acc5fec0885cda45e8d3f235f0dbb7fd6f1a3f83a427f29ee18a33533aa125a7

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

793KB
MD5

7d9914483a2f5ae005d4f11f7ca786cb
SHA1

e39e7916c3fff339df9a068bc108d4f7b770d232
SHA256

acc5fec0885cda45e8d3f235f0dbb7fd6f1a3f83a427f29ee18a33533aa125a7
SHA512

708d1ea1824c6ce5b7b933fb3142b276004541f6d34d1067fa90cffa0b64597d41403a42cb07ba826ad7d78eec4fa7ae3c079143f069f1180ef82b86e105aa34
SSDEEP

12288:xJzpLYI40INR++Qwa0FvXocH9j6d8emgauKrmP23qSpmyr8:zGIt8R+wvXocH9j6qemgaut

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	python-3.12.4-amd64.exe

Executes dropped EXE 3 IoCs

pid	Process
4512	python-3.12.4-amd64.exe
756	python-3.12.4-amd64.exe
2180	python-3.12.4-amd64.exe

Loads dropped DLL 12 IoCs

pid	Process
892	MsiExec.exe
892	MsiExec.exe
1680	MsiExec.exe
1680	MsiExec.exe
1680	MsiExec.exe
1680	MsiExec.exe
1680	MsiExec.exe
4664	MsiExec.exe
4664	MsiExec.exe
4664	MsiExec.exe
892	MsiExec.exe
756	python-3.12.4-amd64.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{fb355cb0-c07e-4095-85a7-81c5a2838da6} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{fb355cb0-c07e-4095-85a7-81c5a2838da6}\\python-3.12.4-amd64.exe\" /burn.runonce"	python-3.12.4-amd64.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
36	2008	msiexec.exe
38	2008	msiexec.exe
249	2008	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
126	camo.githubusercontent.com
144	camo.githubusercontent.com
165	camo.githubusercontent.com
140	camo.githubusercontent.com
141	camo.githubusercontent.com
143	camo.githubusercontent.com
145	raw.githubusercontent.com
8	pastebin.com
139	camo.githubusercontent.com
166	camo.githubusercontent.com
9	pastebin.com
48	raw.githubusercontent.com
127	raw.githubusercontent.com
142	camo.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\abbrev\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-data.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\error.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-ci.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\spdx-license-ids\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\lib\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\npx.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\link-bins.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-bugs.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\format-search-stream.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npmlog\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\error.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\dependency-selectors.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\xcode.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ci-info\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\parse-conflict-json\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\explain.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\get.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\translations\en.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\MSVSUtil.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-owner.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-stars.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-team.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRMath.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\sigstore-utils.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\common_test.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\https-proxy-agent\dist\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-ci.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\utils\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\coerce.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\yallist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\concat-map\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\deepest-nesting-target.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\Xcode\README	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\env-paths\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.mjs	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\verify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-flush\node_modules\minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\case-insensitive-map.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abbrev\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\__generated__\sigstore_common.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\node.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\client\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\patch.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\strip-ansi\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\opts.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\virtual.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\path-is-absolute\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\sigstore\serialized.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\lifecycle-cmd.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\AUTHORS	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\constants.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\shrinkwrap.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\dist\src\promisify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\fs-minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-table3\src\layout-manager.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\columnify\index.js	msiexec.exe

Drops file in Windows directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIB7F6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB883.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICAE7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB36.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBE13.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF8C3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1F34.tmp	msiexec.exe
File created	C:\Windows\Installer\e57b1f5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57b1f5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e57b1f0.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC150.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF4F9.tmp	msiexec.exe
File created	C:\Windows\Installer\e57b1f4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57b1eb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57b1f0.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB8C3.tmp	msiexec.exe
File created	C:\Windows\Installer\e57b1ef.msi	msiexec.exe
File created	C:\Windows\Installer\e57b1eb.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC190.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF2A6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI21B6.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.12.4-amd64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.12.4-amd64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.12.4-amd64.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000002ca5e1034ed00b6a0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800002ca5e1030000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809002ca5e103000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d2ca5e103000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000002ca5e10300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664819382905204"	chrome.exe

