |
| SHA512 | cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\npm-audit-report\LICENSE
| MD5 | 5324d196a847002a5d476185a59cf238 |
| SHA1 | dfe418dc288edb0a4bb66af2ad88bd838c55e136 |
| SHA256 | 720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d |
| SHA512 | 1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\read-package-json-fast\LICENSE
| MD5 | ff53df3ad94e5c618e230ab49ce310fa |
| SHA1 | a0296af210b0f3dc0016cb0ceee446ea4b2de70b |
| SHA256 | ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475 |
| SHA512 | 876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\text-table\LICENSE
| MD5 | aea1cde69645f4b99be4ff7ca9abcce1 |
| SHA1 | b2e68ce937c1f851926f7e10280cc93221d4f53c |
| SHA256 | 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b |
| SHA512 | 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\tuf-js\LICENSE
| MD5 | 391090fcdb3d37fb9f9d1c1d0dc55912 |
| SHA1 | 138f23e4cc3bb584d7633218bcc2a773a6bbea59 |
| SHA256 | 564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10 |
| SHA512 | 070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\node_modules\wide-align\LICENSE
| MD5 | 9d215c9223fbef14a4642cc450e7ed4b |
| SHA1 | 279f47bedbc7bb9520c5f26216b2323e8f0e728e |
| SHA256 | 0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11 |
| SHA512 | 5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\quant_wavenet_r9y9.wav
| MD5 | 4a1d53e7fd0f268a7fd23fb9b3139ee3 |
| SHA1 | a80942c3cab97ea97b2406fab965bb4b3c16c2fe |
| SHA256 | 7832608e235911200d1c224c201d3aefefe3b154911a53c2507cd83e31447c1f |
| SHA512 | cc00e720b65246bd0ad30dec09a35a5bc0f409645f47d8576649036408a258b7a372c0e4f5f16b222a9965a92cd2dd03fd6f782bec5f1a85438a339c310dfd01 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\real_birds.wav
| MD5 | 0390e78a8086536f56e11b0b40be2d62 |
| SHA1 | ba61e82cce9e0ef301db174f83e94b9244faa799 |
| SHA256 | 9102b9e757cea1fddffd0f82888ff829af7f11f6c522a31939fd54daf0b3aa22 |
| SHA512 | 6182190e88ccbbb060a6779b97e27794aa69252f4196b307165006d57234aeee62283c1cfb41d405847c5079d3828706cab648281d40dafaf9cb10984868b1e9 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\real_piano.wav
| MD5 | 5b88b489ce5a9207f1b60669d32f7a0e |
| SHA1 | d2ba6f65e8091324b5042baefd58bde2177fa724 |
| SHA256 | 216fdaac90960ee05ff540fe214cfdc314b4ae57892437c940eb7b0edb9bc87f |
| SHA512 | df3bf926e4c85adc21599348442b4e8093885030d9dd0fda3ea0a50606cfd1cd805ee89cdd7f43c48863671e68309955fac14e50bb157590e6984a2233333b29 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\real_tatum.wav
| MD5 | f764169bffe65099eda80ace5f90e046 |
| SHA1 | 82bcaec9920ffabc3c6ea08a277511c2e871b230 |
| SHA256 | 88341a5ee3600529b8026d421d2b6004299d9bc3d89bdb3e2a8643cca107f3ed |
| SHA512 | 3eedf74feb8a30e2ddb6767b25580625e7d200e34e8a20a7412bc4e60d8ca5194c7d2436a632cedc676d93841a560bd0de9470d48f6eee4a4ad3b7d5f4064d80 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\real_timit - Copy.wav
| MD5 | 9c82673085c3d170dfa63a6c7be31776 |
| SHA1 | 3a753da6e8fef9a09e841dc2cd1f7d97832dfb65 |
| SHA256 | 0fbf274c9a44e2e2842423bdfe570a5ba7cbd4e1c4ac5446e45c56d022fb1fb7 |
| SHA512 | d42e2caf6b76a715139d7da3e172d1b7abecbc424fe7a8fa4ce4ad371d2c199873eca4882b0f51df81c8c18749d846c887f49d92b4d83ef77708436d83e64638 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\specgan_birds - Copy.wav
| MD5 | 189ae0c626d6d7287e0ffed4389ccb05 |
| SHA1 | ec64c9f7b9fa6d6879793317e8431ac69338ddb8 |
| SHA256 | f43a43e58ecd71a43a1393a6c6a3056228e525963704ed75ae04bd5fbcd2305f |
