Overview

overview

10

Static

static

3

Boostrapper.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Boostrapper.exe

  • Size

    1.2MB

  • MD5

    1351aa2b7bbc96e89da5683d53305f51

  • SHA1

    c1ba302af00ec54619d17ffd373b069d75b35d74

  • SHA256

    349e03ccb01461aa82845cc2f270d859ea725c401b62ebbc89aed6a74ca53a44

  • SHA512

    215fd0ac35746e297c4cfa5d73d1e8c50fe9b5e275bcda790015f884383a661a6013f0044b90a8da72d69472834a57f40d2f635be4f0357f0f30bed2fdaf522d

  • SSDEEP

    24576:iKmosICsrEkSfhBuZ0vIelIX5tH0vF9tK576eTSlCjxlz5Pcq3x1:KLICsdeh5lU3yFvK576eTSlCj75Uqh

Score
10/10
stormkittywannacryxwormdefense_evasiondiscoveryexecutionimpactpersistenceprivilege_escalationransomwareratspywarestealertrojanworm

Malware Config

Extracted

Family

xworm

C2

side-sean.gl.at.ply.gg:37533

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    msedge.exe

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

  • Detect Xworm Payload 2 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 4 IoCs
  • Executes dropped EXE 14 IoCs
  • Loads dropped DLL 20 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unexpected DNS network traffic destination 12 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation 1 TTPs

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 23 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 1 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 30 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGYAZQB3ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGIAaAB3ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHQAbQBwACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGkAdgBqACMAPgA="
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3076
    • C:\Windows\Bootstrapper.exe
      "C:\Windows\Bootstrapper.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3120
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd" /c ipconfig /all
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:448
        • C:\Windows\system32\ipconfig.exe
          ipconfig /all
          4⤵
          • Gathers network information
          PID:2424
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:616
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:816
      • C:\Windows\System32\msiexec.exe
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:232
      • C:\ProgramData\Solara\Solara.exe
        "C:\ProgramData\Solara\Solara.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4696
    • C:\Windows\msedge.exe
      "C:\Windows\msedge.exe"
      2⤵
      • Checks computer location settings
      • Drops startup file
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1432
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\msedge.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1752
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'msedge.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4780
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\msedge.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4468
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'msedge.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3808
      • C:\Windows\System32\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "msedge" /tr "C:\ProgramData\msedge.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1168
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2772
        • C:\Windows\system32\netsh.exe
          netsh wlan show profiles
          4⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:4100
      • C:\Users\Admin\AppData\Local\Temp\wscuqa.EXE
        "C:\Users\Admin\AppData\Local\Temp\wscuqa.EXE"
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • Sets desktop wallpaper using registry
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3208
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h .
          4⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:4456
        • C:\Windows\SysWOW64\icacls.exe
          icacls . /grant Everyone:F /T /C /Q
          4⤵
          • Modifies file permissions
          • System Location Discovery: System Language Discovery
          PID:4972
        • C:\Users\Admin\AppData\Local\Temp\taskdl.exe
          taskdl.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1624
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 272891734762201.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3276
          • C:\Windows\SysWOW64\cscript.exe
            cscript.exe //nologo m.vbs
            5⤵
            • System Location Discovery: System Language Discovery
            PID:448
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h +s F:\$RECYCLE
          4⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2684
        • C:\Users\Admin\AppData\Local\Temp\@[email protected]
          @[email protected] co
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:1660
          • C:\Users\Admin\AppData\Local\Temp\TaskData\Tor\taskhsvc.exe
            TaskData\Tor\taskhsvc.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:4916
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /c start /b @[email protected] vs
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3712
          • C:\Users\Admin\AppData\Local\Temp\@[email protected]
            @[email protected] vs
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2660
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
              6⤵
              • System Location Discovery: System Language Discovery
              PID:3048
              • C:\Windows\SysWOW64\Wbem\WMIC.exe
                wmic shadowcopy delete
                7⤵
                • System Location Discovery: System Language Discovery
                PID:2308
        • C:\Users\Admin\AppData\Local\Temp\taskdl.exe
          taskdl.exe
          4⤵
          • Executes dropped EXE
          PID:208
        • C:\Users\Admin\AppData\Local\Temp\taskse.exe
          taskse.exe C:\Users\Admin\AppData\Local\Temp\@[email protected]
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4348
        • C:\Users\Admin\AppData\Local\Temp\@[email protected]
          @[email protected]
          4⤵
          • Executes dropped EXE
          • Sets desktop wallpaper using registry
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:1444
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hfvxcanlgffmil166" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\tasksche.exe\"" /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4812
          • C:\Windows\SysWOW64\reg.exe
            reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hfvxcanlgffmil166" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\tasksche.exe\"" /f
            5⤵
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Modifies registry key
            PID:3632
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 04F3A03A06D177AA3D668AFB210C3E8B
      2⤵
      • Loads dropped DLL
      PID:2348
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 56811790301F83BF725A153897BDE70F
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3136
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 0D4327F78C3775A9E1AB9A90003FE2FE E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3800
      • C:\Windows\SysWOW64\wevtutil.exe
        "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:460
        • C:\Windows\System32\wevtutil.exe
          "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
          4⤵
            PID:1920
    • C:\ProgramData\msedge.exe
      C:\ProgramData\msedge.exe
      1⤵
      • Executes dropped EXE
      PID:1160
    • C:\ProgramData\msedge.exe
      C:\ProgramData\msedge.exe
      1⤵
      • Executes dropped EXE
      PID:3780
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:3704
      • C:\ProgramData\msedge.exe
        C:\ProgramData\msedge.exe
        1⤵
        • Executes dropped EXE
        PID:4068