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}	python-3.12.4-amd64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\DisplayName = "Python 3.12.4 Executables (64-bit)"	python-3.12.4-amd64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductName = "Node.js"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\CPython-3.12\Version = "3.12.4150.0"	python-3.12.4-amd64.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\DisplayName = "Python 3.12.4 Core Interpreter (64-bit)"	python-3.12.4-amd64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\PackageName = "node-v18.16.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\ProductIcon = "C:\\Windows\\Installer\\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\\NodeIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeRuntime	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\ = "{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}"	python-3.12.4-amd64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\NodeEtwSupport = "NodeRuntime"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6}	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\Version = "3.12.4150.0"	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\Version = "3.12.4150.0"	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\ = "{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}"	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\CPython-3.12\ = "{fb355cb0-c07e-4095-85a7-81c5a2838da6}"	python-3.12.4-amd64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6}	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPath	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies	python-3.12.4-amd64.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\Dependents	python-3.12.4-amd64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\CPython-3.12	python-3.12.4-amd64.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer	python-3.12.4-amd64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Installer\Dependencies\CPython-3.12\DisplayName = "Python 3.12.4 (64-bit)"	python-3.12.4-amd64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3956	Bootstrapper.exe
3956	Bootstrapper.exe
2008	msiexec.exe
2008	msiexec.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
4568	chrome.exe
4568	chrome.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
936	taskmgr.exe
4444	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3956	Bootstrapper.exe
Token: SeShutdownPrivilege	3040	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3040	msiexec.exe
Token: SeSecurityPrivilege	2008	msiexec.exe
Token: SeCreateTokenPrivilege	3040	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3040	msiexec.exe
Token: SeLockMemoryPrivilege	3040	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3040	msiexec.exe
Token: SeMachineAccountPrivilege	3040	msiexec.exe
Token: SeTcbPrivilege	3040	msiexec.exe
Token: SeSecurityPrivilege	3040	msiexec.exe
Token: SeTakeOwnershipPrivilege	3040	msiexec.exe
Token: SeLoadDriverPrivilege	3040	msiexec.exe
Token: SeSystemProfilePrivilege	3040	msiexec.exe
Token: SeSystemtimePrivilege	3040	msiexec.exe
Token: SeProfSingleProcessPrivilege	3040	msiexec.exe
Token: SeIncBasePriorityPrivilege	3040	msiexec.exe
Token: SeCreatePagefilePrivilege	3040	msiexec.exe
Token: SeCreatePermanentPrivilege	3040	msiexec.exe
Token: SeBackupPrivilege	3040	msiexec.exe
Token: SeRestorePrivilege	3040	msiexec.exe
Token: SeShutdownPrivilege	3040	msiexec.exe
Token: SeDebugPrivilege	3040	msiexec.exe
Token: SeAuditPrivilege	3040	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3040	msiexec.exe
Token: SeChangeNotifyPrivilege	3040	msiexec.exe
Token: SeRemoteShutdownPrivilege	3040	msiexec.exe
Token: SeUndockPrivilege	3040	msiexec.exe
Token: SeSyncAgentPrivilege	3040	msiexec.exe
Token: SeEnableDelegationPrivilege	3040	msiexec.exe
Token: SeManageVolumePrivilege	3040	msiexec.exe
Token: SeImpersonatePrivilege	3040	msiexec.exe
Token: SeCreateGlobalPrivilege	3040	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeSecurityPrivilege	4960	wevtutil.exe
Token: SeBackupPrivilege	4960	wevtutil.exe
Token: SeSecurityPrivilege	4668	wevtutil.exe
Token: SeBackupPrivilege	4668	wevtutil.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe
Token: SeTakeOwnershipPrivilege	2008	msiexec.exe
Token: SeRestorePrivilege	2008	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
936	taskmgr.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
936	taskmgr.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe
936	taskmgr.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe
4444	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 3040	3956	Bootstrapper.exe	93
PID 3956 wrote to memory of 3040	3956	Bootstrapper.exe	93
PID 3956 wrote to memory of 3040	3956	Bootstrapper.exe	93
PID 2008 wrote to memory of 892	2008	msiexec.exe	97
PID 2008 wrote to memory of 892	2008	msiexec.exe	97
PID 2008 wrote to memory of 1680	2008	msiexec.exe	98
PID 2008 wrote to memory of 1680	2008	msiexec.exe	98
PID 2008 wrote to memory of 1680	2008	msiexec.exe	98
PID 2008 wrote to memory of 4664	2008	msiexec.exe	102
PID 2008 wrote to memory of 4664	2008	msiexec.exe	102
PID 2008 wrote to memory of 4664	2008	msiexec.exe	102
PID 4664 wrote to memory of 4960	4664	MsiExec.exe	103
PID 4664 wrote to memory of 4960	4664	MsiExec.exe	103
PID 4664 wrote to memory of 4960	4664	MsiExec.exe	103
PID 4960 wrote to memory of 4668	4960	wevtutil.exe	105
PID 4960 wrote to memory of 4668	4960	wevtutil.exe	105
PID 4568 wrote to memory of 376	4568	chrome.exe	126
PID 4568 wrote to memory of 376	4568	chrome.exe	126
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 3200	4568	chrome.exe	127
PID 4568 wrote to memory of 5104	4568	chrome.exe	128
PID 4568 wrote to memory of 5104	4568	chrome.exe	128
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129
PID 4568 wrote to memory of 4860	4568	chrome.exe	129