| SHA512 | 973e344a2d266a1eb1bd848945c3cfcc16e5c4f0aa9e71f6fdfd96b9e7a18cbca630239257bf69b0922dae275e364068609be6d42f6a6209e853b2ff0600790c |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\specgan_drums - Copy.wav
| MD5 | 6eb8849162425bf473a9a86f8765e014 |
| SHA1 | 4d439d545b09d5711a3e85c68ff43c6c39934a85 |
| SHA256 | 33c47e6d4a82a09134205811a63ed78a1de4af1f61fb04c921785ad91e3ecaef |
| SHA512 | a630af5c1a517bd652f689c98e8d6c4438c1a34c2e847f52aa61dcb1c64f5296b286a6fee715a865061ee3b26a72b904617c913c34299f0c402f8149d2d7f943 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\specgan_piano.wav
| MD5 | ee5fb4b49fe3d85f8a18d622d155c1b7 |
| SHA1 | 3cb420a5b81952e8b02c71402f79fb2d14ae696a |
| SHA256 | c4017d513a85a3dbde5ea42ee0c500e19a392147793c30e51f4b8e4af0afd751 |
| SHA512 | 48df84936ab9940d809930a595e6ddbf77b9ca00f5a2426ca0b5e77c30a636a44fddbcad99c16bb40805928f6aa1be34308425549fc318440a3c87d52a7f5d74 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\audio\specgan_sc09 - Copy.wav
| MD5 | 9d8691fd2b28078cac74060d0fd33bf7 |
| SHA1 | 21d9fa20835c46cec90641380ea9aa71c57ab85e |
| SHA256 | 1bbf3a28bc06757cb8a3b19bc7186c583594b18ac459df231cf9c9aabb1f3bb9 |
| SHA512 | 626e71144737ba2e057a426a7f6c59f1b92dc52141752f6a8711af969574e441c1582c038b4254c917126ee656f17281bea7a8a093e1e05eff55b4d54dceea50 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\run.bat
| MD5 | 5c4ba7f8583109bcae0e9f91498f2a66 |
| SHA1 | 69b16412d8a614349ce4cbc441b71df20fd8ec89 |
| SHA256 | 09b63f856241a67cb21ee79b57fcbd8b03d0b484d9f962d420398ab6fdcb274e |
| SHA512 | 5d551f6ec8d79c492b77d9d6b5c1763dcd7571c452716ed66130268ab20846a78f9a031150247c8245b522f53f497e85667db23f65de4495e713c2b4c4452c0f |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\installer.bat
| MD5 | f6e9e7979f1b31f8d3970cedf70b7bb9 |
| SHA1 | c9dcb989fcc3a8fae5b95879bf47bea0f4b15cb7 |
| SHA256 | 974660e9c9d44f7e4efcb96135347f5635b2dde3af11f36d2616c92833016ae1 |
| SHA512 | ac46f30930cf366b7b7f4b2187504f9c73247fe6cb0c0a34f6653eb2cba93075304ee73a34d11199e0a0637df18faf3d21693a389ab0dc36a1dab94efe5962d6 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\1.bat
| MD5 | 38251d8e9ac84bf0d4812d508c1bb9c8 |
| SHA1 | 3f30ce2fd53ef0b0da8da3b26402756683049f5f |
| SHA256 | 32ed5b352ae03c6bf5faa4304b699131be3bfb6c62fe0fa2ab8af8b4d864a918 |
| SHA512 | f54ba90642f6ba1bbe77c19fccbcbad980351ec4424d5ed4fed89e856dad42efabf3f971861e457bd529ca639aff72c53a9f277c0db20619b363012a3ec9bba9 |
C:\Users\Admin\AppData\Local\Temp\7zS474C0957\data.dat
| MD5 | eb9eac6427698e35e1daf70d01bee66c |
| SHA1 | df8e185ffbec4791d07a4f4502a0da793c1d6eb2 |
| SHA256 | 3f1393f2bdd27f9345b9a1458d4ede43488621bfcb172197f031b220e650eb55 |
| SHA512 | 14c4b86b9c72408b676e1fec66278c539b167955701d7bcc41abf6fa718200b7237ebe5a1377fb273121633f2036ed0157d2381ff4693abd4f8d01a4c6f17552 |
memory/5728-6367-0x00000000027E0000-0x0000000002816000-memory.dmp
memory/5728-6368-0x0000000004F70000-0x0000000005598000-memory.dmp
memory/5728-6369-0x0000000004E10000-0x0000000004E32000-memory.dmp
memory/5728-6370-0x0000000005710000-0x0000000005776000-memory.dmp
memory/5728-6371-0x0000000005780000-0x00000000057E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bw1kvlzs.vta.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5728-6381-0x00000000057F0000-0x0000000005B44000-memory.dmp
memory/5728-6382-0x0000000005DD0000-0x0000000005DEE000-memory.dmp
memory/5728-6383-0x0000000005E00000-0x0000000005E4C000-memory.dmp
memory/5728-6385-0x0000000070230000-0x000000007027C000-memory.dmp
memory/5728-6384-0x0000000006FC0000-0x0000000006FF2000-memory.dmp
memory/5728-6395-0x00000000063A0000-0x00000000063BE000-memory.dmp