      Network

      MITRE ATT&CK Enterprise v15

      Reconnaissance

      Resource Development

      Initial Access

      Execution

      Command and Scripting Interpreter

      2
      T1059

      PowerShell

      1
      T1059.001

      Scheduled Task/Job

      1
      T1053

      Scheduled Task

      1
      T1053.005

      Windows Management Instrumentation

      1
      T1047

      Persistence

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Event Triggered Execution

      1
      T1546

      Netsh Helper DLL

      1
      T1546.007

      Scheduled Task/Job

      1
      T1053

      Scheduled Task

      1
      T1053.005

      Privilege Escalation

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Event Triggered Execution

      1
      T1546

      Netsh Helper DLL

      1
      T1546.007

      Scheduled Task/Job

      1
      T1053

      Scheduled Task

      1
      T1053.005

      Defense Evasion

      File and Directory Permissions Modification

      2
      T1222

      Windows File and Directory Permissions Modification

      1
      T1222.001

      Hide Artifacts

      1
      T1564

      Hidden Files and Directories

      1
      T1564.001

      Indicator Removal

      1
      T1070

      File Deletion

      1
      T1070.004

      Modify Registry

      3
      T1112

      Obfuscated Files or Information

      1
      T1027

      Command Obfuscation

      1
      T1027.010

      Credential Access

      Credentials from Password Stores

      1
      T1555

      Credentials from Web Browsers

      1
      T1555.003

      Unsecured Credentials

      1
      T1552

      Credentials In Files

      1
      T1552.001

      Discovery

      Browser Information Discovery

      1
      T1217

      Peripheral Device Discovery

      1
      T1120

      Query Registry

      3
      T1012

      System Information Discovery

      4
      T1082

      System Location Discovery

      1
      T1614

      System Language Discovery

      1
      T1614.001

      System Network Configuration Discovery

      1
      T1016

      Wi-Fi Discovery

      1
      T1016.002

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Command and Control

      Web Service

      1
      T1102

      Exfiltration

      Impact

      Defacement

      1
      T1491

      Inhibit System Recovery

      1
      T1490

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Config.Msi\e57e4d5.rbs
        Filesize

        1.0MB

        MD5

        5efbcbf1f1057036b05a3089419a9673

        SHA1

        9106c6cc239ededae1c4174c5d2f5916d19de895

        SHA256

        900ef48b6d0e80e75eb5615ff8364f4e25aa258f7a5c1d84dcbfc3d25f25c4f9

        SHA512

        6560dc7b6adba17a641b713912621c386e835fb4d592f43a6c7021c430b79c3efe12e8e916fdcd8a835de9ae1eec914f9463f188e92ec8c4dc85d4e84b5a91d2