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3040

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 6887350E7D6BAC4DF372E893D0B3FD23
  2⤵
  - Loads dropped DLL
  PID:892
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7925EC4A4E1DD4C4F5C5725470C2DA4D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1680
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A4DB5E9766BBC72C093F1EF9BF5F8A24 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4664
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4960
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4668

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa84a8cc40,0x7ffa84a8cc4c,0x7ffa84a8cc58
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5268,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3372,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3540,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4592,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5736,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=860,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5704,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=240 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3964,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5292,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3368,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5716,i,15294150879722394675,6494625851036287831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:1120

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4444
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Blank-Grabber-main\Blank-Grabber-main\README.md
  2⤵
  PID:1224

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Blank-Grabber-main\Blank-Grabber-main\Blank Grabber\READme.txt
1⤵
PID:3480

C:\Users\Admin\Downloads\python-3.12.4-amd64.exe
"C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4512
- C:\Windows\Temp\{9C06DB8E-1242-4F9C-BB10-2A0845240D84}\.cr\python-3.12.4-amd64.exe
  "C:\Windows\Temp\{9C06DB8E-1242-4F9C-BB10-2A0845240D84}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.4-amd64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:756
- - C:\Windows\Temp\{698AFA24-CA40-4AC5-8869-37EED1D72EF0}\.be\python-3.12.4-amd64.exe
    "C:\Windows\Temp\{698AFA24-CA40-4AC5-8869-37EED1D72EF0}\.be\python-3.12.4-amd64.exe" -q -burn.elevated BurnPipe.{ACB82A95-67F1-4FDD-8889-532706A0E0C7} {63BEFD27-32AF-4846-8E29-F9B8853A3965} 756
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2180

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2132

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57b1ee.rbs

Filesize
1.0MB

MD5
92ca1b85603726230f85942f35982230

SHA1
39980b934beb3598d6bd923eacc24be8d1b91b35

SHA256
cd98b9d2eb3b3688daf356bcbf9be5bac7f37cf5c4957b3488e4f46b6c0a747b

SHA512
ac55271f0b82d8f9ffc9a8c573e765d57b01534958cf10f77ba6f49bcbf22c07d4057bd7f4f71a514ce072cdb80352eeb7f93225e558f38635328e4953da623a

Download Submit
C:\Config.Msi\e57b1f3.rbs

Filesize
8KB

MD5
5b513f0a9f5ae5b26634a0f305221dfe

SHA1
0b1bd339277784b73786e890f2f8368ee55a74f2

SHA256
4c7633afe6935721413597e38e61cf137bb380c2226009a7430763bbff216339

SHA512
97ff49a81d265fca179778a828c0e84d3497c73395bb1305a4b175ed5c7c22988c76790b86f689efce4130165738a592d780bd532ea87d83b64703862d47ebd9

Download Submit
C:\Config.Msi\e57b1f8.rbs

Filesize
12KB

MD5
5f62dc3edbd380f4d94fb6b9e31f5d39

SHA1
2dc2b0a141a1e8b4ca7241e36148e2d3fed12017

SHA256
c64fce50ce666c87c3faba8d2559ee85beac8a89fc03bfef026872401a709b1e

SHA512
3235c9e7b9e550734793eea055c5e04039f29e308654e12d3ec79b52eeca970ee65f9ddbbb5adb3bcc3675e63824c480ea1ff60ade8a3f2e950df8825dd4a05e

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1abaa16f-ca6c-4eb6-b9af-2d7ada988f20.tmp

Filesize
188KB

MD5
767d7c6704ce0605d7fc272d8b8e1a3d

SHA1
f108ce994876ab3cf21ce4fde42c11567d6b1cc2

SHA256
b2d4626f0494e5fe01182725b7f701afa692075b485b1b54b28f9eeb1bff0fa4

SHA512
0adf91eb598aa076bb1f79f79599ad450560b47d3f65de345a85f6cfbbd905d0d8298c2157c33a365bfa582de2213e57799c5b475b53417a773546c11c617af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8d54695661abe68629ca0567659e7c3f

SHA1
3d3b1aa9930f8a6061fdc2a0ca8880ff961373d3

SHA256
0a7a763cb171cd948eb04b9b13c0af6da489c7fc783aec78ff06380b94a1ee34

SHA512
d052ccb0dc5b9504f3ea81beabd6a4215af612e113b06f78c0da8ca16e032928f3216bb69792fe1d034cf1f5a801e54672ac7cbc08c8216fe31d4a774ff13c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d4bb8eef2efdc39d7690dcd7029a5d41

SHA1
7db822b28c778533fea5ba109cf892ab225bfba4

SHA256
f721dba079796d0dd41a32892eeca166b614ec63facf4e609d197535883c08c3

SHA512
7b8d4906a6371e9c7b7f81c9816f25cb4174f478d123b23a90b26188cdbc1d2b5c982cf69736bdd4937c8eb840a822ff94e60f053deaae2ecff1df9d0f1a35f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1d1ecaf482893fc15eb89bebdcb60e4c