memory/5728-6396-0x0000000007000000-0x00000000070A3000-memory.dmp
memory/5728-6397-0x0000000007730000-0x0000000007DAA000-memory.dmp
memory/5728-6398-0x00000000070F0000-0x000000000710A000-memory.dmp
memory/5728-6399-0x0000000007160000-0x000000000716A000-memory.dmp
memory/5728-6400-0x0000000007370000-0x0000000007406000-memory.dmp
memory/5728-6401-0x00000000072F0000-0x0000000007301000-memory.dmp
memory/5728-6402-0x0000000007320000-0x000000000732E000-memory.dmp
memory/5728-6403-0x0000000007330000-0x0000000007344000-memory.dmp
memory/5728-6404-0x0000000007430000-0x000000000744A000-memory.dmp
memory/5728-6405-0x0000000007410000-0x0000000007418000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 968cb9309758126772781b83adb8a28f |
| SHA1 | 8da30e71accf186b2ba11da1797cf67f8f78b47c |
| SHA256 | 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a |
| SHA512 | 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3 |
memory/2004-6418-0x0000000006370000-0x00000000066C4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 24579a96666a4d97d6e73604267d6f4b |
| SHA1 | aefa6bec751bcb8e6454a7bcf46abed6d8ac07be |
| SHA256 | 367c6c644e5f55ec24478c30b35620d4338af77017e75cc2a43175b0d0216192 |
| SHA512 | 5fecebc762787ff9b29783beb130139a5641dd3f2582e330b18cd3fa64aabeb9c08258a6ef82b4d572048744a53f86f05b237f9792043f5c104532a5868ba6cd |
memory/2004-6420-0x0000000070230000-0x000000007027C000-memory.dmp
memory/2004-6430-0x0000000007F70000-0x0000000007F84000-memory.dmp
memory/3440-6432-0x0000000005A40000-0x0000000005D94000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ec7db2166608dd46ec5ba4a67f068703 |
| SHA1 | 06aa845626e94d570463da6edb81fa0151aec4b5 |
| SHA256 | 76c2243dcb2d2966d2f1122166c399e7fc2c2d84252522913cab6d6cf7803478 |
| SHA512 | 9f46f69f6dbd94c8d35a597e2c9c4290a84aeae19aab69f8f81e450bb3a7509c3da2726212f191f20b210d4667dc41cd29ecfeaef3487e1ab3352d647eb69fc9 |
memory/3440-6443-0x0000000006650000-0x000000000669C000-memory.dmp
memory/3440-6444-0x0000000070270000-0x00000000702BC000-memory.dmp
memory/3440-6454-0x0000000007360000-0x0000000007403000-memory.dmp
memory/3440-6455-0x0000000007620000-0x0000000007631000-memory.dmp
memory/3440-6456-0x0000000007660000-0x0000000007674000-memory.dmp
memory/2064-6467-0x0000000006360000-0x00000000066B4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | de58e61e3e0d8b4404543e92fcecd29c |
| SHA1 | ebbcb2a28045918d4ab146afb4de4da72e7c12fb |
| SHA256 | 75b0300eeb541922188625e8b4e98cf3258b9a7effd82871c24fae210110c1f9 |
| SHA512 | 45ef678b8108a5c71ba8b665b65eb13bee51ca70f32c9d42064756e7a0f0e064fbd15f234caa636d1d814ab0693c7d09a15296b040b67fae5473066eec041cc2 |
memory/2064-6469-0x00000000069C0000-0x0000000006A0C000-memory.dmp
memory/2064-6470-0x0000000073350000-0x000000007339C000-memory.dmp
memory/2064-6480-0x0000000007A70000-0x0000000007B13000-memory.dmp
memory/2064-6481-0x0000000007D10000-0x0000000007D21000-memory.dmp
memory/2064-6482-0x0000000007D60000-0x0000000007D74000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | bd59b1b53a4a881df31d7ba2b1e6ee0a |
| SHA1 | a7c55a92ad38ffaa5d750d6700bd8f9bfc4dcd3e |
| SHA256 | 46b870e79d96730c13989c7ac0b47c280e092b04b8d84222504afdeabc5a6446 |
| SHA512 | 18ec65f43bafb98f82c4174d927ffc1ee0d6d422fd5138aa60a9cc4db0d53cacda33056f01879bf77585ed985372a8c3820d75b487eddfe4a336704fdd1cdc29 |
memory/3140-6494-0x0000000073350000-0x000000007339C000-memory.dmp
memory/2992-6505-0x0000000005FF0000-0x0000000006344000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | cd1ed775c3c457c1db58b4f683a90801 |
| SHA1 | 50d73e5d346982812981dfb3ea23fa34a366d6c4 |