        Download Submit

      • C:\Program Files\nodejs\node_etw_provider.man
        Filesize

        10KB

        MD5

        1d51e18a7247f47245b0751f16119498

        SHA1

        78f5d95dd07c0fcee43c6d4feab12d802d194d95

        SHA256

        1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

        SHA512

        1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

        Download Submit

      • C:\Program Files\nodejs\node_etw_provider.man
        Filesize

        8KB

        MD5

        d3bc164e23e694c644e0b1ce3e3f9910

        SHA1

        1849f8b1326111b5d4d93febc2bafb3856e601bb

        SHA256

        1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

        SHA512

        91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
        Filesize

        818B

        MD5

        2916d8b51a5cc0a350d64389bc07aef6

        SHA1

        c9d5ac416c1dd7945651bee712dbed4d158d09e1

        SHA256

        733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

        SHA512

        508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
        Filesize

        1KB

        MD5

        5ad87d95c13094fa67f25442ff521efd

        SHA1

        01f1438a98e1b796e05a74131e6bb9d66c9e8542

        SHA256

        67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

        SHA512

        7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
        Filesize

        754B

        MD5

        d2cf52aa43e18fdc87562d4c1303f46a

        SHA1

        58fb4a65fffb438630351e7cafd322579817e5e1

        SHA256

        45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

        SHA512

        54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
        Filesize

        771B

        MD5

        e9dc66f98e5f7ff720bf603fff36ebc5

        SHA1

        f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

        SHA256

        b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

        SHA512

        8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
        Filesize

        730B

        MD5

        072ac9ab0c4667f8f876becedfe10ee0

        SHA1

        0227492dcdc7fb8de1d14f9d3421c333230cf8fe

        SHA256

        2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

        SHA512

        f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
        Filesize

        1KB

        MD5

        d116a360376e31950428ed26eae9ffd4

        SHA1

        192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

        SHA256

        c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

        SHA512

        5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
        Filesize

        802B

        MD5

        d7c8fab641cd22d2cd30d2999cc77040

        SHA1

        d293601583b1454ad5415260e4378217d569538e

        SHA256

        04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

        SHA512

        278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
        Filesize

        16KB

        MD5

        bc0c0eeede037aa152345ab1f9774e92

        SHA1

        56e0f71900f0ef8294e46757ec14c0c11ed31d4e

        SHA256

        7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

        SHA512

        5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
        Filesize

        780B

        MD5

        b020de8f88eacc104c21d6e6cacc636d

        SHA1

        20b35e641e3a5ea25f012e13d69fab37e3d68d6b

        SHA256

        3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

        SHA512

        4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
        Filesize

        763B

        MD5

        7428aa9f83c500c4a434f8848ee23851

        SHA1

        166b3e1c1b7d7cb7b070108876492529f546219f

        SHA256

        1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

        SHA512

        c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
        Filesize

        4KB

        MD5

        f0bd53316e08991d94586331f9c11d97

        SHA1

        f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

        SHA256

        dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

        SHA512

        fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

        Download Submit

      • C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
        Filesize

        771B

        MD5

        1d7c74bcd1904d125f6aff37749dc069

        SHA1

        21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

        SHA256

        24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

        SHA512

        b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

        Download Submit

      • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
        Filesize

        1KB

        MD5

        46a6122321e9eeca93a027e34aa3a121

        SHA1

        45ad1937a3c2005473ea14d815d496abf22ae5e2

        SHA256

        dda8b8799bd8ae948ef6aaf03d83c77984b451cac1f9bce15c10eba65f69542a

        SHA512

        f4988b2d425af070d47850ec9808b2de7c932c8a3e25c6968207644f68c2e675456a8f318b81ecbcaad50b4449d1316df0fab14955d66b6a97b7f229c8727beb