SHA1
409c682a738856d0f04a485b2bc156aa65320e24

SHA256
140ca33222fa7d9db2f07a18063b6217bd034d0cd65abf6d46db96bfd00bca31

SHA512
ac9263bb8f46c761a716a17f8e8c43b094f7ae98c1d2e1c780a530113f195f0071513421dfdea93390a9f9b5b4c3e7063fe6a5a8ee94d2ee0818c823c39ccc67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3485063391aadf5a39d20357b9b06221

SHA1
1ff91926c1ba209bdda361da8e1eefeb3949b98c

SHA256
b1a34de36febd3ad8e31a88941cd7a6fdceaa8d1d0faa2af9e4aefb1e8c95bef

SHA512
711dae9f0e3a774c4eefcc0ccf671f1df8d9397dcd2865369839b803139cccda35bd3202fc443b2eb03c99309a387c13022b482d955ddda30a44b1a98793e86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fae80f76d9b626ea3819437496252934

SHA1
6fe0d45526728fceb1c8e3e7cfb541f8f40785bd

SHA256
5945cb82e5c54b2ec99a381947276540a208b2d4732aab210989512f28d50809

SHA512
12c89a608737d8758b015a4c6d02f414933481cb96ae66cbcd14dced18449315c3841f143d5e7280b987e213343419e0b13c88d213e2d787155dd92dc22648e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4f7621af6132df46e4ddbbbf5fb6e3ac

SHA1
e3e7d0fbe8b23d232e67ee7abaa8fb5b741f26a1

SHA256
ea9c8b0df2c3d4629c6ebc499c58d94918f14b9c241afc38b9eb8782c49eb9f3

SHA512
1ade3bf375485525145daacced11042a94d5a182b0d10cf61c3965ee68689e0920990a756b8d95f40a537c5963db57915c1731b3ac0a053bba326de93b04bc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5e8cb3e58b72c94a8f72ee10b4da276

SHA1
b391587373fb51009b145878db0d9e4f3e77b83f

SHA256
0705a16859d9995177a36f88ce76ab4273640d89de1993230c39957bf0afb51b

SHA512
bbbeefa6fc81ec06d3422993b342a24911bb85945c29d96630ada32cf7b565c6ec269d4b0a11bb06aea8c2e16ca7f140acdd13e7c46835a4993c7ce102b24b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
adf3892e82988a582c0ec0b372c487dd

SHA1
db2b7a1f50178d3edeaf7bb1bed47aa73d92cc38

SHA256
50cd0e1628b685cf33d3e5cd748645d8ce7e86990b54a8ad66ccc168994ca08e

SHA512
0acd12d5b096895512ef301f679935a0aab7e85a4f5fe7f96577dd97af76f2e2309038322c1634bb67109965a81723be1e6c9202a6b837d4fe9e68b21b317f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9837ad46f8d8aacf5918bcd3d4693290

SHA1
4ff0b32c87c71f6796d0af5156e15c2ae65b3567

SHA256
4a7482cec428f685d1a051393507f5804ca43eac1a0ff1acc2dbd12c06656ca4

SHA512
38034ece4cecc51ccf2594013d290d89b239d32ced60fe6b61da439d2227f53d245c1dd4786675ab928c333b0760c7d40bb1c86ac63156b1450e429d2b15dd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b1fdaadf13edb49c43c7ded4598b551f

SHA1
db06e2302fda8803300e92f4b6cf314f22559529

SHA256
e67e3129b5ca6d0268dacefc069e2cd327c23ab8384bf5f350457067574c9204

SHA512
3a4035142f83260892577de12cce493e1e711996e239ce7a0ebfdb7a02fa7670f1c7bb81582c93457565322d9c25f679c4ad799ee2c63e2342ff584c6cf17acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4fec178a4470834a3439fc45d402df4a

SHA1
70563956922de07f10fa5b6b6a91087b1385de61

SHA256
e64116d6427aed95eb20acd069de5f69017a1442015559f83dbeccba2c938fb9

SHA512
74d87bc4b9d73be814ab1ff237c879826bd0587f381616a47107cf4d3144aef64573070322db2a7ffeaba538802fe137352fa421d68243e2fa03ecaffde2d91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8c4af21c12f49640aef7ce1e3bab30e4

SHA1
4f65bafaf03c2101250273ac98a7c94789c494c3

SHA256
98fa5cb74621e894855ab4f89e31dbbffa55bd6a846f49771152f5a488a1f5ed

SHA512
aee615d4a58baaf93017aa436aae0b4f0a70fa58d1bd356bee265125b037c7f1e39db7873b5425595a024e40957c5f26959e58f86563becb8fd0c4519fcdca90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
150e0f66853f57ee9870a78e58d13ffc