| SHA256 | 79ce834592b651fd91dc5aba1623c68d474bb45ba3677c1f1aee0cb5929d78cf |
| SHA512 | b8f99329ce23066feaccca65aa3e645779340db436834ff06cfa6e3e224871253242b78952043b1e7e5b79ee0f6be16679f6d896fa8782f1c0550c5c592501c8 |
memory/2992-6516-0x0000000006BA0000-0x0000000006BEC000-memory.dmp
memory/2992-6517-0x00000000702C0000-0x000000007030C000-memory.dmp
memory/4300-6772-0x0000000000F50000-0x0000000000F70000-memory.dmp
memory/4300-6773-0x0000000006B30000-0x0000000006D86000-memory.dmp
memory/4300-6774-0x0000000007360000-0x0000000007904000-memory.dmp
memory/4300-6775-0x0000000006EC0000-0x0000000006F52000-memory.dmp
memory/4300-6780-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6777-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6783-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6785-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6797-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6811-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6817-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6823-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6837-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6836-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6833-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6831-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6829-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6827-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6825-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6821-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6819-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6815-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6813-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6803-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6809-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6808-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6806-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6801-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6795-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6793-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6791-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6789-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6788-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6839-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6799-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6782-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-6776-0x0000000006B30000-0x0000000006D7F000-memory.dmp
memory/4300-11663-0x00000000060C0000-0x000000000610C000-memory.dmp
memory/4300-11662-0x00000000061D0000-0x0000000006262000-memory.dmp
memory/4300-11664-0x0000000006260000-0x00000000062B4000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240508-en
Max time kernel
131s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\.github\types-not-correct-in-with-callback.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\datamian\.github\workflows\set-version.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:46
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win7-20231129-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\codeql\lib.d.js
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\datamian\codeql\lib.d.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4436,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-03 08:46
Reported
2024-06-03 08:49
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\datamian\codeql\workflows\set-version.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |