hxxp://drive[.]google[.]com/file/d/1YLODOy9HwJKK2mKBxc_MHjNApnU9R2nU/view?usp=drivesdk

Analysis

max time kernel
197s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com/file/d/1YLODOy9HwJKK2mKBxc_MHjNApnU9R2nU/view?usp=drivesdk

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	node.exe

Executes dropped EXE 5 IoCs

pid	Process
960	node.exe
948	node.exe
4072	node.exe
3604	node.exe
4108	node.exe

Loads dropped DLL 7 IoCs

pid	Process
3956	MsiExec.exe
3956	MsiExec.exe
5032	MsiExec.exe
5032	MsiExec.exe
5032	MsiExec.exe
3728	MsiExec.exe
4540	MsiExec.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
116	3936	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
11	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\clean-stack\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\example\small-qrcode.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\esm\platform.d.ts.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\mkdir.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\node_modules\ssri\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\tar\dist\commonjs\make-command.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\commonjs\fs.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sprintf-js\CONTRIBUTORS.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\node_modules\cacache\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\start.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\commonjs\fs.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\commonjs\opt-arg.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\debug.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\reify.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cross-spawn\lib\enoent.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\esm\rimraf-windows.d.ts.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\gt.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-profile.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\node_modules\cacache\lib\rm.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\mkdirp\dist\cjs\src\bin.d.ts.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ci-info\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-fetch\node_modules\minizlib\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\esm\default-tmp.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\esm\opt-arg.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\node_modules\@npmcli\agent\lib\dns.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-explore.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\emoji-regex\es2015\text.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\esm\rimraf-move-remove.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\update.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\adduser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\node_modules\make-fetch-happen\lib\cache\key.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-regex\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\diff.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-view.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\foreground-child\dist\esm\proxy-signals.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\bin\npm-prefix.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\node_modules\@npmcli\fs\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\tar\dist\esm\parse.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\id.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\link.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\docs\UserDocumentation.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-name\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\core\dist\asn1\obj.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\commonjs\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\node_modules\make-fetch-happen\lib\remote.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\is.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\esm\walker.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\xcode_emulation.py	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\remote.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\core\dist\x509\sct.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\commonjs\opt-arg.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\dist\commonjs\rimraf-manual.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\mkdirp\dist\cjs\src\use-native.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\installed-deep.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-pack.1	msiexec.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{780AD60E-7FB7-4A4D-9EEC-9C3E72148B95}	msiexec.exe
File created	C:\Windows\Installer\{780AD60E-7FB7-4A4D-9EEC-9C3E72148B95}\NodeIcon	msiexec.exe
File created	C:\Windows\Installer\e587d88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e587d88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{780AD60E-7FB7-4A4D-9EEC-9C3E72148B95}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9C9B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE781.tmp	msiexec.exe
File created	C:\Windows\Installer\e587d8a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEE38.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9100.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC15A.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9140.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3872	hlnb.exe
436	cmd.exe
4456	njsbcs.exe
3096	cmd.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000041ba55ff39bb976e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000041ba55ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090041ba55ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d41ba55ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000041ba55ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
4984	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803238932879905"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 31 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\Version = "369885184"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\xmlnsrc\\realxmln3.0.0\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\DocumentationShortcuts	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\ProductName = "Node.js"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\PackageCode = "0120A6FC5971D8146A4C60F9F9CC1DB7"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\NodeRuntime	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\npm	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\EnvironmentPath	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\ProductIcon = "C:\\Windows\\Installer\\{780AD60E-7FB7-4A4D-9EEC-9C3E72148B95}\\NodeIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\xmlnsrc\\realxmln3.0.0\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList\PackageName = "nodejs.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\E06DA0877BF7D4A4E9CEC9E32741B859	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E06DA0877BF7D4A4E9CEC9E32741B859\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E06DA0877BF7D4A4E9CEC9E32741B859\DeploymentFlags = "3"	msiexec.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4864	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
4420	msiexec.exe
4420	msiexec.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
3216	powershell.exe
3216	powershell.exe
3216	powershell.exe
4076	powershell.exe
4076	powershell.exe
4076	powershell.exe
4076	powershell.exe
4076	powershell.exe
3128	powershell.exe
3128	powershell.exe
3128	powershell.exe
3128	powershell.exe
3128	powershell.exe
2252	powershell.exe
2252	powershell.exe
2252	powershell.exe
2832	powershell.exe
2832	powershell.exe
2832	powershell.exe
2832	powershell.exe
2832	powershell.exe
3896	powershell.exe
3896	powershell.exe
3896	powershell.exe
3896	powershell.exe
3896	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
3936	msiexec.exe
3936	msiexec.exe
3936	msiexec.exe
776	xameleon-gui.exe
3440	xameleon-gui.exe
4492	xameleon-gui.exe
396	xameleon-gui.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 3972	1056	chrome.exe	82
PID 1056 wrote to memory of 3972	1056	chrome.exe	82
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4236	1056	chrome.exe	83
PID 1056 wrote to memory of 4160	1056	chrome.exe	84
PID 1056 wrote to memory of 4160	1056	chrome.exe	84
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85
PID 1056 wrote to memory of 4044	1056	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://drive.google.com/file/d/1YLODOy9HwJKK2mKBxc_MHjNApnU9R2nU/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffcf632cc40,0x7ffcf632cc4c,0x7ffcf632cc58
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1980,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3424,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4784,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5128,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5396,i,14961139953048485915,10803751415671317672,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\nodejs.bat" "
1⤵
- Checks computer location settings
- Modifies registry class
PID:3652
- C:\Windows\system32\timeout.exe
  timeout 3
  2⤵
  - Delays execution with timeout.exe
  PID:4984
- C:\Windows\system32\curl.exe
  curl -o nodejs.msi https://nodejs.org/dist/v22.12.0/node-v22.12.0-x64.msi
  2⤵
  PID:3932
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\nodejs.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:3936

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4420
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding BA6E44D9667C212FC111472CAC40D866 C
  2⤵
  - Loads dropped DLL
  PID:3956
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3580
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 71A9BEC6799015D5EBA4DD1BB3A2396B
  2⤵
  - Loads dropped DLL
  PID:5032
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding F3D19086A19075E83100C82420969888 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3728
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3FDBB6B15DBB3DCC885EB6C7261B98DC
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4540

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3892

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\setup.bat" "
1⤵
PID:1704
- C:\Windows\system32\cmd.exe
  cmd /c npm i
  2⤵
  PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c CALL "C:\Program Files\nodejs\\node.exe" "C:\Program Files\nodejs\\node_modules\npm\bin\npm-prefix.js"
    3⤵
    PID:2280
  - - C:\Program Files\nodejs\node.exe
      "C:\Program Files\nodejs\\node.exe" "C:\Program Files\nodejs\\node_modules\npm\bin\npm-prefix.js"
      4⤵
      Executes dropped EXE
      PID:960
- - C:\Program Files\nodejs\node.exe
    "C:\Program Files\nodejs\\node.exe" "C:\Program Files\nodejs\\node_modules\npm\bin\npm-cli.js" i
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:948
- C:\Program Files\nodejs\node.exe
  node compile
  2⤵
  - Executes dropped EXE
  PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/banner.hlnb"
    3⤵
    PID:1132
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/banner.hlnb
      4⤵
      PID:740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/bootstrap.hlnb"
    3⤵
    PID:5104
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/bootstrap.hlnb
      4⤵
      PID:2984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/config.hlnb"
    3⤵
    PID:3392
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/config.hlnb
      4⤵
      PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/gui.hlnb"
    3⤵
    PID:3076
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/gui.hlnb
      4⤵
      PID:5036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/logger.hlnb"
    3⤵
    PID:5064
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/logger.hlnb
      4⤵
      PID:2384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/outclient.hlnb"
    3⤵
    PID:1364
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/outclient.hlnb
      4⤵
      PID:1436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/ping.hlnb"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3096
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/ping.hlnb
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/prioritypackets.hlnb"
    3⤵
    PID:3632
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/prioritypackets.hlnb
      4⤵
      PID:2988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/query.hlnb"
    3⤵
    PID:2244
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/query.hlnb
      4⤵
      PID:1408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\hlnb.exe ./xlbc/server.hlnb"
    3⤵
    PID:3940
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\hlnb.exe
      .\c\hlnb.exe ./xlbc/server.hlnb
      4⤵
      PID:2468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/banner.njsbcs ./xlbc/banner.njsbc debug"
    3⤵
    PID:4456
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/banner.njsbcs ./xlbc/banner.njsbc debug
      4⤵
      PID:2464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/bootstrap.njsbcs ./xlbc/bootstrap.njsbc debug"
    3⤵
    PID:1844
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/bootstrap.njsbcs ./xlbc/bootstrap.njsbc debug
      4⤵
      PID:5028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/config.njsbcs ./xlbc/config.njsbc debug"
    3⤵
    PID:4108
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/config.njsbcs ./xlbc/config.njsbc debug
      4⤵
      PID:3500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/gui.njsbcs ./xlbc/gui.njsbc debug"
    3⤵
    PID:4596
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/gui.njsbcs ./xlbc/gui.njsbc debug
      4⤵
      PID:2252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/logger.njsbcs ./xlbc/logger.njsbc debug"
    3⤵
    PID:2236
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/logger.njsbcs ./xlbc/logger.njsbc debug
      4⤵
      PID:1836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/outclient.njsbcs ./xlbc/outclient.njsbc debug"
    3⤵
    PID:2792
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/outclient.njsbcs ./xlbc/outclient.njsbc debug
      4⤵
      PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/ping.njsbcs ./xlbc/ping.njsbc debug"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:436
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/ping.njsbcs ./xlbc/ping.njsbc debug
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/prioritypackets.njsbcs ./xlbc/prioritypackets.njsbc debug"
    3⤵
    PID:4992
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/prioritypackets.njsbcs ./xlbc/prioritypackets.njsbc debug
      4⤵
      PID:5028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/query.njsbcs ./xlbc/query.njsbc debug"
    3⤵
    PID:2160
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/query.njsbcs ./xlbc/query.njsbc debug
      4⤵
      PID:3872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ".\c\njsbcs.exe ./xlbc/server.njsbcs ./xlbc/server.njsbc debug"
    3⤵
    PID:2120
  - - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\c\njsbcs.exe
      .\c\njsbcs.exe ./xlbc/server.njsbcs ./xlbc/server.njsbc debug
      4⤵
      PID:2252

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\start.bat" "
1⤵
PID:3984
- C:\Program Files\nodejs\node.exe
  node index
  2⤵
  - Executes dropped EXE
  PID:3604
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "$x=Get-NetTCPConnection -LocalPort 25565 -ea SilentlyContinue; if($x){Stop-Process -Id $($x[0].OwningProcess) -Force -ea SilentlyContinue; echo 0}else{echo 1}"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3216
- - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\xameleon-gui.exe
    ../xameleon-gui.exe 1487/xameleon.html
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "(Get-Process -Id 776).MainWindowHandle"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "$p=[System.Diagnostics.Process]::GetProcessById(3604) $p.PriorityClass=[System.Diagnostics.ProcessPriorityClass]::RealTime"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3128

C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\xameleon-gui.exe
"C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\xameleon-gui.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\start.bat" "
1⤵
PID:1512
- C:\Program Files\nodejs\node.exe
  node index
  2⤵
  - Executes dropped EXE
  PID:4108
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "$x=Get-NetTCPConnection -LocalPort 25565 -ea SilentlyContinue; if($x){Stop-Process -Id $($x[0].OwningProcess) -Force -ea SilentlyContinue; echo 0}else{echo 1}"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2252
- - C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\xameleon-gui.exe
    ../xameleon-gui.exe 1487/xameleon.html
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:4492
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "(Get-Process -Id 4492).MainWindowHandle"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2832
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "$p=[System.Diagnostics.Process]::GetProcessById(4108) $p.PriorityClass=[System.Diagnostics.ProcessPriorityClass]::RealTime"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3896

C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\xameleon-gui.exe
"C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\xameleon-gui.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e587d89.rbs

Filesize
935KB

MD5
a7989ff367a8517cb6f1322ed1c0f3a1

SHA1
ce3e2b72934869f94e6c8d78a857901d8a6f2442

SHA256
3c0b709308f466af7c3c7bd2acadfa2667db667d94cf8e9d78548ca15af85512

SHA512
728ac132f0a30b27fb9508242e2ff029e8a97b4e69064b3037cad4ea44fec722af117b265522b4fd1fb3fc762577f90ac0037bd8a51c93316ada0c7cf2687834

Download Submit
C:\Program Files\nodejs\node_modules\npm\bin\npm-prefix.js

Filesize
864B

MD5
92dd1b5a463374142271ff420cb473a5

SHA1
a9f946c6a8c6f273f837703acc74c367b7781a99

SHA256
673f620e40137c295f2cf057364468bf3a71653dfc0973be895ebf7a8c368c2e

SHA512
5e0a6e4a9cff4b37acbece070a592a65ed044a78e1b104517eb5bb233d4398f67140b44e986e7a2de16bfb65b0ab7609e831341efea2a6f583258b6a85f70e01

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\index.js

Filesize
29KB

MD5
a2819bc319ade96e220b81c11ba1fd62

SHA1
f711920489d12ac7704e323de4cea98009299e7d

SHA256
9976a7f202a683370a170f8ab053d89cf6450c9d0596d8bed92bb762f0dca92e

SHA512
64b409c59d3e7df84ddd87163fb03f38d1bbed259323392685e01103ff9d2a43b456a5df5812e2bd3de61e0ae61520ccad444a92ea908a15bd871146630edd32

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\nerf-dart.js

Filesize
473B

MD5
014e5e4e67fc63e70b80f6de6f727ac7

SHA1
ae25851c771c860082f445e5c3553f59eecf6830

SHA256
7d0ee69ea790e4658d5029cdd728eb6375d0feed79af8b24dac99723e25cbbc7

SHA512
5a6e22ef53e66a719150c30001b183eaa475912e2ffbc4b2bfb036cc8fd5bc7b19fa1c72cd05688b7bfb8a48392371df784c252b0f560d5e26faee55eca92379

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\type-defs.js

Filesize
1KB

MD5
8385a8a608e5cdd5a79957a6c979fb28

SHA1
d20fd55ae3664cd339245fdd26a28983baf97f2e

SHA256
5f8cab3a4133b226c653784d569a9bf3e5a2ee76ac73b9156cd58a2c72839648

SHA512
3bec37444635d9cdc9a2f1224fa9160213fc4dd1234e98080c7ec825f07785ac93d4a88bf8bb4bb91470ec070da9b32acc20b111d2d3fcd15397a8e641dd6eac

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\umask.js

Filesize
949B

MD5
ae8c8f3d710c2c7a5cacbcef9c6f9646

SHA1
3fabbd5fcbeca40267f54aa7f523afa573062ad3

SHA256
9aec687f45f435f9f198e583f35b5f5a4cd0d66e21c2e6e9c772fd8ccbe65b68

SHA512
94d94b24e7eafbf499923e92020ed5f7bf8aa606f3031ae4b99fdcabab2625a3bd84c60d6d1f236509c5281becbe06c697911db10dbc2b014bafa3903b5f00ce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\package.json

Filesize
1KB

MD5
901e577d669d97e811a11f172dfb6655

SHA1
25d518b50deb389e311821d64d4b0b106618d7c7

SHA256
245d5f0e2a7508229e1cd3ee5f518d93c99eb8280fb35f7df149fe5222bb8af5

SHA512
ead727e7e751b897e060abbfdbc97ffe8d2c3efb9baffaf922ff97d8d6366bd7cc0727e4355cc4679d065bd2892d2550ab3349b235d9b0e6e0475cb6bc59f397

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\sign\node_modules\@npmcli\fs\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\tuf\LICENSE

Filesize
11KB

MD5
dfc1b916d4555a69859202f8bd8ad40c

SHA1
fc22b6ee39814d22e77fe6386c883a58ecac6465

SHA256
7b0ce3425a26fdba501cb13508af096ade77e4036dd2bd8849031ddecf64f7c9

SHA512
1fbe6bb1f60c8932e4dcb927fc8c8131b9c73afd824ecbabc2045e7af07b35a4155a0f8ad3103bf25f192b6d59282bfc927aead3cb7aaeb954e1b6dbd68369fa

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\verify\dist\shared.types.js

Filesize
79B

MD5
24563705cc4bb54fccd88e52bc96c711

SHA1
871fa42907b821246de04785a532297500372fc7

SHA256
ef1f170ad28f2d870a474d2f96ae353d770fff5f20e642cd8f9b6f1d7742df13

SHA512
2ce8d2cf580623358fef5f4f8925d0c9943a657c2503c80048ca789bf16eacdb980bfc8aaaa50101a738e939926fcf2545500484dcad782c700ee206d8c6f9b9

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\p-map\license

Filesize
1KB

MD5
b862aeb7e1d01452e0f07403591e5a55

SHA1
b8765be74fea9525d978661759be8c11bab5e60e

SHA256
fcf1a18be2e25ba82acf2c59821b030d8ee764e4e201db6ef3c51900d385515f

SHA512
885369fe9b8cb0af1107ee92b52c6a353da7cf75bc86abb622e2b637c81e9c5ffe36b0ac74e11cfb66a7a126b606fe7a27e91f3f4338954c847ed2280af76a5f

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\tar\dist\esm\package.json

Filesize
26B

MD5
2324363c71f28a5b7e946a38dc2d9293

SHA1
7eda542849fb3a4a7b4ba8a7745887adcade1673

SHA256
1bf0e53fc74b05f1aade7451fbac72f1944b067d4229d96bae7a225519a250e4

SHA512
7437cf8f337d2562a4046246fbfcc5e9949f475a1435e94efbc4b6a55880050077d72692cbc3413e0ccd8f36adf9956a6cc633a2adc85fbff6c4aa2b8edac677

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\node_modules\yallist\dist\commonjs\package.json

Filesize
28B

MD5
56368b3e2b84dac2c9ed38b5c4329ec2

SHA1
f67c4acef5973c256c47998b20b5165ab7629ed4

SHA256
58b55392b5778941e1e96892a70edc12e2d7bb8541289b237fbddc9926ed51bd

SHA512
d662bff3885118e607079fcbeedb27368589bc0ee89f90b9281723fa08bda65e5a08d9640da188773193c0076ec0a5c92624673a6a961490be163e2553d6f482

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\fs-minipass\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\indent-string\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\ini\lib\ini.js

Filesize
7KB

MD5
84b82e208b562cc8c5a48cf65e6ab0f0

SHA1
0adca343dd729beb86ebbb103f9d84e7ebbd17af

SHA256
481b00a4ebbfc83b28b97d32dccd32d7585b29b209930d4db457d91967f172ad

SHA512
377034e60d9d2ef3da96f23cb32f679754a67d3cd5991b1ad899f9f7c1910dcd0d9b0a1b0530046b6016896bd869a1607ef29c99949407959dcece6f9da790f5

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\ini\package.json

Filesize
1KB

MD5
5b29ab3cad80b08ec094c8201333ebe8

SHA1
dee99f05b24963959159f1f061926e9075679be8

SHA256
94ebf2db52f15b5da55a809977e04f02b052abf418cb160a8d0719362295d867

SHA512
a6e66ade3de2cd308b1081548d2e58a87aad15baaa236c4dea73d36a946b6de352c3765d188f350c9311ebea0efc8b0068a8a7e0025e3dfdff84b737be4e475a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\debug.js

Filesize
186B

MD5
1d97bc3d56be902d4f63b37b05f3ad85

SHA1
ace1fd823fc44e12a25448db2b5a49e20973e506

SHA256
0eda498431dfcb77febe2e79b4a63139559d3f42b21e8b81fc3879a3f6dc3c46

SHA512
fb52fee500d9099339b4d60f9aaab8bf613e7387848ff6ef3d2ce513d886298ee04810fb1f2b107a317cf4e1cea60a26ff4797b9cad3b11bbc26af0852e684ee

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt-lib.js

Filesize
12KB

MD5
94443c174d88f844a9ccc4b910f630cc

SHA1
fcb80696d47cad01738194971bc75c5e249044ce

SHA256
ff669467a8d425130753c6169ce0ce909d45a110d36b1c37949608fa4395fe56

SHA512
1a8eefb98b810cc183fbbac805c51f3b0714a195376f81eb90d12173a26165970e06d1192f089691adc21f2076056409f1a0557cdf8edfa9d389450e6c727daa

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt.js

Filesize
985B

MD5
f1f7369cd4f213cf2ae9469f4d1ef1f5

SHA1
cd7f1eb598f3ed855eb9033010dafc0198bf70c1

SHA256
10623659120996267168230ef2ffa9cfb7ce00422175d21476074c48d5262c18

SHA512
54b8adf2466118da90b84ecc2faa1c70a043679e542dd8631a50fdda883faef169d14a85cc64e2db33b492ac87c2a781bb9f454326b472cd5c61fe82434d115e

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\type-defs.js

Filesize
2KB

MD5
0dd63ef9ebbb7c6f5a20aaba3d799be6

SHA1
bd7d41bbdf8dce506c049cdcb339c6015fb11290

SHA256
6537bb9b4df3a1af3e14d5a99d58e75180878a3e96a4bb3bc9760b052b53c5a5

SHA512
b0f065c9749023493720f1102b7bc1b2506f449c67c57aba40aff591f6a03a8640149e9573bf0ce4a7664909b721d893b85e350fd488e6de6cb8afbb10d76bbb

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\node_modules\abbrev\lib\index.js

Filesize
1KB

MD5
553252424d89d17aade6a0bdab1f1c1d

SHA1
1cb30c6f75014eec81b10c27d51413a2f0fafadb

SHA256
89ba3bd4b34ed7130749b098f18a78af725bba43b674039ffe801e8cf85df93f

SHA512
5e2e0d87c0268da9245265cf69ff500296d3d59219fcee673e1ef5149b63e44259eea60a739f278c57042fd2c7e3e95d1504fe9eabd3a931c6cc28574a49da8c

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\node_modules\abbrev\package.json

Filesize
1KB

MD5
aa721fce40b4331d0ded9cb9c29ea599

SHA1
aeda7805291dca4b7fac211a623fd103e51f10ed

SHA256
ddeeecbb529261a5754f8e367601c66ace7822603315b776c330fea3524dd7ca

SHA512
0e245447309ad24a24338909f65f8fe39a949c72c536f5a0ebbebe9cba28cfdfff414caece80cc866e874678019131fcba93f569341d9346bd04676b669f318e

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\package.json

Filesize
1KB

MD5
80bdf8901061eac24047d6b001499e89

SHA1
a99d447473406d5e862ae9337b7aee363a8d2f13

SHA256
8d349e100fdd613174f8b3c58149545e3d69a959b7fa3f466d457825575f5b3c

SHA512
b81099e82c23e809a558b8fb164338f3faa784e044d558daa4a09ab26179fc4594e170419f9e3d7b26baafb93d6981f001d2e8d3bab023767d219984b4769f03

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\LICENSE

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\proc-log\lib\index.js

Filesize
3KB

MD5
aaf4d3f519676aa3f490218a47fa6042

SHA1
9991f1ddc9b9a818dd4e9c2ad2dcd2b7c3ee7753

SHA256
f6c7ee8376eb6720a9b5149077648a0cc74e749c928f36bf88bd4dc6728d663c

SHA512
4ade93ee5fd3531389e3fb7f5f2db1fb8b99c2eb1fd769cf0a5ce726d1c4cf27aab1fcfa5dbc17dfe985879f00cf032a44e5c169cb40e7d4d27462a4033d2085

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\proc-log\package.json

Filesize
1KB

MD5
b9eb984a5b149084bb675358404d83ee

SHA1
2c87199e46d74c4de3202607efde64947bdc250b

SHA256
25f1b2da27302598083b749278018f7bd5cf42b8632df48428e07371e6386380

SHA512
4f3b72ffa47131f28a0ba85d9266665cad623bf72786b56054dcfa71cdac8d89b2d8be53db96dbb05d17035800fd6673f6143a567b0474748f3adeec1771dd57

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\semver.js

Filesize
8KB

MD5
f745bb0f4002c0aa36126e746de7b42e

SHA1
e457241c0a0e36daf5be5a1378bf54f992d08408

SHA256
9859c013ffb9f471ce781f2eb20d05c9fc46390aa2a6e841a331fdaff715f0e3

SHA512
42d4d60e0b04f36743c984d472351337991012f6a52e4422febdc7c3c88e16ccd12b6ae71c8e856a6942955adfdce4907f785e0d3d9b5868bdbbcabd6a480db6

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\parse.js

Filesize
333B

MD5
4bb860ccb55a8e7f8e15094c423bf190

SHA1
337cbb70f03b1e4a6128670ae8687cb4e2c337b5

SHA256
af01da654bb57a951d8ee8c55af7ff8717d5cba7f0f176a4eeac0116ccd2b962

SHA512
0c574099aada4303cdaf886cbb444632c49fdac3609215098ecbd74a51afffae3deb0ba341e2b15561463cd2b43924142526edae2ab7e94a09d848ad787e2b7b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\valid.js

Filesize
168B

MD5
fc7283ee28a91d78c8e336e34115a423

SHA1
bc78998bd04ce27fd79dd5585ea9d9858fb929cb

SHA256
cc754d3b632ef37a372efa2c98125fa72305a8188c0af4178e7bf52fe65b81d8

SHA512
1e07b012b3fee99e807cceaa20413f5a631871a7d8ef73544f943c3fb8a7f1732f186e9c29715605bc353c21ae39b9dbca5fdc1a02d1769325b40ab992ad8bc4

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\constants.js

Filesize
894B

MD5
8a5639fd2c32fc21e52ca4ae8f5cdaab

SHA1
2c9226e674e56815f771a9c6bf01294c16801d28

SHA256
9abd31dfe1f2c010f37b4e9228012c45f09c6b54f4accb908978a45aa7f30553

SHA512
e7f9f0f290dfc8f9d4b0993c26c6e9f3cd956054e6a950166d718622f3fcb581aa84fcded0a6fa46c1e82ecfe4f85fc3c9a8edc1eebdc3494726e4a2299386aa

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\debug.js

Filesize
235B

MD5
f7359037c8be03092ca942dec4fb867a

SHA1
3cd23bbd192084c08b9bca4d7c7874baa1198751

SHA256
804aa8e68b8e54c523e260c311d590e6308fa312517696b927f66f84a30f0d9e

SHA512
3c5f7fb7c9979475f17911cc312cef8e7abf7b14cbc496f8571e0fa645138b4d6ea15893b9c46a946fb22067c8d65d44123de51a60c576c21a4a2592a2b07235

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\identifiers.js

Filesize
433B

MD5
4056b1e508bca52654ad3509be03bd9e

SHA1
2af3ef2a6fdf04f0e3a081409afaeedd8e37f09b

SHA256
1984455676a11039882414591db360998202559ea3d8641fdd4343c845c65a1b

SHA512
7bde1f4ab5b5b44ef6e8c81cadf2e6ad3061d7d1103c61abdecc1cbdb3c771e7a20c9c76840793162a914eb8ba6036390e8acc270348f455558ace0aa5c0a64a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\parse-options.js

Filesize
339B

MD5
ed87cbe86144dfbeae0e2c91831164af

SHA1
a93996ee9b9af99634b12f69e4c22bd6f65ab0b5

SHA256
c691b9b39d2084e961cdcbf852aaae0d8889fa45c3a115747d85186bb3896132

SHA512
a4e80d4b2ed2f55078ed400818ae5fb55d96aec8c7036d7e1bdd87794980b8e92941e3f2ab5b1b2cc295d53cc4aabc31f8507370f3a611c5bd6f51243641fdcb

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\re.js

Filesize
7KB

MD5
969a3ec1897eb91138c6a779fcae50f8

SHA1
dc9fa4a3ce0ba39a72a741f9e16d82a201df5e9b

SHA256
685344c7a0b5b6aa5baba66894597f1a552d3135383465c0897032d32392427f

SHA512
3313e0a6d679d3345d6e90d61e092760f0abf07047dff0565398bc0f773893a849b3f88b8910211fc5e2ff8125fb8ee6296fc5b786e3a963e030fb05a9103a42

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\semver\package.json

Filesize
1KB

MD5
908ee832e1efb27e9faa3318cbc40675

SHA1
f48baa57e29980f9602f30351fd68ba2da243ce9

SHA256
a820020098f708cb9f785b2b0a3ed55a67c16f049040cc134a473547e573a019

SHA512
310efd80ef6522170afd617b9afd4a61263c4a6ec469fd63b0e67b595516b7146160a5ecd4b876f2b2dc21d93ec1ea1f53e169cc7fa3913a38fd56dfbd6cab1e

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\node_modules\proc-log\LICENSE

Filesize
757B

MD5
8bb6f78000746d4fa0baf4bdbf9e814e

SHA1
4b7049331119a63009aec376677b97c688266613

SHA256
a5103404e4615fa1ed46aef13082dd287bf4b95964e71ffdf198984b3d5882b8

SHA512
ee6874e77e33e0e0fe271ae706b344696201c1c204356e271705d9b0687bb597991c3b589d0fa6b6b38dd2933026c0996b37bc13062a5acb2fdc7f3359cdb262

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\walk-up-path\dist\cjs\index.js

Filesize
474B

MD5
54bd6e9d21ed6021e374d34cfaa3290c

SHA1
e71ef5c7bf958f1599fce51cc98a73f849659380

SHA256
4e86e409d7506477caee910cb50f5bff1dda477878da923bd3888501e1a04036

SHA512
7424455a64824b7ffe72c3ed521684d7ab279b4cabb0fc018e9db04662a92af9187efe30f5a442c3418705895262de6e057858c3cda00c634df3cbc6eebb2407

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\walk-up-path\package.json

Filesize
1KB

MD5
e6b2ad09f00a37da8012022f4b9e0461

SHA1
9af557e76ab4036536d792ca9b3c37d4720c0587

SHA256
2d43790293eb562918790e7fe2a786d86ed8e5a95b45d5e36587be0dbc8ddcd4

SHA512
9ea06c09a0837495bbae225d2913f55f53d5f81b4949bc1640d2cb460e3f61d4d39fbb88a959adc56ca7557870a069e1ec2a92b0c759b457731e93ecad8f9eb7

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\index.js

Filesize
17KB

MD5
cf8f16c1aa805000c832f879529c070c

SHA1
54cc4d6c9b462ad2de246e28cd80ed030504353d

SHA256
77f404d608e2a98f2a038a8aa91b83f0a6e3b4937e5de35a8dae0c23aa9ee573

SHA512
a786e51af862470ae46ad085d33281e45795c24897e64b2c4b265302fa9cbfa47b262ec188adbc80d51cfc6ba395b500c0d7f5d343ca4fc2b828eaedba4bd29a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\index.js

Filesize
15KB

MD5
9841536310d4e186a474dfa2acf558cd

SHA1
33fabbcc5e1adbe0528243eafd36e5d876aaecaa

SHA256
5b3c0ac6483d83e6c079f9ffd1c7a18e883a9aaeaedb2d65dd9d5f78153476b9

SHA512
b67680a81bb4b62f959ba66476723eb681614925f556689e4d7240af8216a49f0d994c31381bf6a9489151d14ed8e0d0d4d28b66f02f31188059c9b24aaa3783

Download Submit
C:\Program Files\nodejs\node_modules\npm\package.json

Filesize
6KB

MD5
a635c09a3ba36d76e04158ba070c32e2

SHA1
6bdda03a1e34946e25fced365eb9da0df97e9e29

SHA256
6f1feb793d2cfd5ba2c5c9aebe4cd7dbb2d44a401b99d48b14ea3b54cdef2446

SHA512
cac45d9a50fe2b7b786613b3de9dea31921bce05e2bdf5edf07cc3cb6e4a947486435b5ba7b23a34b8f674b04df5d69628c6954e159e7beb6e59b00893eae818

Download Submit
C:\Program Files\nodejs\npm.cmd

Filesize
538B

MD5
6895fc6423c97fbf721a71333137d1ca

SHA1
e0a531a3a869f2c3bb1ea91801a8a386d6aaf73e

SHA256
21b46c69ad6e2f231f02a9e120f4ba6c8e75fef5a45637103002eab99f888ab8

SHA512
0cdaa6bbeefeabf676839d88e96a096b13b9176bd936e11665ebf01e57540e131981a7bee4f113d2b5bd6858656f7cb689d29ee81d9f9e8d7f87d2d91e041ac0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
d6379e007090480d77959aec07b6417e

SHA1
98eecef8fe63445674124fd32598555c70824080

SHA256
4ca85bbe1d76aa3ac41fd9c939ed731dbee8db9ead4e48d42c0350a0e843ee1f

SHA512
e0f5d61dbbc96801ecfcec709a44c6a231b3358266688be684b883e9114c32301783796a2df26f4cc81a420bd36f365bddc0df7cdc27011b85c21a1a32e10d0a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
4930dde6a08da80f8ce90ed25b71aefe

SHA1
e7df26f81c01ed1994c04ca1475788ff66092873

SHA256
7c4d925176f7d6ac431eb5d40950a2fe113fee022f26d27891174f944a3013a9

SHA512
103b09c88f566fd7d825a9a64992fd6fb1170c2b8fe57f1fa951e1bad58dcdbdd6c94bdd6b819a61bd513e968ad49497963093d9301f0b091a8b979296d6a48c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

Filesize
727B

MD5
134589a863a9c4fd4df5e55cf43683f9

SHA1
28913473403360c73102b5f998c88364cfe105a5

SHA256
aed53f02d901d08bf4d6e23b77f6d890ce56110be9850194acc3613c784635b7

SHA512
1740c545b86f667f1b9da83660017f704edefa9d5b75557f12ae0eb9f7595cc92c8a8ab501b4b1aefb26519fb82e6b31b627456582045b00cf5cdff07872face

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
179f93352a27e7b3d4c067771d95b7bc

SHA1
041361ac0dd6b6c0e7131debc2b6723fb7790d70

SHA256
cc70bbac74d855ced0d99013f1d5c3a9dc9f7175823b621cebefd5acc236b5b4

SHA512
8ce229f5939cfcc0774966dc59bf02f6474c76016891708b2a2cb68673f06daa84c6db8cc2cb11d447e5e8a3d127993bf1ddf1f1f698f20a4b79553bdfdc101d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
590e11e3fb394b91665b49af3665afed

SHA1
e08c1147d98d8f6bccd8618931123afad7080b7b

SHA256
2f51b10831b17fc149e6038698b75945658378459187540279e2bbd26bbc2042

SHA512
e583e9a05d69b757437a7b949e6d22f691dd5aa562ceb1520d3525cfa429dd5dbc732219c3aee949389edc55c8b73c060c2d5409efab86b2bdef710d18908d7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

Filesize
404B

MD5
53a074e311d513e5f31bed7364c825da

SHA1
3c14ef0c4fe7b2135b61b8d6a9b907424ce5e494

SHA256
770155d417e04b229113bd1376e2d71570c7a1d9985946391eb787e8afa985c3

SHA512
25168f4b823005f7adb49ee6f8ea99389c1fe1435d988ca7ca0a4e276681d370f27d1c5e4d1af8b9c6c165d28340e5114ecdc46ed51001d3987f5a6249226dc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ffc7780eae29bb52961e25cb39d21e30

SHA1
e3e38174733de9f8d7bc22f03c5391a612c88553

SHA256
d4db19bb173db5a9130eed6fa228f73155d03075bd7c8580eed768eed8c146b6

SHA512
2210493304f807656c42acf0e8cdf2152bb497f942f403c9d588fe9a6b8f1d76f9f539ff60f6f67b18e80185c42b076937b5c6d9b3b7cd461d0eac0f9212ac8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\428cc75a-5a11-4ef2-88fc-cc95ee0714b2.tmp

Filesize
10KB

MD5
7f7e45dfa15974cb2cfeb8c90eff7d75

SHA1
6faccb495557596f22429527f5e087fe6b8e6732

SHA256
13c23bc269eae537ced8f33f2e935e41dc7a25d81fb650c0ea8d35b2d669edcf

SHA512
cac1bccdf37a3966b735a7fafb37b5a94bd92f13a9206107057582381234ff4d601f249c4b32ce833a1082f59b7f06a81fb7ea6099f6e2ae079f3e5303340359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0af83a10e606289f8d519c418e0c0d76

SHA1
272c880ee7cc8d896b74681807df1a566c5f1281

SHA256
4d97814982b563f76210f5daf2e86a2a2aef7b556b8ade46922af6f16ee750ca

SHA512
f4e12b526b04b377637cb0bec12ea193d06395f49dd7f4c79d7dea1e108487475a81a8b3a2ec7a8900456732cdb6dd4da6a9423f0c440ae97ba802345459e14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
69d1d31ac512e527e9336d804e75b8e2

SHA1
39657cb36bf740558e0d42adcc4a17088e197a41

SHA256
00597d0bfb42af6ad7f1eae06bfbd2df8811fe99f5e1c4a88fcd98cf10659ba4

SHA512
d61cbd6184e8d2ce8b7f8480a827c82e2fc98c947430a5b3b314e00b0ceaf4219df7e0aaad3e8b5678b133002ad51b6d61d0ba465bbfc74c4202bce6ec3990a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6fa861d3250b031638c187c3027a33d2

SHA1
ef0ebf1c68013ddc850db1d91603531b78a3fac3

SHA256
ae6a2c5d6be1c531b5e0c07e39017f0e191fe01cad54019568fc492846d16bbf

SHA512
c6d3fd113d19f79c0c2adcb5292f9ec34feabd04cc621603b8a46a28632e93cf4c5bbb88f53920cdd635e16b28bcc61db19aa52440758317bca8665f7e21e43f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
96925775be0a7e4e65f178d921bb02ea

SHA1
2f5dad1cd55df9e3f2fdbde3d3569f009121da43

SHA256
f1a1b4ab5ea456798b65d41624add45ab29cd5c6233cb7f5ee2e0e62d9b61f41

SHA512
692b1de089824a863706ea3da6bf7e41f2d33b82d9da951aa836297c830be67dddfd60be845baa7bd3dc61b7bab8b14ccc9d57648d190454799da17511b04594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
0a8905cf20832967760e0c6317932a0c

SHA1
26b14d621bae22d502f83b8f3f27b23580a10e5f

SHA256
ffc4c52051b28214f27a426506e7b87d92384b25f1f6dd565053fa471014a72e

SHA512
9099ccd2d874c734867b7a7be332e3297befc02c2961c684e3e0517db47c39c4304168ff89e8632dee225e6498b88d7ce6fe78fb3c1dbb6f1d36c0447fc32563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cf4038f287cf041022b84b49a06857a

SHA1
7519a3ad85ebb0ca52976795e960ccbec9313112

SHA256
56b5862b5ec8d627bcf2af859a30f485921d8c4020c670357dfbdd811690eace

SHA512
e53695c4e745503e50d88c53351a058cb4311e600cf168ad288e473588dc42812cb96baee9ebaf9a025acabe43a89a40417568cfb363463bf05836d7ac573ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70c16af4d79f4ab98c58df6e797f3e83

SHA1
3acd200b5785ee9e0818486a9c4f3b7a6c5eadf0

SHA256
2096039d7f3bca0d8652cfc3f263bdac58f4ece2cd88d7f66d5278fc46011417

SHA512
f07b0f251e7f0ebbef75f8baddac3d2ecd6b1d88571b023db8b22a42706dd5fd26a7a9214043694eb1c727f0c4271d1697157d0b9ff57da8993a1e492a5ef33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
935ad35efeafa63cb43f6fe17cf25844

SHA1
d4e60d7eebfb1eb1e4996febfa2a23d37c31671f

SHA256
4770ec0ecbcebbf92ca826bdcc510f817f7a5420f97587f3d77e720288fe3e27

SHA512
21b0ac1980587de21f72093795d22e524df4485b4e6c8288e15d13fc9aa8d50ba04e81d229b06c84b88b297df2e04c93c48a8fa94ea93cf3a176c9cf4b359bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1edfe880c60e0492568f831373efcc8b

SHA1
788f10cdf4f6d76eeb45a58d28264ed8a1d37995

SHA256
6f550cf33dc905eab64ddf60890831cc159093eaf83bb9aa359e0bb017d65ff9

SHA512
a97092b4f4c889098ab7e0542b1b48ec0943f7a33a62618c729991f57d4bd6e16618942a5c43d7a3f6e2eb17f56eb93622124fd037ab61d2f144e53265dcc172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8886ac876a7dc000a11e0f1059df113a

SHA1
a4607a32e79ca3b380f02d3cf4f1523fc00b3c8e

SHA256
b704020e741bed020a0a708eae3c5da826606b6d05fc73c1aecaa5a543fa6776

SHA512
34c9e94b0bd4960b695bde9a6bc2e2069fe4bc2814254c08c90936ff2c2435df4fbe951bdbf666a0f442a4f74f793cc6a50ccd1f64c185c27ad193d55fb10cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0207cd6dcf072b2b4f3dd9fa132a668c

SHA1
adcf577ee9d817d48f712189d5958e097e3869e6

SHA256
84f865de81e7a5cffefebf7a31ad8de686b127827b695f3c4c811cdc632baf62

SHA512
f83f27b89041b698c9b28ce78b9d45bd27e9216f908074e1de530bce737ad1234e69c7d5d66bed568150cb6734f6d8c05e1dfc26baa1bcc6049d589d16774757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b90722806937d1b8f7938e55511ff961

SHA1
6ab11c873c8df40533bc7c411fe3842954bb22b2

SHA256
f2c5ba31530c8684bc9449efcf71716921677bc395c500905994a3ac557219a8

SHA512
99212e598756a7a1f83716799a0cd48eaca2e23f5f4ecdb7b11c3efff2e2cd80ee2a5d97299057f4967baeaecb39660b82aea9aa57b35cab7fe38a84c9955dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3d8fa036a603f49cc4e808f73af013f

SHA1
e8e22e25549cbce6b1d4e8cd73385dfcd916ba69

SHA256
62238ef332be05d96bd0b4db768a705e32eb150aac15024220b671ab73c0d791

SHA512
bb9ab00152a8a823518734696c4c41ec37ee08fe19aac2995386444ad9737b52db34d12a299539683f2ce8e7cfa26d57b9a7e35854301aa1f4461c510f719120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c579e01591259ac6c1d1ee86c2c3b9b7

SHA1
a4c87bf1590eb0ac01214345c4f98f14c2a45ac8

SHA256
61cdd928859586e5b9a0511440772cc2d98c138044fa79fe9dd3e583fa9b9e11

SHA512
e1f977b2c3578280a02b6f23e883a1a049cd59c37c71e58503152fec49602104ac3300e5a01457f85a9c600f2c107fdd1c489ae077c367bf2053ebf4cf4cca00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
870bbea3fe5e03d835621414209da373

SHA1
fe4d18f9c955cea93db77d8024195552f091036e

SHA256
c4369d5bd405188bb80ade94a0ce97e81c025d7c9a09015713fb724a0d0cea33

SHA512
9a9ed8b905ae10f7ae97ad8b35acc67df7d47b7d7159508c307aaf779476b8b3502a5954e85e404219afd2bff690b25f38244ffc039af12f46b7fc16dd88bf81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca78c84034b42fdfb244e2174ed2c7dd

SHA1
7b866631522de19d826de64e61e979ac4af66439

SHA256
84d5817983f0a9e7ef95310e68c56916e5ff47cb71c8ec54a995a245bdbb9ab6

SHA512
f1c198813a58dfbf36b7586ab27df5c02ad368996c176896ed746d6baf88247bc930878e6af832f3c524b121f4f4db78cced9065e760798294c6a9aa029237ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab12d01bd77cd6575d26ceece1628605

SHA1
9ae267952ea9ec70617a3ff49d237e5098c297d1

SHA256
b5c5571809c025c1f99c8c4dd2ddb01b625dcbacfe171e74e40843ec959210c3

SHA512
ea13979ff4a8c387840591ca5ca93802815847511f1ee9e24a106432a43330fa5b84ad0940e4aca8513249fa292970d208ae9eeead34f38626f6bed126971452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
dd0f4e1f3c7459d9d2197c8538d28785

SHA1
643b667656d3eb3b33fef9faf5cd3b69f1787254

SHA256
1ff4a0728a9a1b4dba9c2665fa854e0091a898f8eb7ad870c350dabce3866f2c

SHA512
a6d9b1bfa6059c8838f14d56711934fe47b3ac4ee3fbe1e124f95c80c1696b72fdb9a1e13fce8ac82f5cfbbe6bab252c7e8943f58d2d8d983b66713195cd37cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
86db5a9a9d1243756dde8629c2591863

SHA1
ac1642f3192bc1c11dd99ff859d2295eaa6918be

SHA256
71cff4ca29b89594fdfa1ce66292a3e5f69fe5a5a1c1b24e656cf7a16b7f51d8

SHA512
cc333e2d0a3ab8da511bae8974528d36b572ed09be71b4acb16dc60b6490e46c59bd2ef5b3a9f082970e2368ee0e99a91cce91e671a2cf44c6b48520a31b8925

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI360F.tmp

Filesize
144KB

MD5
1b8c4d44b04e2f24230ff0541677e60a

SHA1
e8fb94c5071fc89579f8f2220d7556694006952f

SHA256
fd06ce976b1edac8cea2a1e4635a448652b793cb55959dc87f521ccf4c73f248

SHA512
2fb5b51b295ec52c61dba421073558c6e98906a3880777a51e54e72a94a7de3020f1de87b2909691bbb21048c6fe4bcc7568a61ca7c5b806969a0995e97a89a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI3729.tmp

Filesize
390KB

MD5
80bebea11fbe87108b08762a1bbff2cd

SHA1
a7ec111a792fd9a870841be430d130a545613782

SHA256
facf518f88cd67afd959c99c3ba233f78a4fbfe7fd3565489da74a585b55e9d1

SHA512
a760debb2084d801b6381a0e1dcef66080df03a768cc577b20b8472be87ad8477d59c331159555de10182d87340aa68fe1f3f5d0212048fd7692d85f4da656f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zawdxonj.mda.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\1055823e

Filesize
707B

MD5
8f946ec829024fdf67af42dcf834b33a

SHA1
57f2dd8c0f62d2054e31fa820154ec21b4026731

SHA256
8dcda39f29b05a854be29d2eb4c1968f9d1e34569f3d2861aec20423df54f2d5

SHA512
4d4144a657d33e834ceea5c9f8ce59a5833eb6ecddd630819e17df841bb44ebb2aaeafa93b861671037db982c36f5e4b6ea4af0087a01227ee229e16784ef526

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\17c40562

Filesize
25KB

MD5
5f000d315586ab02345bccc42976f134

SHA1
91125e8042bba1b9887f49345f6277027ce8be9b

SHA256
1648613948f68ac9cbbe8f72a3f93a67ecdb862ffb57946a2c0bbb5a1479a532

SHA512
f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\2f89c04d

Filesize
4KB

MD5
7b93eea8153258fea64c3192922effaa

SHA1
9cf1611ba62685d7030ae9e4ba34149c3af03fc8

SHA256
af8262434508fa8292407f7fef4690d19eabb73387ca230b41f2a1155216963a

SHA512
9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\43b17570

Filesize
705B

MD5
9835596be12cdf4d89b00bfe6657770a

SHA1
275676da7d80ee14ea36f065a3fad6b3d67527a7

SHA256
bddec6bb897f5f53d28b828bded88dd94e8a23537f66b0423f09d7574d8d5de3

SHA512
4093d7ab4bbe5d71e8c56852383d1427fb7ee4a5b7748a83faddd7213d3d4d2bf1c1dfeff92707214982359303f1a68cc0701218b9e735e839a28998a5ed4046

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\5ec66a75

Filesize
32KB

MD5
c28a325e2a1386207bd35b47981e4b18

SHA1
56a9b36ea965c00c5a93ef31eb111a0f11056967

SHA256
edd866c05e318aa9c091763eebdd4207409b7a7648be19c5317a96047305ab5d

SHA512
f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\68ceab21

Filesize
690B

MD5
4238d7d4d3bd139b2a4146cade14ff67

SHA1
f6d6e77c65813eb20e6628932765096af6d12d47

SHA256
356443dca0dc62965686c5dc9848c8b958c6b927aa294ad35fab4e4a1e251ac4

SHA512
6821a5ff9b2d3354fe7306c2de9005cf624cd08f7e10f0046ec83a2343acfdd3000bd6f22dfaf417909178281b267a6552b4989721fc1228afb64e9f4441b189

Download Submit
C:\Users\Admin\AppData\Local\npm-cache\_cacache\tmp\e05b746e

Filesize
689B

MD5
363e16162217428327a9364fc45fb190

SHA1
ae938e872b3934b0aed14ce622b209d47cb5f735

SHA256
88bb6dd587dfddc625979debe9691219784e5661686e130bd52540c96b6a2bd1

SHA512
e9ecb7b6edaffdaeb9fcc6500567d0bf08885b40075aec3a1f80385f614994521821be3c6142b0d9a29ba7888b3c08c40dd609c1dcd790b270bf1100206b1035

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
df63b8ac09fe085e262e335f08f92c50

SHA1
ef56e868f2239faf378bf07a2ea3270dd7d56e4a

SHA256
2056714fd619ac0cf15a23e456fb909aee8ce6d53081c357f844879ed3550e48

SHA512
c80fd3f2e90193226586d66ea21f247b5c3a40535436513a290171e26c70cc0c4741dadfaf4dd2df187e0388f1ccf7193297a65d8785eaceb47bd61400aadf8f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
7c62b57e6f72430e3b4db35c39929fd8

SHA1
4a9a7a405749bd6208a5c72d71ca84e7e3301eaa

SHA256
7d15b79347842b2d2d16e3648c41df9aa718ade17ef71bb995fc92ec0564c3c8

SHA512
8c82d487126ed53df4b44a4e4a85c784903fadaa4142597d963ec61066730356c6212410402273eaf401388f67e16a42f75e4260ecd78e97a3da7fd44b42a667

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
46758463acc012093a724c4955b169b0

SHA1
9075a914915896902576511bf34b79652fe3624f

SHA256
fe351e0541f777c2d2515784df1f778d2ed0e7ad020c7a872b63b8c6f5e28eea

SHA512
8e0545dbe2e162bb2377b05196aaa25581b18e40e4265c6fdeb809d57cf61fb996ec5bad5ab793b78224ba4a2a421a094e55a9cf246ec018f2d082dc3302224c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
bba01579dbf7c55ee5cdc01efe9a6ef5

SHA1
f47b1b7da1f8a43ea4ecb8907e7b541b9bb3886b

SHA256
9301b15fe19e3f197120fcfb058cc07898c3a00d6ae4f7291aa12d88563a6d81

SHA512
bc9fc221d7acd46e1194a8d037a61bf71f2c98c0d0e04a7f11973e0a91cfd90d0ed13fcff05c2da76ce4acff5a7418bb9f76692262913bc62eec849b90d666e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
fe462bf3fd426003a274dcc9a856ddb5

SHA1
2a20b68d4faabe83647e7ff6d85c80d680226fa0

SHA256
80c40f438caf760ad27bdadec4768e4fecb92575ff98abc2c3e857419d0ed38a

SHA512
c8a484d07bcef771a3cf5a69eda11c063e195dcc1d13a6376775d84beac598ad7868223f1e85abf4b3aed5b7d3d1a5abd2b8f74c7644aa2572399e1b8cacb54d

Download Submit
C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\nodejs.msi

Filesize
29.4MB

MD5
106167d55e0bbfc7e2428f9aac1ef688

SHA1
b5c9f1b0cba46c3cdd3cd2e44c0404aa6aebe084

SHA256
5fa43604523be95f8e73c4c98337a5c2bf02450a6525ad25ec2926e464e6bcef

SHA512
064826799079725655b93abd7a3f5cf0e47c673e5f5b1b1951b2cadb8e3723bd80943e58c4d87ec0888c5f443d0093c8a39f09e21b3e7550928b1904b1181ba4

Download Submit
C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\node_modules\minecraft-data\minecraft-data\data\bedrock\1.18.30\blocksJ2B.json

Filesize
3.7MB

MD5
f339420f116516079ab7395a845f27c0

SHA1
74ece8a7c72bc679c625b795bbfd1bcec96b8792

SHA256
061b39aa1f1556651e8418f1660593d1149d3376b8109549bd8be8f83010c016

SHA512
512359ebab36c23d46b79579abb6672447a1501b9a8e368fa8d3e33f4c0099df8e63328b1eb6656464ca31eae6ea14acd25102d7f991ac3c8e7be53e73470b9c

Download Submit
C:\Users\Admin\Downloads\xmlnsrc\realxmln3.0.0\source\node_modules\minecraft-data\minecraft-data\data\bedrock\1.19.50\language.json

Filesize
645KB

MD5
ff3b5064f5dbc673274784eac96f171b

SHA1
12ed42ed54db8d633ed065ccf47cd40a1baf7962

SHA256
aee5b4e21057adeddf7ac862207dda653609c34cdcbfbd329ff0838282d8b82c

SHA512
07f97b8a224e8777e4f387592d7cb5b900ceb99a33f982c0573dc1148668eb56dbe961e48841ad5fdbe37089c43442c58546541005194b6325211de8cb6d61bb

Download Submit
C:\Windows\Installer\MSIEE38.tmp

Filesize
341KB

MD5
74528af81c94087506cebcf38eeab4bc

SHA1
20c0ddfa620f9778e9053bd721d8f51c330b5202

SHA256
2650b77afbbc1faacc91e20a08a89fc2756b9db702a8689d3cc92aa163919b34

SHA512
9ce76594f64ea5969fff3becf3ca239b41fc6295bb3abf8e95f04f4209bb5ccddd09c76f69e1d3986a9fe16b4f0628e4a5c51e2d2edf3c60205758c40da04dae

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
124b3f9e5e43bee3a6bf6c42330d077e

SHA1
02eadd69d3130eb42b00efd315554afca4e24717

SHA256
3d4f2748cfd9c95c04410cff79e4ba2a5dd9e80cb1a4745e07b6b30b0edc79df

SHA512
e3063cb90975278e7feda5e16e23c945363302b1227b545dc781409c56b31ac96b44afd1a39420250e59caf56bd305f8466af2d1846f1019e74aace178ae0bfe

Download Submit
\??\Volume{ff55ba41-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5437af87-bc4c-4d41-870a-6328833f5262}_OnDiskSnapshotProp

Filesize
6KB

MD5
dd41af317b3988d16f8575bc5b310d60

SHA1
3320c01c5febf64fc12e1376cfa36d43160022e7

SHA256
6cee849669460b94aad48b8cbd7d92d96e19f02646df6885d611fd1388766f1c

SHA512
4c205f3a2bb46fe2086568a3506884e2fe6e7bd5a3a163ebcd18b0010395b110802a38c3742a47174108f3c4ebc80990186cfd1d76e272b6537417f98293844a

Download Submit
memory/2252-4548-0x000002D31DE10000-0x000002D31DF5E000-memory.dmp

Filesize
1.3MB

Download
memory/2832-4574-0x000002A3ACCC0000-0x000002A3ACE0E000-memory.dmp

Filesize
1.3MB

Download
memory/3216-4479-0x000001E3EEBE0000-0x000001E3EEC02000-memory.dmp

Filesize
136KB

Download
memory/3896-4591-0x000001B278FF0000-0x000001B27913E000-memory.dmp

Filesize
1.3MB

Download