SHA1
25a0322faf3846338ec6ecebc0ad49de7471b40f

SHA256
11c79be0bb04a7758a75d794bd4022cccffb44819e4a9cb82033537d93ee10e3

SHA512
2fb49e83591f15751614fb099ed1c877af5cba2ad54a8fa3f079cc20cd43c804cf87e443f08c1c528175468eb0ae956d53333c9df077c3da2b0d03c0539a0412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae7c9870187e54f8e57c8a2e47a6bc4e

SHA1
bd0d1eaca8d0ccdd67e5222c16da75c75943b470

SHA256
44a42ee0f0f09d97976b1d2e7ed5371eb112b39d77b5a5fff15a85c1fffa1d4c

SHA512
62c46a74464a61d8b177f9a2b205394c341378b8a2d69159deb68d02336ba51b7a7baa73992fcd93509cac2f33816beefc1f87c3173e5f5c4d55451e05b09a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf28bfb8fbdbc64d8cede5d65de463b5

SHA1
234fca314cd57654e6350c9effc821dad311ba58

SHA256
564363159fd8987e8bbe57cf83dcd1f3d6c11c4a96e1174ee5923b20e5420d3c

SHA512
daede31f092b9eb45ec03bd79da16c7de4bfe8fc7c951061cbddbc0602e4c012594803e2406b33a7edc9bb82f725a5b255f8aeca5006fb5e418f3b0b0e0fe1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bab8dd5d27a77630069919dd3d06ac6d

SHA1
e224540fee87f9d8f42aa0e02e0f9f3b00b84ea1

SHA256
a588b65e8b689e8abe10ae98010fca0459c5c9d626650b67dfadd631194aaf13

SHA512
96e5128bf0fb8593165cf451f005fa5dda8d008b67b86877034cd00e6fb64d8642f5970f69f0d8b860375c423e6a3b8c7c5956c130169e141df533ea0ad637b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92f3ddf8e68acdebb7caec53ca5940c1

SHA1
a2700d622b1631325079a66dee729ec029d9bc7e

SHA256
3d66eaf866bd12f1c80a4b912c2ee55e977b8a33f2751c7ea5a0834d0572b6af

SHA512
ee37e160ba128cdb98298858fc7b392b06af2e14a6641b61b560fb766bbb9d50cbe7fa8b52ec66a2d44346d76589791d4a5defdedcbc5ccdfbee1c16c4eb0ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7ffc7ccd243d1da6d2fd6fa2da8c027

SHA1
978f2fcfbe3484e555e0d40bdee9901a5a083d23

SHA256
7a24b0095a3f4c01af13f029cbd789fd0c0a9b2a74f9899081b55eaeb5001393

SHA512
0bd023392fb69cebbc2094465ded6b5fe5b7d77b4dddb067ca5ec2cf7594f329b5aac40a62db7c59bce7c776708317f7fc562e900d7d546fd75a0802c13c4ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
52dd5a7c934a09ccd05f19709f985c6e

SHA1
74f9a28f0219f0d1b4452a64a58449c399f09cfa

SHA256
ad0f06b552d5e51a317047f105049f2038dde9862a995cbe68a9617cef7183ae

SHA512
e6930bf8bcb40d7cf7cc251fcb67a99c2fb2de5e4a3055184bcf60d2417bdf0cc8c9124bad621124266114c052e158f0aa30e1f3e0c7541092ec64cde42bd340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
817ce8abffc116dae218e50822358128

SHA1
ff1e2aa8f2dba844a68e96a5faf920728f218e06

SHA256
84e807b537f813a1eea88a284944119619975e4bfdad330f1a626a91fda7c73e

SHA512
0460bf5d0a7ad254fe327f949de47b3be03cc9c17fb3361feb20a2a5132306d2eaacd7977929186f2bd789a814f868c5d767cc9002d513f06f0086eb47ed2fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
af9c84b11dd3a10f85b9e1cd8b401b65

SHA1
9dbd7c68b05504b74030e5cd60d5d673cc1f1250

SHA256
ba6ce94b89906afde38dc467354f2b382813302dde59572fdf8ba518ce7c44b7

SHA512
a0b3f93f95a1d3174f348ff317bf2679ad7f2a20c746ce1e6e0bf8dc43d32774ddf199448b1686eedfedc608675a2b741f141f8c993c5b04ad2eab9ff756955e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eb0e4674438b1e9c50900dfed8fd5b8b

SHA1
d9f0d0875d97fef1e8f954f9114c7a0b4071b55e

SHA256
513638a5075a6b54bc01567eb426f19ffb987c7ce20a86e097884af2d03b1c16

SHA512
6405a95cacc9ee553a2ce00a8deed3260181a4d6f535593e6299886bd6874f82c2d139cbb74577d79eb9d7f5ae84aef8d1b4270670b5afbb6f70469a4af0e6b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cc849667f3b7228050894a2b4f052b9c

SHA1
69fc382b58a1bb18aea2a6f00036e5495cd1f5c0

SHA256
9bd7a027f0838c964c44505ecf7a88502f97ac9cc43e16bd2329a1cb833a3106

SHA512
ae4e8c6b13ecd1418285ee9153e1f26504df5cf4422a8d04f0c26b91a82b37a830980fe04bf8aa0273e77a19b88e7c302f8e79e22e841e1c19b1b441d03f204f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f4428449a4ec7b4eec724d855f3767d2

SHA1
4a83006f3d2724479f5dafb7022f1fc1172a4f32

SHA256
97835490946084a0f7bda18ee4679f67451889bb17b6335f9423bc3d44fbd894

SHA512
835751c505a05e25fa64bdb8bf0487877c8d90a6f351819390928fa7578f8bf11ff594484002b7344bda6bdd99255caf0c4921f9f1c20460737f64e1cf886c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
323608a02748b0def8c4c46d34aa86d3

SHA1
f5528b4b89e3ef767e93bafedf69dbd0535d6c32

SHA256
2994092ab86a342a171abe5f93c2d12924546bace10de8efe9df7f61148d5a59

SHA512
27c4d3164ad6f9cff55fa67e30943a96495532f375e0a330600adefd8f4489d890375925f234b3222c9dafa3789d83362771f9cb0409ec360eb127433ca23f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1aa00cb08b5f7fd4d90bbb4c7358ee3b

SHA1
6f61736e608385f6d6da5565501258a0304bd795

SHA256
1f63a744d97e9d2cff98b33bf6fdc538b32c31d3dde050b24f84be83eff33058

SHA512
cfc720fb393f33943a270dd79412e10351951ca65907d6b988c5a35566a4981656b88396d00cdbf8d7eae5571dd4486e6ef2439fb02c8b19e2f21c8c19e83dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83ecad3cea9e02e34fc0ad99df20ba52

SHA1
49f8e37b9644454b953971d292ed3ce93fe3e190

SHA256
2267dfb785a905b7976796fb1978334a70887a21c46af2353b44e43f4a30f577

SHA512
b7d58da94dadf4f5ab36f169d8d602b8e4ef83203ae87b012a1ec915b88f6a044f8c2332a60fb3156bea21640dfd6ff11574148ae9196c9063b71bf42e3d9d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
facf42465de05fb34aadbebe2976ebe4

SHA1
4fafc48c21b4c7c2ccd66ab663d8ae3e41d11d39

SHA256
0c6d25abe2c34b8b36fae49805fe1fce5fbe47fc05f2ad558398f3347519d3be

SHA512
29f2114da176259ae70378db19e1636f36504224e714d6310229170ab980f183906d8532e6e6ee962b3c57a1946479a99da01f075b9b53a0138ee69506e3ddee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
088a1e09c0222ac0e7765043908fe180

SHA1
8afeaa57162d437071dabb47b1f3be7781cf21a6

SHA256
3e453d4e9869b2a0b591a5f603e155f32ff5d4c224c1d4a33aaa64e85311af58

SHA512
a2f416a65f499a4ba78f693186c42f0e395209689135d7c5b533dc50b8d3feb5f1a28b440aa320cea30451d69f42040ddbf41b5e65ff7e00775dff7d0410f4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af8a3d5ab0bdd428d204cbb462820e4f

SHA1
1b14c61bce564fb29ff7a3627602ecefec448e79

SHA256
d51dc3603eb2e22a5e29eddbbfd5ebf8f985998c6705c9d18b7f41d1f087e0da

SHA512
9aa3bcfee32a2e3b7954cb3edbc603b370ec6c35594f352884f97da9cb88ddceaf6275a6a1b5c601ec7d64e8f387a1f97627dc1358664921bf488e8e78f4117e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
7dd1c09774df5533075df42c591ee22b

SHA1
fc9ec530aa685168668f0520726649bbab992a45

SHA256
deaac2d61d377fdf325584c52cb4fbde4443f0729b670c10c003f0881a1e9e8c

SHA512
51c804aa6772dca8106aa1f3f6f38fcf51804776b4bb8128666c93419736d1c83fb4583436ac36a11d256f0626494e4611d975e2b9bab52ce0d47efbdef09467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
9109af15a6a761d72a6fec031f15c683

SHA1
e4ab1e7bad3b81093eb859cf33b4c47783f61242

SHA256
a9eea150ebbba4fa8e24cf8b1b48decb4dbbb736bfc580f16087913e1cf7a8ef

SHA512
a1e390b73ca1e13b7c31983a9b592b510e8befb5be5b75a523e0df4eee778b08eca61c299e96afacfb41ed09dcd0e9eb91864ffbbe9ea008c67ed934481ab2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
8616fd2b8ce8e1669dfe07aab9711e17

SHA1
a7047e8a67b18e57148b0de64884642a5e2a5917

SHA256
448dd6384898a31eb0bdaf6a459b2a918962979e34853d00e83aa165ff4b8369

SHA512
932004eb5ada559ee319c9139bf141a88201dcbf0ea2062141d161f3470f7da992ed37fab1e47b2c020ac56d0a94e507c7becc20053dacde6ef6bbcc62bf6fb3

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\.unverified\doc_JustForMe

Filesize
5.5MB

MD5
d81b5f1043ece3954de5a7c9d7f930f8

SHA1
9d57a77752e2b54bb6947d92f33c97e37e251008

SHA256
190e5bdd4c77c164106728ba1818e5dee4da832ef40884c39deb73fcf3c63a32

SHA512
33134875864013c87b7a80338560b1e845c85064a947df0dffe09c5814fe02ad2009885ce0017f7cd0a1b1725b8b6860e8fbd2b2a30b4659b58652114c5478fc

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\.unverified\lib_JustForMe

Filesize
7.3MB

MD5
43f337178c43edf715fbdf2e959e15d0

SHA1
b353117b01441b63fa40fb65ca07f30d501ef2b6

SHA256
4ff22c3f02870389ff042b3014847e8ed2dd49306bb61437967066fd524446d8

SHA512
994def9f953d8e33073c04ffb6d5b0e5eac38c7430616823d8cbccdd76f38aad2bd56784526d6bf6385cc385947591b207f095840535e5a477186e0732b9e755

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\.unverified\tcltk_JustForMe

Filesize
3.4MB

MD5
e6d634b254c818bc36e0359538cb7ace

SHA1
02ec6b1121223b455b4672f850ca752ec7371c5a

SHA256
6a6200c6a8441d667d25c52750b0b7a3e48367c3b6343ed1e0d3edd5e43f8539

SHA512
1350dbfbdb2038ae22213cf643904f01150f3b89f226f20fdb72055e03766386464920086ce447c250f13a3a494aeb340626553b5acabedc1c63740c88d53859

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}v3.12.4150.0\core.msi

Filesize
1.9MB

MD5
922be790a111acce21e21dddb2b346a0

SHA1
44abc66e873d291d2123fcd54a98471267369ab9

SHA256
9e6da1e5d4cfcef4b6c463c2606473cd2a7b1cb3fb428857b39639c73e73ae4a

SHA512
36f9403beb2566e048aab3091052d52ac058c2152998ddb28de35b3ac0fd760c8027fbec0ad060d1f872fb79e1782ff35e4debc77e6268b4bffb6b9b8eedadea

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}v3.12.4150.0\exe.msi

Filesize
720KB

MD5
74caed2618cab1c21fdd9746d688cb2a

SHA1
fa64f4fb6b82431171b0e725d9fab082f75c13e4

SHA256
a2a3db80d4c8d1ee9c52a3620df099ffb5e56eadbba010ac71d94588773e92f4

SHA512
d806199e2a5d852695c321ed56a79da6e583e8a877c41a9ef29ca9a76513fa388cc2058e539bc91b701e4de6191871c97fba8689ced14d6013180a3b5dae7b6a

Download Submit
C:\Users\Admin\AppData\Local\Package Cache\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}v3.12.4150.0\dev.msi

Filesize
384KB

MD5
229230103408fb024f3b0202aa03b89d

SHA1
ac1c74602d0266c354b8aa9d5f80212f169a4e77

SHA256
99d874c055615ac8c7012ccaf4b6e12a6b469ddee1d3422d20fccb2041877fd7

SHA512
0c11122e94c363b97362eb331d1ef166e37ff55beee90c3bfb9f41cd70c9967ce0099d6d1d5020f5439dd13a71545abb94ccab4148dbd499ecafb191367d416b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240726154155_000_core_JustForMe.log

Filesize
3KB

MD5
91cd5d9e7b3dd95b838417339e80dd8d

SHA1
060518ab560566d946e3ea2f3b5bf9fe59533c20

SHA256
9ed8947360497ec42de82ac0881f3bbbc8378a7a78beadfe85c9ae2f129aa5c9

SHA512
7a897ba91c86f16c5bfa1e27c31be9cdbfe93825dd53be1bfc47e30838f2c21ad79d06dbea80f604bb69e96c87dc726a3f77601d68e92167eb8a79cefda055a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240726154155_001_exe_JustForMe.log

Filesize
1KB

MD5
b5627a64897eeaf533b9580780a329cc

SHA1
e4a19884d8449cc513300e11dc8cc91cd368a943

SHA256
c9474ef185ef8fa301a765144d17c17dd8c7267a5c7ee7a31b7f4b92efa535b6

SHA512
6b2be6a23648af7fe4d2100b6eb4abeee9848e9222dc4b2c7ab14b4c604cd77f0db1d38b0341f41c540c8fb2750c678a9d9ad4c1337964070392202a88aa80db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240726154155_002_dev_JustForMe.log

Filesize
3KB

MD5
5109d70c777828f2bfcda00923672613

SHA1
5af0273a6f800fe93d86add28aa2e3373bb06269

SHA256
625988c0e88d3b80a4a2f78165c072be43ce9b070a0895bac553b1cfaf35f274

SHA512
6668cb70cca9117a4ced754c8eafa91c2e6afcca4977c67717db9846a41d48f0c1b2d8d5aa7977eae72dffdb4e8dede379b7db11771276fa3acbb44283641e3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\Downloads\Blank-Grabber-main.zip.crdownload

Filesize
1.2MB

MD5
cf1622e33a46b0a9b7f88d0f031d679c

SHA1
6af28cb842e880d2121cc6f1ea9176c07d852bef

SHA256
1072efad667d604f609fd850a13e54507e23b5ad33b836436267144a4cbd28e2

SHA512
d5768cab8a7c44f569dd9abbade6eb0a4cdce530e62e3b59ae19ddc7cab6782f2015c0b231568c9945c9fcb9e28ac8f7c4488d390416173c30a292f3e8b6dc57

Download Submit
C:\Users\Admin\Downloads\python-3.12.4-amd64.exe

Filesize
25.5MB

MD5
f3df1be26cc7cbd8252ab5632b62d740

SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4

SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258

SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89

Download Submit
C:\Windows\Installer\MSIB7F6.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIB8C3.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIC150.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
C:\Windows\Temp\{698AFA24-CA40-4AC5-8869-37EED1D72EF0}\.ba\PythonBA.dll

Filesize
675KB

MD5
e58bf4439057b22e6db8735be19d61ad

SHA1
415e148ecf78754a72de761d88825366aaf7afa1

SHA256
e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058

SHA512
8d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c

Download Submit
C:\Windows\Temp\{698AFA24-CA40-4AC5-8869-37EED1D72EF0}\.ba\SideBar.png

Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
C:\Windows\Temp\{698AFA24-CA40-4AC5-8869-37EED1D72EF0}\launcher_AllUsers

Filesize
540KB

MD5
9321731c44fb531cdceaefe14fd13489

SHA1
ddfd199d4cbef87439dab4add0ef4980fa272b77

SHA256
434f0b25b56b853c26bc04e365aa2eec3563a2d1e83a39b471c18a8cc2ddf5e3

SHA512
188712f7f6be4f2f6e381cebcec90e789a3207751bdf1e448ddbde4c77c0bf92a5c4f3556ed9d0dffe99964377aab54004e0176d8cfb7cf30afb526245a7ea61

Download Submit
C:\Windows\Temp\{698AFA24-CA40-4AC5-8869-37EED1D72EF0}\pip_JustForMe

Filesize
268KB

MD5
79d86625b64b0fcfc62e65612f1d8f48

SHA1
8980df9ee6574cc2e9e2290d015a42023b8279ea

SHA256
0c79f5d2c62a344f0b7ea382d30912addff3fec3a6c8f905dbdc7de6e305d557

SHA512
2bcd9d3f8ac3139c946ca182b5697ab88926378e613140ec17d1e2c641fe6708acd3246376047a069282260aeae70fb22f0bee077e0799940ff9cc0fd31ba9ae

Download Submit
C:\Windows\Temp\{9C06DB8E-1242-4F9C-BB10-2A0845240D84}\.cr\python-3.12.4-amd64.exe

Filesize
858KB

MD5
504fdaeaa19b2055ffc58d23f830e104

SHA1
7071c8189d1ecd09173111f9787888723040433f

SHA256
8f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb

SHA512
01aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366

Download Submit
memory/936-2800-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2799-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2796-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2798-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2801-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2792-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2791-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2797-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2790-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/936-2802-0x000001E49F790000-0x000001E49F791000-memory.dmp

Filesize
4KB

Download
memory/3956-2787-0x0000000074F80000-0x0000000075730000-memory.dmp

Filesize
7.7MB

Download
memory/3956-0-0x0000000074F8E000-0x0000000074F8F000-memory.dmp

Filesize
4KB

Download
memory/3956-3-0x0000000005B00000-0x0000000005B22000-memory.dmp

Filesize
136KB

Download
memory/3956-2335-0x0000000074F8E000-0x0000000074F8F000-memory.dmp

Filesize
4KB

Download
memory/3956-2-0x0000000074F80000-0x0000000075730000-memory.dmp

Filesize
7.7MB

Download
memory/3956-2385-0x00000000061A0000-0x00000000061B2000-memory.dmp

Filesize
72KB

Download
memory/3956-2383-0x0000000074F80000-0x0000000075730000-memory.dmp

Filesize
7.7MB

Download
memory/3956-1-0x00000000006A0000-0x000000000076C000-memory.dmp

Filesize
816KB

Download
memory/3956-4-0x0000000005B30000-0x0000000005E84000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2382-0x0000000006170000-0x000000000617A000-memory.dmp

Filesize
40KB

Download