        Download Submit

      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
        Filesize

        168B

        MD5

        db7dbbc86e432573e54dedbcc02cb4a1

        SHA1

        cff9cfb98cff2d86b35dc680b405e8036bbbda47

        SHA256

        7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

        SHA512

        8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

        Download Submit

      • C:\ProgramData\Solara\Newtonsoft.Json.dll
        Filesize

        695KB

        MD5

        195ffb7167db3219b217c4fd439eedd6

        SHA1

        1e76e6099570ede620b76ed47cf8d03a936d49f8

        SHA256

        e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

        SHA512

        56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

        Download Submit

      • C:\ProgramData\Solara\Solara.exe
        Filesize

        133KB

        MD5

        c6f770cbb24248537558c1f06f7ff855

        SHA1

        fdc2aaae292c32a58ea4d9974a31ece26628fdd7

        SHA256

        d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

        SHA512

        cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

        Download Submit

      • C:\ProgramData\Solara\Wpf.Ui.dll
        Filesize

        5.2MB

        MD5

        aead90ab96e2853f59be27c4ec1e4853

        SHA1

        43cdedde26488d3209e17efff9a51e1f944eb35f

        SHA256

        46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

        SHA512

        f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\msedge.exe.log
        Filesize

        654B

        MD5

        2ff39f6c7249774be85fd60a8f9a245e

        SHA1

        684ff36b31aedc1e587c8496c02722c6698c1c4e

        SHA256

        e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

        SHA512

        1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
        Filesize

        2KB

        MD5

        d85ba6ff808d9e5444a4b369f5bc2730

        SHA1

        31aa9d96590fff6981b315e0b391b575e4c0804a

        SHA256

        84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

        SHA512

        8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        944B

        MD5

        e2efbfd23e33d8d07d019bdd9ca20649

        SHA1

        68d3b285c423d311bdf8dc53354f5f4000caf386

        SHA256

        f4386e3a103dafd6e85bebc2ad649069d168b4da8a0ded51b3ec96fa1408a828

        SHA512

        b7a961002557ff2efb785f756c9347e250392eab3dcb5168c67e89238e85368a41d0a5bdc94bfbbc192ba427c83e982234b3cf8824b166a69973f3f9df177443

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        944B

        MD5

        dbb22d95851b93abf2afe8fb96a8e544

        SHA1

        920ec5fdb323537bcf78f7e29a4fc274e657f7a4

        SHA256

        e1ee9af6b9e3bfd41b7d2c980580bb7427883f1169ed3df4be11293ce7895465

        SHA512

        16031134458bf312509044a3028be46034c544163c4ca956aee74d2075fbeb5873754d2254dc1d0b573ce1a644336ac4c8bd7147aba100bfdac8c504900ef3fc

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        944B

        MD5

        77d622bb1a5b250869a3238b9bc1402b

        SHA1

        d47f4003c2554b9dfc4c16f22460b331886b191b

        SHA256

        f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

        SHA512

        d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\@[email protected]
        Filesize

        933B

        MD5

        7e6b6da7c61fcb66f3f30166871def5b

        SHA1

        00f699cf9bbc0308f6e101283eca15a7c566d4f9

        SHA256

        4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

        SHA512

        e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\@[email protected]
        Filesize

        240KB

        MD5

        7bf2b57f2a205768755c07f238fb32cc

        SHA1

        45356a9dd616ed7161a3b9192e2f318d0ab5ad10

        SHA256

        b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

        SHA512

        91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\DISCORD
        Filesize

        103B

        MD5

        b016dafca051f817c6ba098c096cb450

        SHA1

        4cc74827c4b2ed534613c7764e6121ceb041b459

        SHA256

        b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9

        SHA512

        d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TaskData\Tor\tor.exe
        Filesize

        3.0MB

        MD5

        fe7eb54691ad6e6af77f8a9a0b6de26d

        SHA1

        53912d33bec3375153b7e4e68b78d66dab62671a

        SHA256

        e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

        SHA512

        8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_saud2kyk.s32.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\b.wnry
        Filesize

        1.4MB

        MD5

        c17170262312f3be7027bc2ca825bf0c

        SHA1

        f19eceda82973239a1fdc5826bce7691e5dcb4fb

        SHA256

        d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

        SHA512

        c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\c.wnry
        Filesize

        780B

        MD5

        93f33b83f1f263e2419006d6026e7bc1

        SHA1

        1a4b36c56430a56af2e0ecabd754bf00067ce488

        SHA256

        ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

        SHA512

        45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_bulgarian.wnry
        Filesize

        46KB

        MD5

        95673b0f968c0f55b32204361940d184

        SHA1

        81e427d15a1a826b93e91c3d2fa65221c8ca9cff

        SHA256

        40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

        SHA512

        7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_chinese (simplified).wnry
        Filesize

        53KB

        MD5

        0252d45ca21c8e43c9742285c48e91ad

        SHA1

        5c14551d2736eef3a1c1970cc492206e531703c1

        SHA256

        845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

        SHA512

        1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_chinese (traditional).wnry
        Filesize

        77KB

        MD5

        2efc3690d67cd073a9406a25005f7cea

        SHA1

        52c07f98870eabace6ec370b7eb562751e8067e9

        SHA256

        5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

        SHA512

        0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_croatian.wnry
        Filesize

        38KB

        MD5

        17194003fa70ce477326ce2f6deeb270

        SHA1

        e325988f68d327743926ea317abb9882f347fa73

        SHA256

        3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

        SHA512

        dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_czech.wnry
        Filesize

        39KB

        MD5

        537efeecdfa94cc421e58fd82a58ba9e

        SHA1

        3609456e16bc16ba447979f3aa69221290ec17d0

        SHA256

        5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

        SHA512

        e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_danish.wnry
        Filesize

        36KB

        MD5

        2c5a3b81d5c4715b7bea01033367fcb5

        SHA1

        b548b45da8463e17199daafd34c23591f94e82cd

        SHA256

        a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

        SHA512

        490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_dutch.wnry
        Filesize

        36KB

        MD5

        7a8d499407c6a647c03c4471a67eaad7

        SHA1

        d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

        SHA256

        2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

        SHA512

        608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_english.wnry
        Filesize

        36KB

        MD5

        fe68c2dc0d2419b38f44d83f2fcf232e

        SHA1

        6c6e49949957215aa2f3dfb72207d249adf36283

        SHA256

        26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

        SHA512

        941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_filipino.wnry
        Filesize

        36KB

        MD5

        08b9e69b57e4c9b966664f8e1c27ab09

        SHA1

        2da1025bbbfb3cd308070765fc0893a48e5a85fa

        SHA256

        d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

        SHA512

        966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_finnish.wnry
        Filesize

        37KB

        MD5

        35c2f97eea8819b1caebd23fee732d8f

        SHA1

        e354d1cc43d6a39d9732adea5d3b0f57284255d2

        SHA256

        1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

        SHA512

        908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_french.wnry
        Filesize

        37KB

        MD5

        4e57113a6bf6b88fdd32782a4a381274

        SHA1

        0fccbc91f0f94453d91670c6794f71348711061d

        SHA256

        9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

        SHA512

        4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_german.wnry
        Filesize

        36KB

        MD5

        3d59bbb5553fe03a89f817819540f469

        SHA1

        26781d4b06ff704800b463d0f1fca3afd923a9fe

        SHA256

        2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

        SHA512

        95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_greek.wnry
        Filesize

        47KB

        MD5

        fb4e8718fea95bb7479727fde80cb424

        SHA1

        1088c7653cba385fe994e9ae34a6595898f20aeb

        SHA256

        e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

        SHA512

        24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_indonesian.wnry
        Filesize

        36KB

        MD5

        3788f91c694dfc48e12417ce93356b0f

        SHA1

        eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

        SHA256

        23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

        SHA512

        b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_italian.wnry
        Filesize

        36KB

        MD5

        30a200f78498990095b36f574b6e8690

        SHA1

        c4b1b3c087bd12b063e98bca464cd05f3f7b7882

        SHA256

        49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

        SHA512

        c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_japanese.wnry
        Filesize

        79KB

        MD5

        b77e1221f7ecd0b5d696cb66cda1609e

        SHA1

        51eb7a254a33d05edf188ded653005dc82de8a46

        SHA256

        7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

        SHA512

        f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\msg\m_korean.wnry
        Filesize

        89KB

        MD5

        6735cb43fe44832b061eeb3f5956b099

        SHA1

        d636daf64d524f81367ea92fdafa3726c909bee1

        SHA256

        552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

        SHA512

        60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
        Filesize

        30.1MB

        MD5

        0e4e9aa41d24221b29b19ba96c1a64d0

        SHA1

        231ade3d5a586c0eb4441c8dbfe9007dc26b2872

        SHA256

        5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

        SHA512

        e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\wscuqa.EXE
        Filesize

        3.4MB

        MD5

        84c82835a5d21bbcf75a61706d8ab549

        SHA1

        5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

        SHA256

        ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

        SHA512

        90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

        Download Submit

      • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
        Filesize

        11.8MB

        MD5

        3b67b012063af144fd5a95771bda9356

        SHA1

        afa3f3f1472d4b2f751f7cd5e87ce128723d8b9b

        SHA256

        d4a2912ce0f54aaf20ff6bd87446f30946e7b7322b51db25d285df9ebf1782f4

        SHA512

        6560a5d63e3296c10fa420a2c479329a3817f256ebce577572d6b0b9319939a073d238e29c5da6a367824d4e95751cba7915de1cff8825792d647d6bc1cb5f0b

        Download Submit

      • C:\Windows\Bootstrapper.exe
        Filesize

        800KB

        MD5

        02c70d9d6696950c198db93b7f6a835e

        SHA1

        30231a467a49cc37768eea0f55f4bea1cbfb48e2

        SHA256

        8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

        SHA512

        431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

        Download Submit

      • C:\Windows\Installer\MSIE8F8.tmp
        Filesize

        122KB

        MD5

        9fe9b0ecaea0324ad99036a91db03ebb

        SHA1

        144068c64ec06fc08eadfcca0a014a44b95bb908

        SHA256

        e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

        SHA512

        906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

        Download Submit

      • C:\Windows\Installer\MSIE949.tmp
        Filesize

        211KB

        MD5

        a3ae5d86ecf38db9427359ea37a5f646

        SHA1

        eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

        SHA256

        c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

        SHA512

        96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

        Download Submit

      • C:\Windows\Installer\MSIEFD2.tmp
        Filesize

        297KB

        MD5

        7a86ce1a899262dd3c1df656bff3fb2c

        SHA1

        33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

        SHA256

        b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

        SHA512

        421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

        Download Submit

      • C:\Windows\msedge.exe
        Filesize

        207KB

        MD5

        2ca60c1e5d896a123f818a85f30a160f

        SHA1

        21f258de682857ef9a2d8168a3ca6b7732be922a

        SHA256

        a90eede81c36980a6eeec17e6b26a62199a1ea4ebed59682b6f9ca6ae26f1475

        SHA512

        2540ec525d3d00455268b7cad3926a7e58070121510e77583f9ea34ebb5d4b5ade4536935d1e83300fee517b1273197e7f0186fa37d51914954b22f2ab22fd06

        Download Submit

      • memory/1432-22-0x0000000000030000-0x0000000000068000-memory.dmp

        Filesize

        224KB

        Download

      • memory/1432-2931-0x00000000021E0000-0x00000000021EC000-memory.dmp

        Filesize

        48KB

        Download

      • memory/1432-2975-0x000000001CC70000-0x000000001CFC0000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/1432-2973-0x000000001E600000-0x000000001EB28000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/1432-62-0x00000000021F0000-0x0000000002200000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1432-2972-0x000000001D1B0000-0x000000001D260000-memory.dmp

        Filesize

        704KB

        Download

      • memory/1432-21-0x00007FFFF3393000-0x00007FFFF3395000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1432-2971-0x000000001BC00000-0x000000001BC0E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1432-2932-0x000000001CB50000-0x000000001CC70000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/1432-125-0x00000000021F0000-0x0000000002200000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1752-74-0x0000023738520000-0x0000023738542000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3076-67-0x0000000007D50000-0x0000000007D6A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3076-30-0x00000000746D0000-0x0000000074E80000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3076-68-0x0000000007D30000-0x0000000007D38000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3076-25-0x00000000030F0000-0x0000000003126000-memory.dmp

        Filesize

        216KB

        Download

      • memory/3076-28-0x00000000746DE000-0x00000000746DF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3076-27-0x0000000003180000-0x0000000003190000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3076-29-0x00000000059C0000-0x0000000005FE8000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/3076-81-0x00000000746D0000-0x0000000074E80000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3076-66-0x0000000007C60000-0x0000000007C74000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3076-65-0x0000000007C50000-0x0000000007C5E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/3076-64-0x0000000007C10000-0x0000000007C21000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3076-63-0x0000000007C90000-0x0000000007D26000-memory.dmp

        Filesize

        600KB

        Download

      • memory/3076-61-0x0000000007A90000-0x0000000007A9A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3076-60-0x0000000007800000-0x000000000781A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3076-59-0x00000000080E0000-0x000000000875A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/3076-58-0x00000000076D0000-0x0000000007773000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3076-57-0x0000000006CB0000-0x0000000006CCE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/3076-46-0x0000000006CD0000-0x0000000006D02000-memory.dmp

        Filesize

        200KB

        Download

      • memory/3076-47-0x00000000704F0000-0x000000007053C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3076-45-0x0000000006720000-0x000000000676C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3076-44-0x00000000066E0000-0x00000000066FE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/3076-43-0x0000000006340000-0x0000000006694000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/3076-33-0x0000000006060000-0x00000000060C6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3076-32-0x0000000005FF0000-0x0000000006056000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3076-31-0x0000000005820000-0x0000000005842000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3120-119-0x00007FFFF3390000-0x00007FFFF3E51000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3120-26-0x00007FFFF3390000-0x00007FFFF3E51000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3120-2505-0x000002CDE5B30000-0x000002CDE5B3A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3120-2507-0x000002CDFF910000-0x000002CDFF922000-memory.dmp

        Filesize

        72KB

        Download

      • memory/3120-2930-0x00007FFFF3390000-0x00007FFFF3E51000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3120-24-0x000002CDE3B90000-0x000002CDE3C5E000-memory.dmp

        Filesize

        824KB

        Download

      • memory/3208-3029-0x0000000010000000-0x0000000010010000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4696-2929-0x000001BFCD710000-0x000001BFCD7C2000-memory.dmp

        Filesize

        712KB

        Download

      • memory/4696-2927-0x000001BFCD650000-0x000001BFCD70A000-memory.dmp

        Filesize

        744KB

        Download

      • memory/4696-2925-0x000001BFCD9A0000-0x000001BFCDEDC000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/4696-2923-0x000001BFB2E80000-0x000001BFB2EA4000-memory.dmp

        Filesize

        144KB

        Download

      • memory/4916-4963-0x0000000073950000-0x0000000073972000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4916-4989-0x0000000073730000-0x000000007394C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4916-4962-0x00000000736A0000-0x0000000073722000-memory.dmp

        Filesize

        520KB

        Download

      • memory/4916-4961-0x0000000073730000-0x000000007394C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4916-4960-0x0000000073980000-0x0000000073A02000-memory.dmp

        Filesize

        520KB

        Download

      • memory/4916-4987-0x00000000736A0000-0x0000000073722000-memory.dmp

        Filesize

        520KB

        Download

      • memory/4916-4990-0x0000000073620000-0x0000000073697000-memory.dmp

        Filesize

        476KB

        Download

      • memory/4916-4964-0x0000000000570000-0x000000000086E000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/4916-4988-0x0000000073950000-0x0000000073972000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4916-4984-0x0000000000570000-0x000000000086E000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/4916-4986-0x0000000073980000-0x0000000073A02000-memory.dmp

        Filesize

        520KB

        Download

      • memory/4916-4985-0x0000000073A10000-0x0000000073A2C000-memory.dmp

        Filesize

        112KB

        Download

      • memory/4916-5000-0x0000000000570000-0x000000000086E000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/4916-5007-0x0000000000570000-0x000000000086E000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/4916-5018-0x0000000000570000-0x000000000086E000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/4916-5023-0x0000000073730000-0x000000007394C000-memory.dmp

        Filesize

        2.1MB

        Download