Analysis Overview
Threat Level: Likely malicious
The file https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Checks installed software on the system
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 17:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 17:49
Reported
2024-02-22 17:52
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NovaInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NovaInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NovaInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NovaInstaller.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe | N/A |
| N/A | N/A | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c649ede4-f16a-4486-a117-dcc2f2a35165} = "\"C:\\ProgramData\\Package Cache\\{c649ede4-f16a-4486-a117-dcc2f2a35165}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} = "\"C:\\ProgramData\\Package Cache\\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}\\dotnet-sdk-6.0.413-win-x86.exe\" /burn.runonce" | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_threads.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\System.Windows.Extensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Abstractions.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.FileSystemGlobbing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\templates\6.0.21\microsoft.dotnet.winforms.projecttemplates.6.0.21-servicing.23364.6.nupkg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-libraryloader-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.IO.Compression.FileSystem.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Security.Cryptography.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Connections.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Authentication.OAuth.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Security.AccessControl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\tr\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\es\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\cs\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Cryptography.Internal.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Configuration.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.ThreadPool.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Host.win-arm\6.0.21\runtimes\win-arm\native\nethost.lib | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Configuration.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Cors.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Threading.Thread.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\mscordaccore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\UIAutomationProvider.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\UIAutomationClient.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.HostFiltering.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\templates\6.0.21\microsoft.dotnet.test.projecttemplates.6.0.1.0.2-beta4.22207.1.nupkg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Linq.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.ComponentModel.TypeConverter.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Features.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Logging.Debug.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\tr\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\analyzers\dotnet\cs\tr\System.Windows.Forms.Analyzers.CSharp.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\pt-BR\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\de\Microsoft.VisualBasic.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Diagnostics.Tracing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-memory-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\mscorlib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\netstandard.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hant\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hans\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\WindowsFormsIntegration.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\Microsoft.VisualBasic.Forms.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.Serialization.Json.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Collections.NonGeneric.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hant\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Cors.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.NonGeneric.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Text.Encoding.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.Parallel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Reflection.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.Authorization.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Xml.XmlSerializer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\WindowsFormsIntegration.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Html.Abstractions.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\System.Printing.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.Web.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.Immutable.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Collections.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e57e649.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e680.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI637F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6bc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e67c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e68b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI569B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e6cc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6d0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI29DC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI38F3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{74C05E31-3587-425C-9342-233964C42675} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7A8A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e677.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EF4A37DD-21FE-43E9-89D1-1C699CC197AC} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e694.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e69f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6ad.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6da.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AA0C8AB5-7297-4D46-A0D9-08096FE59E46} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e681.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4969.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6ae.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{1B5E440D-23FB-4AC3-89F6-8C7C2E03D774} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI460C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6b7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e6c2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6cb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6db.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e69f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6a8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e686.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{9C95D5DB-290E-4ACF-BC6A-25809D88D002} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D2D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6a3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6b2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2C5E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5283.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e65c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEE79.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI430D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e649.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6507.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6c1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D3A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE84D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e65c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e681.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4118.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e6c6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e65b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{19AFE054-CA83-45D5-A9DB-4108EF4BD391} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B8ED272B-5F2D-4FF5-A7CA-C73552D7FB0F} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e677.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e67c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3067.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{F4687860-8C1B-4DB3-B99D-391E99371B71} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6BE1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57e699.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57e6b8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6FBB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{847C9780-42FF-4621-BA1E-20C0CD779FF0} | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000039a337e041d2b58d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000039a337e00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090039a337e0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d39a337e0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000039a337e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530977892781359" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CA5A49760BB6094EB1B1D7044B76635\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,6.0.300,x86\Dependents | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x86\DisplayName = "Microsoft.NET.Workload.Mono.Toolchain.Manifest" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten,6.0.300,x86 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\60CA4B9C7E30F09459F55E12AE683159\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\Version = "811072667" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\Version = "811072667" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x86\Version = "24.0.28113" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C2490406381063638BC6579BBBE96D2C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,6.0.300,x86 | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D8741E2A456961135BBFCB82C5ABBEC0\A73DD4971C0B96344843400990C2E6E6 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x86 | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\002BA525AC3991642AA78ED27092AEE5\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D044E5B1BF323CA4986FC8C7E2307D47\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0879C748FF241264ABE1020CDC77F90F\F_PackageContent | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\416C3B2A709432D46A89AF5D4CBCBACC\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,6.0.300,x86 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3B1AC64AFB5B2153912DECE86514689 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\450EFA9138AC5D549ABD1480FEB43D19\VC_Runtime_Additional | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_targeting_pack_48.87.64667_x86 | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6D67D16AF5BAEFA35A4EDDEEFAD33444\3792749D1323A184990A3A9429451183 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\PackageCode = "0DEC55757133CB04A8C2F46075C2FC5C" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,6.0.300,x86\Version = "24.78.0" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86\Dependents | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x86 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\Version = "811072723" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_48.87.64723_x86\ = "{F4687860-8C1B-4DB3-B99D-391E99371B71}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0687864FB1C83BD49BD993E19973B117\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\Version = "100663317" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3792749D1323A184990A3A9429451183\ProductName = "Microsoft.NET.Sdk.Android.Manifest-6.0.300" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F69CEBDA7D057DE61BC89C3CE758E01B\808CC02C5C3E9B847B19B041C51D7D7A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x86\Dependents | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\450EFA9138AC5D549ABD1480FEB43D19 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD73A4FEEF129E34981DC196C91C79CA\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\ProductName = "Microsoft .NET AppHost Pack - 6.0.21 (x86_arm)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x86\Dependents\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} | C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\64300F7B24308E24B92DE09A68A70646\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,6.0.300,x86 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3CA42F14C85834547944D6324817CCC6\PackageCode = "21D3C6C32E1B00548990AEF7C72D888F" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86\DisplayName = "Microsoft .NET AppHost Pack - 6.0.21 (x86)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm64\ = "{3C415703-440C-4819-B133-6B442A16D0C7}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\13E50C477853C52439243293464C6257 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13E50C477853C52439243293464C6257\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\64300F7B24308E24B92DE09A68A70646\PackageCode = "B4E6B1313D1C08540803355FA4BF29A6" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A73DD4971C0B96344843400990C2E6E6\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DD73A4FEEF129E34981DC196C91C79CA\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{1C01505B-88E4-3B6E-9B58-19B566A0EA8E}v6.0.21.23364\\" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3ec69758,0x7ffe3ec69768,0x7ffe3ec69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8
C:\Users\Admin\Downloads\NovaInstaller.exe
"C:\Users\Admin\Downloads\NovaInstaller.exe"
C:\Users\Admin\Downloads\vc_redist.x64.exe
"vc_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe
"C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.filehandle.attached=684 -burn.filehandle.self=544 /install /quiet /norestart
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{AED49722-AD00-48EE-9714-14CC77A415FB} {1A0D28E8-2AA7-4F23-A92C-75843CF2B994} 2604
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1612 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5764 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{B070B22D-A48F-4676-9D89-05E441AD5FC1} {67987D90-7900-4E7A-9B0C-AE8E6D557472} 3984
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{B070B22D-A48F-4676-9D89-05E441AD5FC1} {67987D90-7900-4E7A-9B0C-AE8E6D557472} 3984
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5F388DC7-D765-4017-8548-0544AC892DCD} {14145B04-E2FC-43A2-92F5-7FEC1A89DC25} 5616
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4644 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1
C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe
"dotnet-sdk-6.0.405-win-x64.exe" /install /quiet
C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe
"C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=676 /install /quiet
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe
"C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe" -q -burn.elevated BurnPipe.{F4E2C678-98F6-44A0-9879-2730A9EEC88E} {416F94C1-5620-4841-965B-289EF57ADCCE} 3116
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2620 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 519B03C66F343FC1B07C65DE94A41F04
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 40129A8BAE84EC5F2EE5A823E6D4649B
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 84F07D2EEAB6C1499CC944D5B0D77F30
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 04E88923501480380F9DE873B1D84E9A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A822AD27A0C5290EEEB38B19B5C7983E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0B59BA7240895D2D619876EB22AD4EDA
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E0D3856D3325DB25741CC2FDEDA4A4EE
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1A4D61C5D5D2966A46E1FDFBCAE49112
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BDC3DA5FB372F32BDB9F97E7309FE6D4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3637DDDF4F3A84E61EB7C91B6A828A2F
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1F9EFD705DB478344C7383E0EFCB63A3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nova.fnbuilds.services | udp |
| US | 172.67.143.219:443 | nova.fnbuilds.services | tcp |
| US | 172.67.143.219:443 | nova.fnbuilds.services | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launcher.novafn.dev | udp |
| US | 188.114.96.2:443 | launcher.novafn.dev | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nova.blksservers.com | udp |
| US | 67.227.226.240:443 | nova.blksservers.com | tcp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 23.37.1.150:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.14:443 | developers.google.com | tcp |
| GB | 142.250.200.14:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
\??\pipe\crashpad_4176_QVDEEBBTTUHSMEXP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2c80e81b2a33fec511747ae61d0bdb2f |
| SHA1 | 27f09e7d56398a15c9b14dec96b0ecdac3375b07 |
| SHA256 | 9a932540046dc5ceddfc2cdbffb0eb5f21538cd6f070d67c480223ea8d2e6ed4 |
| SHA512 | 2c0cc5be3aad8be7a31421cccac9aab77d80753c60dc0d6326522c73e6e16ddc400afaf98a63c0793cf93ed37c5036ee6329d6381540156c4f49f54b78415731 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b214a9dfa4c1982dcbce36668614b831 |
| SHA1 | f7580e61bfb095c97ace74638eb00df4f6bb6d88 |
| SHA256 | 796f966f9906d2fbd4b626864aeab694fe62dd7267c920f439df3915974e4d38 |
| SHA512 | c5dc8474a3fc388d0466c7d933bb141529c2da18cc89a8e84d78e596fbb9d4a77fa79735087ef52a1534e3d13aa6a0f9abb8f93e19c0cb5e90d2900974785a3d |
C:\Users\Admin\Downloads\NovaInstaller.exe
| MD5 | 2b7b606253fd6eb0627165cd95f45ede |
| SHA1 | c3373dfa478622fa0393f94062989669668ea8ba |
| SHA256 | 7a744520f5df04549f5d459ca66124d8c560a4151aac350bd33c11b4036c4f00 |
| SHA512 | c75334c47ba59c5d751bd20f22e0ceefc02b8d6dd4edba682b79c59812806da4979a520d61d123ed3b367bbe74b3793289b0dd23cd0595881fc4596ffbf90438 |
C:\Users\Admin\Downloads\NovaInstaller.exe
| MD5 | a03208c5d2cea1f228c2389651d75435 |
| SHA1 | 074e611332477bc3bb46975dc17fb953a5da303c |
| SHA256 | fea7639f21fee355b59096ec5ffd1a8f7806f79ac04e92073819e9eac69c620f |
| SHA512 | 1a1d14a5e608f89693c25dd59bc5f730bee02cfa1dbab2a2b8800f59655c286e60a1095e0b32439c04c86015f5de14dcedacb559ea3b8b27c324b1f2f913eec0 |
C:\Users\Admin\Downloads\NovaInstaller.exe
| MD5 | dd07c7e6d599c554bd3ccf386b878002 |
| SHA1 | 420aa7d50286a772f8c244825f38857d31636212 |
| SHA256 | 4ade9fc906f2361dffe9dcda5db7e268a07ebdbe919e9ebb003ada9c4bc5c2fd |
| SHA512 | 0bec2bec15f2ab1dd7a3fbc45739ef297f21c6312276dd207b068909ad216592c67493331568148cfc59fbacfd5ff0dcee2ee0c9253a246de55a3dfa6e5d2fe2 |
memory/4736-66-0x0000000180000000-0x0000000180A25000-memory.dmp
memory/4736-70-0x00007FF7E6070000-0x00007FF7E699D000-memory.dmp
memory/4736-69-0x000001C925E90000-0x000001C926E18000-memory.dmp
memory/4736-73-0x000001C925140000-0x000001C925368000-memory.dmp
memory/4736-76-0x000001C925370000-0x000001C9254CE000-memory.dmp
memory/4736-79-0x000001C924F00000-0x000001C924F44000-memory.dmp
memory/4736-82-0x000001C924F50000-0x000001C924F8E000-memory.dmp
memory/4736-85-0x000001C926E20000-0x000001C927662000-memory.dmp
memory/4736-88-0x000001C925080000-0x000001C925100000-memory.dmp
memory/4736-91-0x000001C9048E0000-0x000001C9048ED000-memory.dmp
memory/4736-94-0x000001C9048F0000-0x000001C9048F5000-memory.dmp
memory/4736-100-0x000001C9047B0000-0x000001C9047B7000-memory.dmp
memory/4736-97-0x000001C904920000-0x000001C904933000-memory.dmp
memory/4736-103-0x000001C904900000-0x000001C904919000-memory.dmp
memory/4736-106-0x000001C924FB0000-0x000001C924FC6000-memory.dmp
memory/4736-109-0x000001C925020000-0x000001C925060000-memory.dmp
memory/4736-115-0x000001C924F90000-0x000001C924FA2000-memory.dmp
memory/4736-112-0x000001C924FD0000-0x000001C924FE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\PresentationNative_cor3.dll
| MD5 | 607039b9e741f29a5996d255ae7ea39f |
| SHA1 | 9ea6ef007bee59e05dd9dd994da2a56a8675a021 |
| SHA256 | be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369 |
| SHA512 | 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50 |
memory/4736-122-0x000001C9255D0000-0x000001C9256C4000-memory.dmp
memory/4736-125-0x000001C925010000-0x000001C925018000-memory.dmp
memory/4736-128-0x000001C925520000-0x000001C925567000-memory.dmp
memory/4736-131-0x000001C9254D0000-0x000001C9254FA000-memory.dmp
memory/4736-134-0x000001C9298A0000-0x000001C92A0BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\wpfgfx_cor3.dll
| MD5 | f3272b0a0e144c819cba2e8f469549c6 |
| SHA1 | f693b8ecb31cb32ed797746c96051c0b753cbd0d |
| SHA256 | 68708f067727d09f6576fac3a365ac0204874dbf55369b1efa69691d4ddecd3a |
| SHA512 | ebb14323f7fd45b1dd2ba843e282146ed03e91f6bc62022c4af6e996695b66d5a603295ddd9a6bfc87e0118195f9a3b114ff11f6d1418e969c5977630f9859c9 |
C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\D3DCompiler_47_cor3.dll
| MD5 | 9a75ecacc7ffcb95eb0ac2323b6f90bb |
| SHA1 | 73301d88697f769daf3d181936a830a15be7af11 |
| SHA256 | f601de157de0ef238b6ff16208ba605b95a1c5c503e098f73ba932f6351bd326 |
| SHA512 | f963eed4481f11170a6f3b6f805c073e49a54728889151caea3e1a25851d1e1d46c268256f2548270cdd92b946942395548960e7e4e37a9de190f7bba70ee1d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5b78ade66925619423c232d0ec9a3876 |
| SHA1 | 426dfe3cddd57c1382d6b43786f3dfd438099499 |
| SHA256 | 2c73dced70f68c6496a2e8d49a2e3ab150ab21837d9af6fc427c6443d6fa5f6a |
| SHA512 | bb2680c3aabfe1f4e5cb9c69e308ae9f191bbb7606fb788e581395db1625048244b556183d90135b814198c01c48da64cd7122b086ef73a39b38f030e2a64de6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579664.TMP
| MD5 | 8d848bea247b065786165b0d713c9aa9 |
| SHA1 | f33872454c6aeeb09a7456a14e1df9c40b4ebad3 |
| SHA256 | e2d87a421b4ae267c93817d8c54093610a56d27fe3180e8569dddb5a3a2b513b |
| SHA512 | cf327ccb29c9893bca0a75f3a10c7675dcc1b8cf826e85e80e22dea1f81643359393e48f77e3ba373b8913a8c613d6531dcc218896f501438527e278e2fa13a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6d540a4f-67b6-4bb6-a0c6-3a778edf3064.tmp
| MD5 | f0b22e8cefbb2df3950faaf208c558c8 |
| SHA1 | e4c14ef23e41b39b68b84666193fceff502d250f |
| SHA256 | a2ec86f220dc948db8c3313341b3590bacc18b161670cced95070d98f91bae17 |
| SHA512 | a8d85babdd1693e9cd53f821842d600cfed270f69a058497a35aef1b8a774e1c5182be79da406c475b185381a5ac01d5895634447cb0688684806e4383780937 |
C:\Users\Admin\Downloads\vc_redist.x64.exe
| MD5 | 281594e04055706773cd204c26434f93 |
| SHA1 | 8c2d5798906650b1cd3c1eeda0e2c4a91393e1c4 |
| SHA256 | 766e48a469dd04ccc6f8ff325d89b3b80b2ab5bee90336f85b663884914f263b |
| SHA512 | 48a83ab804ffd438985030caf0f40b67feeb0a0fc1c2c5022bc2487773e1f3d258c41a042fd73962fd486fc37f798e83b6f3bf49a01a50070125cfffe03b70de |
C:\Users\Admin\Downloads\vc_redist.x64.exe
| MD5 | f3717f895d49e4bb1cfa0172e0792f42 |
| SHA1 | 53c93e5919fb3e58006520070ec86477272297f0 |
| SHA256 | 33005305187e489b6667928a5a9ce04cca8e0b7bfab1d589e474bb27da3e657f |
| SHA512 | ee09f1fd8d7e54004711de0b490ab3def4ad50847675330eeb4d53674dd96b2dcf6fbb65746824536ba69406845b15531f9dbf8e00e92df577c07c822886233f |
C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe
| MD5 | b73be38096eddc4d427fbbfdd8cf15bd |
| SHA1 | 534f605fd43cc7089e448e5fa1b1a2d56de14779 |
| SHA256 | ab1164dcaf6c7d7d4905881f332a7b6f854be46e36b860c44d9eedc96ab6607a |
| SHA512 | 5af779926d344bc7c4140725f90cddad5eb778f5ca4856d5a31a6084424964d205638815eab4454e0ea34ea56fafca19fadd1eb2779dc6b7f277e4e4ce4b1603 |
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 217b94c0d0fe6b244493167fea26bd1c |
| SHA1 | fd7a8b06ba0600703221b28c3abe159f57c70bf2 |
| SHA256 | a88042fd3954dc3c59a4789478c9d5083bd11d0031d926f703b5f1873196c924 |
| SHA512 | 310878dbab0af02eb0d0c53c06f1f002b0d326138d5524cb35bf4d762a4d27fe562ef853780d5b564700eb6e4326de8ea45799d2c2b505c1b5585930c5d3a204 |
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\vcRuntimeMinimum_x64
| MD5 | e312d6be7dee2b8f3737e0a1bc92e3aa |
| SHA1 | 72487572a3f8b8eff93489997c8a5041ea7a6867 |
| SHA256 | d48c8e848a219bceb638b2505132756cb908703fe75dee78bdf475435420dc49 |
| SHA512 | b39a0c18aa242887e3f9ae3d49bc9d6765ce15097718964cccd86b824d13481cbd53175105db29d17e3a08f74fe4d20dfb3f9989eca5276c3f5fbb255b80f8ae |
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\cab5046A8AB272BF37297BB7928664C9503
| MD5 | 3d14b0e254ea96fef419e6da38eb25e4 |
| SHA1 | 93341ef98a0e2ae2cccc7e467af23bcc477d9a5c |
| SHA256 | 8717dc81d0345d8b81aa85e776fd3e0e6010dba974bf0f5660071e6d680c4526 |
| SHA512 | 64a656648c16aa78ed74196e327126f6a9eb5d89052cdcd8f83eb655842e41c4f42be7f61541371f36ce322d208d1d707f485e99a79aa799fad7fd2c51553811 |
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\vcRuntimeAdditional_x64
| MD5 | d5a907e3b279f26804af0c56b0c65d52 |
| SHA1 | 63bf7f0afd12ef21781dc14dd3b14c59d9e66518 |
| SHA256 | 401ffa2ef4f070e211ef3f6e4f8a2a7af2bc9ea0119bbacad040669ab6221bba |
| SHA512 | 8d23fed4d26f0e2d1e40d5993ab2f588be1e7873cbcbe2064351ca8ef705bf74535225e9d0c2adf93fabfd45691077c7abb3991a013c8b4b234b9751c991f327 |
C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
| MD5 | d0cbbe859fbb7c25dd5158e0f45d3682 |
| SHA1 | 9c2f0b8379976fda1b46aa8c4a4a27b6f824b659 |
| SHA256 | 97aef328363e120e786841903bb51a17547aa84f64d5d3525940ec5a69b9a627 |
| SHA512 | 7ad84ae54668c07033ad100bc101fd0bf0b0783a1dd1f018d241097e167328b8e87cc15e4c0b45859e1946d41ef7528f46ca3c44deccd8859f11274d9e4189b6 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240222175023_000_vcRuntimeMinimum_x64.log
| MD5 | 92275b263ae8e164b76019158ab5a6cb |
| SHA1 | a1cfb8c881da705c320d29226462a34abe327164 |
| SHA256 | 5f9a670c88648a7f87b46b8fe3e611a09053c3778d270080233666591ff449c9 |
| SHA512 | 2afaff8674cc0ceb5d957bf5241b031ab58f3dd7a9f6bf9e16ef7239875985ca4cad95565fd86f8a1feec2d70ca9ec937fe9228c23a63e527116fbf0cbc465b0 |
C:\Config.Msi\e57e64e.rbs
| MD5 | c5e6e95a3aa9f0a791eb1fc9408a6215 |
| SHA1 | 112114449c5e0d880bc57dfc345b901bfe7bdceb |
| SHA256 | 2bf3d75ab25db0096b24fe873109b92b39c04961ba52e77411bf907b2ebba797 |
| SHA512 | 8cc520f926cc2e85a46edb326637e4d54e99c5a0619161299c9af42a893e3c1a6d9bd2a2d2a993e75c536388f0a3644119314c7fbc2f52c8d39c4db42f833cea |
C:\Config.Msi\e57e65a.rbs
| MD5 | ad57074ba7d7fa9ffc3ca5d15b96ed6f |
| SHA1 | 908a5b17648a6ee9172f8d9f3d18cb268ab9e0f5 |
| SHA256 | b228d5df67c6e154544572dbf0eaaba0ab64a9a4e2c29c147f55e8ac061f6533 |
| SHA512 | 1afe0e22b0510854f4288bcac1fb6eefe4d49ec6480c1929c3bf21d806eaf7dfa65076e8a049dfa63ed2dab3e3402d6b92dc64fb9173a92f21d5abee6ebc4ee4 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240222175023_001_vcRuntimeAdditional_x64.log
| MD5 | f95d6ac40dbe808f821cac6201630a08 |
| SHA1 | 0e63c9d9942f94fc8d3e1c700494ab0b8d0a21c8 |
| SHA256 | 6353926b45ce9cbb9f7505fbf7fcc71be2517d1fd98aebac0a178c39c8c210db |
| SHA512 | ec6d2b44ffc5b634f963f570351b1cac770d6f457af548193eb43ea5cd64a9018633e395b1793a2825b952840554454628b719b203a88628a13a30673a238307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1955ab5101b579648b4c29278e7f60f3 |
| SHA1 | add5c958f3121465bfe183fcadd70d08cb13e5a0 |
| SHA256 | 3f9d6c966068230cfd38595d0f7cd78596ab30b305a5a32f3a1f7c6837938179 |
| SHA512 | 04bb19297e0ae6df5877cb03393b15a40cb13b48f9bd9b8837783c04293c1ca1474e5b37b982a7ac990516648c2fd5543c9835951f3a655bfa193a958c9873dc |
C:\Config.Msi\e57e661.rbs
| MD5 | 6ee74dc18bbd9651d0f8a9bf251d8379 |
| SHA1 | c91184f782331029ef4e9103e1df380075623ad4 |
| SHA256 | d2ebecab53d08f2f6ec53a4bc5699a7d6344e83849c8cf48a1ed396ead1afb42 |
| SHA512 | fa4ac7e46d64edef61fb1af8e69877858fcfcabe05653699b360f4710e6ba8b21308bf2f3371f59de7d64e587a4c5ba5608807d75623d843b542d951ae1aad9c |
C:\Config.Msi\e57e670.rbs
| MD5 | 26abdab671e41357e341a4664578ebe7 |
| SHA1 | 9ed0766bd5cc7248abe296803e7c1874255dee5f |
| SHA256 | 3f7563bb9e29898f259347db6a0cabdd195c17fd525e9ae3038dfe88404e0f4d |
| SHA512 | 9653fbba78db7367405837b1e9debf32e515eaeab0b1b5f1db32cff267bccc67c2c244862acf9cbe7921f697967b4ddaf6bd4bede0b06375a59e87976741498a |
memory/4736-460-0x00007FF7E6070000-0x00007FF7E699D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 505114dc19d34046f48bf90ee042b477 |
| SHA1 | f707268a5d9a800353baa28bb235ba9a1f8f5e86 |
| SHA256 | 09d7bc5ba64d52dc19c1d6b545cafb90194c8b7628e13b6972bbbe8abfb66927 |
| SHA512 | 6a132fbcd7866dc49de7c61c3b6ba0ea79ede5f3c6824689af8e36ffde581014fe7aec5c832612d20f397b29e43ea298a0291ba9264b80262b1cf7fc7e7afe6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a1f62dc0856f63b6fc2e482de56a3f5 |
| SHA1 | 299b6b6ace0eb6c136142b2aa7676a9a1522bfa7 |
| SHA256 | 5395e8bbd986e532acec9dba32957fd7c75fc70e20ee93a4d9b833e13e2b1460 |
| SHA512 | 305d68c6e9e7de496ee7689b6aff1e0ebf226f7aa17ede6b49ac9782f970ff42fc115460486fab65b5cd48a5829ba00369f8e1dc4d8f041874bcde4333bb27ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7fb44e0ef897887f29b1dd6d66c7a283 |
| SHA1 | 1fbfe433c992510b722446c740bcc478794dc26e |
| SHA256 | 9fca57d431a44bb57c02ccc7dfcd4cdffc3bfccf80cc1635bae50fb00f3c0ec9 |
| SHA512 | b087bef49711a51b53f4693092fc8897d1f8f0d67c9a08837e560b62ba0a461ef0e670f2b1024a3912ae37240a5eeee78e1f1b1af3501de34e4d1a25b45ac185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9f85b5df000371797f53ad6f53f4963 |
| SHA1 | b0a190c929c14d5587d5a3314b462c6743da2837 |
| SHA256 | a85e417e7f1f97e559e6a1a05cb3ff953d1d28a445f28130878832f62bf8c8fb |
| SHA512 | eced734f092ac548103aa35df166d64d672ed312f56e91efdca8356e4afb0f6bf0226639719ee430bbf4d6a2ba7504002ff64533e9c18763a8c7bfa6de892f68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4b9fcf8e39e7a343c44d794ad03ab625 |
| SHA1 | 7816ef53a5c790b78ec6ef82e1ce78e338d4db7d |
| SHA256 | f8a7cbc1e21434d89fa7af8a3781878964a162330bab22db8553517ac3215eb5 |
| SHA512 | 76120c6991ba04b6d6bcac8a6bd7adf781bd550f8aed318b0f4bf79d1ac3dbf1f24bc4e369cbf92a7b5e3e2bde4ac17ec497403a2d430b1deee45ea1212951e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_developers.google.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c3f5cb71f57967c047367c7a18dc2304 |
| SHA1 | ad369bf8a171804e2352d6d60d6d10c744a861ee |
| SHA256 | 627a831722e9c2e400427cad5cb46777874f0f17585cf42df02c9b9f6ed5893d |
| SHA512 | cc2d85096290bafccd15339a940ea68fdc221443ad22cd6d3adda87f2c0c0e9835c850dee07b8747956cbd7db1700ed91b4dcfe34d3d8cbe5dae336774f03029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e046195b948c32cbe7c103d1e633ea6 |
| SHA1 | bc923517ff286c5747cdd8d9c8ba36d205e37278 |
| SHA256 | b18712ad62d6658e63eae21141f9a91080fff9a0d3932ca724cedf8cb3aae150 |
| SHA512 | 2b819b01c8454b0efec9cf9308f4461fc940e0e67191d7aa3656fa5a2cdb0fa70ecd2e9391872a625dc0e52ede24759be437bbd5f3c3f88724a0fba17509e98e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4c1321206d6de2cc937b361111020da |
| SHA1 | 995075a2990ec1e8e6f110f93ac3fd4d73d36b49 |
| SHA256 | 0f1eee70bfa1b5b5ef7c5d085c9d07f62f114bedd792cf6b2c310c087b467f3c |
| SHA512 | 6cf91b928b43267fed6c429f27feffbc78d459a4d2af93f73fd1f1f147854418982bea05e8010af17f34515874eaff4b8a5f2cbe7cd9129cb19a22aa5af9207c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3b5e1049271c64affdae14c8c4850cc1 |
| SHA1 | 8b61a718cca6b9b77bef882e6895517b43ab8940 |
| SHA256 | 93a9694290d9cf5448ffec817d034f1c7b02adfe299deba24f2b4739e4187408 |
| SHA512 | f0ee23c74d655448907bdb4d54622f68dab1882e819a76506afd1c42750d23181b89cb4143bc49c733f0051d4e4d49c6e01023a2268626c2481dd5a7f0af6c04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dc42.TMP
| MD5 | 27badc272e24d0cc397fe1667e20b501 |
| SHA1 | 4a5f7cd880ddc2b2d6a8f7c9317aa9864225c7b1 |
| SHA256 | 2f156ca94cb599b9b93fd1ed63c1bc448f7ef508017bab4f674cd4905d2a1f5e |
| SHA512 | 91d4c55f658c76f649846a54cf6c5926f5e57bc6c56f74cfac2c6404ba9fa23dfd69049fe06bbac76b83d2bb3f54345eebee34a28fd13e1f80a105a363607aab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1f676241675c17fec33c9895515f4a82 |
| SHA1 | 26843db438ccc50294409b0d4ed0e099d7a74fc9 |
| SHA256 | 89a4c62b8087979600783f7d5c8c922d3c2d4bd3bfe36b6c8c5540cb72891e10 |
| SHA512 | cfdc99d3c49a954a9cb371faa4539e6957b1b10a89619cc32831c97123c035a35dd65abb16cecc4d94badd5697ce903af691e451bd59fce72dcb606f87e611e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\3fc57804-53aa-4e9f-b880-2f113f6e0f6a\index-dir\the-real-index~RFe58df8d.TMP
| MD5 | 6ded383b2e3ea3a68d30228f344ce050 |
| SHA1 | fabd4f700ce2d859e55460d23beb341d44f83dd5 |
| SHA256 | 2e4fd848282e98247fce3a6e7031b9d16b529d00194d012224753dafd3b91368 |
| SHA512 | 43a55a4e81eb32de0bf5be78b874ba9b9cee426d50af698cbaacea6521e8c46d1d1a932bfe8938abe20f931538ca47e32e5cde70063893aaf7960093d9839dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\3fc57804-53aa-4e9f-b880-2f113f6e0f6a\index-dir\the-real-index
| MD5 | a794fb5ff1406f182de9491be17593ce |
| SHA1 | 5c626df5ebd49f5ff32389346fa4931fb5a5ca64 |
| SHA256 | d55f604270176af2ed7b3c2b01094c5664b2fcb2a71a44969209274360e2235f |
| SHA512 | 757f052301db7a8dd3b06ebfee49b5b8591dd5bbd91862b61466d23bd52d47daf73ebc124a7f254f802dbcec818f12c8b70091913be0b0c682650c3e143a5145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt
| MD5 | c42a2edc55cbfefd6b62652d2a179ba2 |
| SHA1 | d4e10bd177f097b21929527ad397f3b9c11916c8 |
| SHA256 | 51520bd5b7a90dd572ad86b5251a4e98cab7911f670747484bac553eb085563f |
| SHA512 | d9626aa8710b122cf037a7e916ee7f4eab46c05249eed0a28e1a8f361783a8654cca1708baafa40b06dd260e5bc1e123ded9352fa6fd905efe59ffb27c9b11c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt~RFe58dfbc.TMP
| MD5 | 9c033c83c1c2760a43c1744834740f35 |
| SHA1 | 569adaff76a7960f1f85a8a5b125e9d725626664 |
| SHA256 | 2cbd48e7ea5270c28abda39365bd0bf17dc811a087da125807a1ceae42e1980a |
| SHA512 | aa552c12f5469ab12413c845ebd669853a6987a129d5bb8d9174e25190df9db19b1ba27e0ae77f07779d0a61968af6dcf8d31539ef31bdf36c0a5dc20985dbbc |
C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe
| MD5 | b6de8f061c6bbe607b5e53f37311865b |
| SHA1 | 6f05655e44651dcbe96b9712f5273862a5981cf7 |
| SHA256 | 8543ad70296dc1511eb978f6437a4f49461e5ef5b7a915dd87356cf649b4ca4f |
| SHA512 | 55ca40ea6f6ca406e417a9f73351815b60a414de449fe8d6c856a3bde1c7911e8fb968864ba2fd26c3168765e9088e09ac3c806f4dabeb48ec52f9e611f6fc7c |
C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe
| MD5 | 28c031be6d17f352db27cd8e6c27bc42 |
| SHA1 | 852b6e793ea8d76d3387e1d98446fe106172e95f |
| SHA256 | fe24f490cb6bf9312d9bb92ed39908249b101c5975c490ec51c44c9393645839 |
| SHA512 | 73ed5ffe7d4dfdc6b15d005d80c9c173958c6f81bbf421b1e468b802e25aeb9719c3e3a1afcad69eb19368293ea4b1140c38d24dc42d0e44011f5b094d1dee50 |
C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe
| MD5 | c829733fccac1d023514b6a56647d461 |
| SHA1 | eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec |
| SHA256 | fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc |
| SHA512 | dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.ba\wixstdba.dll
| MD5 | 4356ee50f0b1a878e270614780ddf095 |
| SHA1 | b5c0915f023b2e4ed3e122322abc40c4437909af |
| SHA256 | 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104 |
| SHA512 | b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\ProgramData\Package Cache\{c649ede4-f16a-4486-a117-dcc2f2a35165}\state.rsm
| MD5 | efc70a09597ed5d7f6bee3e5dae97b74 |
| SHA1 | eefec0dd29191ece459b15a533e97d9924542f6a |
| SHA256 | a80426357919ebe640066657a30292f6d0f29cd373d43c2e769a050c36883e87 |
| SHA512 | 233c48e3b0e7174dff9a8bed6fc825ba6d3415d5088265b2a4be634faf9a4c21adf010404da7680a79547a41a5f8882ff0f0b0ed874aabeb3ef887d9b83ae612 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\windowsdesktop_targeting_pack_6.0.21_win_x86.msi
| MD5 | 301ecae747b29905894719430a79d2a8 |
| SHA1 | 2f3a35247dc66e3eed74ed925547005bf99a1ef8 |
| SHA256 | 8110a0aebcaa8b36f35bf9eac28c7b5975cd0cbc509123782755192ee099d47a |
| SHA512 | 0bf1f4f69a4c685816fe5adfe11df3e2406a5e636538dbc00a0ec2676eade309cd580bdfdc235fa5dd8cfae43793d13e8b362a1b14e40476fe130dfffa50d4c7 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\AspNetCoreSharedFramework_x86
| MD5 | 0fa3a77c2aa5c177281565e6ccbb5554 |
| SHA1 | 0793fc303279f581d69037c26152a036627a1012 |
| SHA256 | aa70a191dc6bf89f406bc10f603d6b6df7d93428be7f88346c53a18623c81e08 |
| SHA512 | fb806e3d58ac51139b0573fd5e8b23d0d100bc9fb30810b79bb1165fffb6ad2cfe96de3df4aeab61b1b2087bc006b8b7d8ac7ba076dc0ea048faa592bd98c2aa |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Finalizer
| MD5 | 1ec0ef0eb7860f069bda682b0e74df8d |
| SHA1 | 12ffab75565303e970e27218efeeb364b3ecdd18 |
| SHA256 | 2f6948e63b4c8e4493b32dedcaad3d871bd86940e160435bb794fb9be12e2001 |
| SHA512 | 9964a24217aaf610f1bcd85ef246d9f361313090e1acddc5eaee7b2e241fc441b2ddcdb305e3cbc5591a0c6566856291ff549aab1e09c8b7acf45482df1cb71b |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_runtime_6.0.21_win_x86.msi
| MD5 | a5fadf292988ad801c1987adf306054d |
| SHA1 | 5b1309ae8512a6b624e34a8806daf4e0961009ca |
| SHA256 | 769f3ddf0ba5b89e5d28c849725050e59912a457bdddcdbd436b48210395ef8a |
| SHA512 | 33f830fc86ddaa369ecbfd82c3001f6f70df513f1449171a18ae78ac728d6a0908fff5cacb8acda9feaa15d611e4e6fc670e7ec8eae153647d7e8c75cb9ad420 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_host_6.0.21_win_x86.msi
| MD5 | 06a94b7b03fd6ddc6942959b0360551a |
| SHA1 | 6ec5e317599efa731ebd86a1fdca187391cd5f59 |
| SHA256 | 837eb5ef21b543600c4dcd1905d7072e5ec88dd4ea7c177a9755df602f7aad97 |
| SHA512 | 6c276e21070995f57ad2f31eeb4cdddd42e28dd1cd37405aa773883b567621c97077ef669f34dd357d15ffb3930c67b1a5950cc39ee7f78927002f3c8b2fbac8 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_hostfxr_6.0.21_win_x86.msi
| MD5 | 1da4c6997d53b4e057eacba87395c44c |
| SHA1 | e62f066789d3494799b3b0edd6885e8b92e59f53 |
| SHA256 | 13cda8492bbcbf19f0d09582e259eab6f7b934f74b1bfb50c4250a4e27d80fde |
| SHA512 | e2c39964a116cb14833c83a3efe09d890c8c0cac963c007a477aaf8c181230ebcfc54412953816588ac932656982ebd667739fefc135869d848ebab0f789c83f |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_targeting_pack_6.0.21_win_x86.msi
| MD5 | de8422d18458aaf0d9aba8a07c9c07b2 |
| SHA1 | 4f03e7b04c4b36ba9b83725ed7eb49302522672d |
| SHA256 | 7da9195a7c7d8c60f1a66df58c988a5d523e55c6256d031167c94982d3cb447d |
| SHA512 | 937d6b1216145712cee543c4b1e8b1cce375c4aa6bfffa041b78ad21f52b598d6d85d20345d0acceb91dfde3e8245c60932647931d33b0cebbffa7d3713a1193 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86_x64.msi
| MD5 | 1ed329f3cabf76cdf1d2d1528f8c99e6 |
| SHA1 | d85ebcde2a0d21d04e023398282fcbc3730c9144 |
| SHA256 | cd6ea31d71c900c99ecf944e415f29744b496715a726d24b17653de6cb941f2b |
| SHA512 | 6e713bc3ecf33de6627b9886db791913745d29d9d122792d43ae233578ea453e718107681944d0e504ac0e7212f0d5150c1cbcf625eae8e1dd038158a32baa6f |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86.msi
| MD5 | a770e7c5f3cedf9a6aeac0a92c4ebb8f |
| SHA1 | 49e6f030e12ccddaf20ea67a2080c80282776b99 |
| SHA256 | 268df9fd4c1382dd39419081cd27a98bacd764a950442e40442d298dc5e4b837 |
| SHA512 | d305f09dffc7f8cff95e184bbf6abf5624858e16200f18fc4e80f8d5e5f9200fdc8f8a9d4f3316d10674adc43506036416a824814d30a0738af7985a2d0117ce |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86_arm.msi
| MD5 | 6999b5d640b5e194dc5e87abe05fb2ac |
| SHA1 | d01e97273945b853b76a53ac657788269d2ffa10 |
| SHA256 | 3bd2495165f4d325205b7e4f37fa0654a6ac12c65be7ebb515f12c5413859b8e |
| SHA512 | 9481dfeabcefb3446d9c54502b3537f2298926269da39c12c92ccc51c4bc6c73a79ac51b92fdbe7ae1e7be0bd47c7c4a192ba5bfd806adeb3a99d7a9037a8711 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.413_(x86)_20240222175142_000_dotnet_runtime_6.0.21_win_x86.msi.log
| MD5 | e2445a6776677a26978965ab7488c70c |
| SHA1 | 713e44044a0ef51a802c242f633bbce3aaf990cd |
| SHA256 | dd5d7773a49fd136498413141342a29730f3d1b5cca7a02f3c645ae26d7c2c9d |
| SHA512 | c0a9d81b8f977aafb3f7e8b25ab5e14b2e6ee3de64c803a4c9393bc4845209e56c3a02eae5dee599a865d009f25ad95363bd2d19ee1327b489d73b9768582a7e |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\aspnetcore_targeting_pack_6.0.21_servicing.23364.38_win_x86.msi
| MD5 | f846d2bd240a812ef7735f1af9a0d7a0 |
| SHA1 | ede9a3627e6e761739d3c6180fd7595f9fa6124f |
| SHA256 | 5008ada911bf5596fb526cec3c449ff58d61761d66b6ba4bb42ef1e6ae9422fa |
| SHA512 | eb8b2a3b86dc9a3ff55c4a6db198e583011cb039d30dc9d131463ba8492cdfbf8f6f64d4258e9050d73180460b5b3e99413bd4f4fd2513f9239689f8b17ff367 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.MacCatalyst.Manifest_6.0.300.15.4.303_x86.msi
| MD5 | a5979d34f92f39d27a21d8163583862e |
| SHA1 | 1203352b2c68f873648a3ebbad6b83cbe00a0822 |
| SHA256 | 9f9a931214de020a6be34633bf9f5e22d616ad7aaa10563144cdf8189c4bb17e |
| SHA512 | b0cfa77b9f207ed25e8dc17e7922b3b5f6eb419f3a393eb7505a6a9800fdb6a8eda568efcaa7c89d6cf52af024277158242f59563ce0396280c90a2c0dc57feb |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.iOS.Manifest_6.0.300.15.4.303_x86.msi
| MD5 | 4e4d26193bd7adf82dba0ad97ec8f5d2 |
| SHA1 | c9ac4301dc31d9888cd65f15aa2fe9e110a59209 |
| SHA256 | 86ef7bfcfbae9b65d940db6cb03b53a1b69c911d1d1d57bd6e082a4f97723135 |
| SHA512 | c77078e499c249c738946edb9bc52577e3df56a067da15e5d5f24bf855cf9acda7ac377a35ac184498c6751fbf4ee552b8b4b6744a297f9c60a7da73059a9343 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.Android.Manifest_6.0.300.32.0.301_x86.msi
| MD5 | a4b79c3af25e4ff3125e872bbe8abece |
| SHA1 | d72feb62deb1585f9743312fd3d4160706aeb4ce |
| SHA256 | 187d2afab3e747f49d9afc4e720e312f098194760517adcd822ce6f18bd30bc6 |
| SHA512 | 42bd976aff2fde5cf4d06ec314efead67715cc34c8635669d89712a743a9ac6a4da5de5fddd9e682fc72a458e5b7d38c8ce8a80b6fb12b74e72c8536473433e6 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_60templates_6.0.413_servicing.23367.26_win_x86.msi
| MD5 | d058ba14c23a55a07e639470d5594017 |
| SHA1 | b99a4598362a0034e62564eb515f310e3dabbbef |
| SHA256 | a1b0e104219780c14c5067dcc3edd03b5204306bd6c4e882f10ded3a5d58e6b8 |
| SHA512 | 3b97b280893dbce7b01bdff2c51e20de7a48ee850fab9da16bcd2bc23b29a38f1d37c1a7215a73f4d4a65a6dc3f9f4469c2a02268a8fa3b416ca3fe0dd0f40d5 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\windowsdesktop_runtime_6.0.21_win_x86.msi
| MD5 | 97e42507d53d448b3806128080d5a758 |
| SHA1 | 9c378f65dd6b3b85c3989f06b01d569bfa16f669 |
| SHA256 | 0554cae60e8c0751b2ff2ac733d88170162dac823afe43ce516af2b4280a9a7f |
| SHA512 | 5201570866972f0e2cb53fdeb97584eec405896e864c014fbb8b0911717e2dd27e394865b2772bb63009494bb00cc8776bea20990bdbc8889005a90f233d794d |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\netstandard_targeting_pack_2.1.0_win_x86.msi
| MD5 | 48c5e8790b27c069b2f7f711a77ced17 |
| SHA1 | bb5fd31397a04b7f9064572b49099582f559bc79 |
| SHA256 | dea4e3d5fc348cfc668f7caf89c3503ecb99e90405474efe36cfc4d72084245b |
| SHA512 | 6d8ed59bc050ec94ab400ccf37aec74dab80d517a3e5a5f0deb6693005f4eedf0c1dcced0ec85febd72f7fd82aac7c7516a542095e20c5120c591d05ab393ff2 |
C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86_arm64.msi
| MD5 | d1658a415473267e6c2233db17b78d93 |
| SHA1 | 4b04f1994cd456437200816e13bb2fd7750f6f4b |
| SHA256 | e643202cfe7c17c8efcfd3299a5e9f808204b4ec1029ec2a02fb3b6f995f65f1 |
| SHA512 | 31953a50c60018d5e7d65885d88305a7703893e826ebd0d16ac171f72a4615206e6ea28243da2bfb73f4ffd09607852fdd74766446bd82814f5b460fc009174c |
C:\Windows\Installer\e57e676.msi
| MD5 | e79bada7cb5640f0c5c486a63fcfb75d |
| SHA1 | b8c1fdadebd64a237ba63676e45c4702f998278b |
| SHA256 | 7d585a27e8fe15388570ea170765651189bad6ad7d2d84b6c252bf950784e516 |
| SHA512 | 950f938fee3ae3328ad69ebc39e515fd0473753b1266a0f5a4c2354235526a6865661648990f90f844a4e493cef8c4b42495626e7ea8912442579ccfd3c7af36 |
C:\Config.Msi\e57e675.rbs
| MD5 | 162d899ef151d56de9f32c229da03934 |
| SHA1 | dd5b46ea41add1dec67a86571f4cdc7ce9e30a59 |
| SHA256 | a70933d684d55e5f363989126b15e51172c43efc6d314e44ae901b1bbc01e8e4 |
| SHA512 | 0cfb172e75733999a41a5eabac65e227892f6929ae9826a47d9013091f09b41d7bcc44ee5f0d0ccbcd8afdcfb5e40e35684d56c14d6c97c438767d0995676cb7 |
C:\Config.Msi\e57e67a.rbs
| MD5 | 3f164db3be0c5fef5738ff4113f0951f |
| SHA1 | 46c41644e2709d8cf777a0fd3df051827ab6d6e6 |
| SHA256 | 301329b5d9032b64976ce9b8d62667db2fbc28c69b0b28a970172dad54fd68a6 |
| SHA512 | b3fcfa212eddbc8ecb0727cd94af352779f5a89946e9212cfe7b175644ef1b2eba5a749444e5349eb26b9bb0c60777bfdbd40bbe1f969d7d619f4fed26210d26 |
C:\Program Files (x86)\dotnet\LICENSE.txt
| MD5 | 31c5a77b3c57c8c2e82b9541b00bcd5a |
| SHA1 | 153d4bc14e3a2c1485006f1752e797ca8684d06d |
| SHA256 | 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d |
| SHA512 | ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6 |
C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt
| MD5 | f77a4aecfaf4640d801eb6dcdfddc478 |
| SHA1 | 7424710f255f6205ef559e4d7e281a3b701183bb |
| SHA256 | d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7 |
| SHA512 | 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b |
C:\Config.Msi\e57e67f.rbs
| MD5 | 59f6942c8939004f1ac206f9ef6c6600 |
| SHA1 | 768d6b79bb49f27c6e8eb9497ea82adc381e06a8 |
| SHA256 | d4e5a565dca1b25285b743c2de9a38d3b959df8f104ecda9df033388dc6397cc |
| SHA512 | 03abbcbc7b6518b1a6f0ff4bda977a708eac0988ac2f7bc8e578e38a9ebe61c1372da7fa9edc7b0dbdc92b17cd7fcffbc8fbeacba7bb851fb9773f88f65f0b39 |
C:\Windows\Installer\MSI2DD6.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Config.Msi\e57e684.rbs
| MD5 | d6627d91ca83e9c52dee3c836084249a |
| SHA1 | 4ea8d9e933ffa01a1486d9b518473d1103e424cc |
| SHA256 | c9198d0dca07f7c6a711a397ff04d0e5f575356f69d664e7bf40d26c97800194 |
| SHA512 | 1b32f61376408feb1c7b8c7405fd5af5383214e2f4bca9ae4b2aed36e43f163b99627a8c6f72714d4492d8a8ace67c8fdf287751244baeb3aba87866ce351ae8 |
C:\Config.Msi\e57e689.rbs
| MD5 | 39da5d142c2ffd30ff3bc5176e33efb9 |
| SHA1 | c3c73082d42e40879bcacba17c139039115513dc |
| SHA256 | 2a34c01c32b8f8a0c28c767c9b2c658433509f911c3503ec67edbada3514c993 |
| SHA512 | ea5fa788b9ee319ff9e95dbe4ab09b02cf2bf8962cfe9ebcea703d0260a5e964799678611d9ff518b60eefdfabf87e7e23a0dd5e8968682451138bf8bee9e0ce |
C:\Config.Msi\e57e68e.rbs
| MD5 | 60e8abf01e171050c706919df093e41a |
| SHA1 | 1233cb473a8529fa5175125f86e6e84612dce254 |
| SHA256 | 4d437844732d7bccb28b8b9e7cd1b1b1764a3ce695294c15321b336e066f23e2 |
| SHA512 | 9f187721706d53e2cc81bc6e3304f461945789475823ef11ca3ee285decb359a884826250b35bdde6133f92407c76bb563f3da56495c024ba1378aecf6d7907c |
C:\Config.Msi\e57e693.rbs
| MD5 | 5c6f0a1997ac101358428bdf4cbee9cd |
| SHA1 | 096b8af93a9b8bc8344112b4ccc2a1f33eb25691 |
| SHA256 | adc3306ff7dbd7f3f53de47b5e4331bfd754634e75106030712964eac7cdfd42 |
| SHA512 | aa7ce37578d73d6f0593689c76e6daf631d5d92a8c4c713629df3fd087ea70644ec0beccad57f6a8ce3fdc4371917aacaf28420a3b33b481b12143f5fb28b4c7 |
C:\Config.Msi\e57e698.rbs
| MD5 | 8a02abf1fb063b897646657285b5ad72 |
| SHA1 | 0d8efb786ae008aa0eae365bf664355fe8bcf287 |
| SHA256 | 3c1d92707b359cc9a9d7fd64479bcb1837a835b35bc38d95c80e31f2c8e1735b |
| SHA512 | ed8ee73bce2dd02b0419f5b7e64909ee0c19cf18dd0be18c79debc4fbe180ef1e2f8d9ce45134b3fd68a7ff682d6a71660375b90b57d92c732e0e84c1c29397b |
C:\Config.Msi\e57e69d.rbs
| MD5 | 45d33cbdb9062c02b5e4d2956e515213 |
| SHA1 | aa5dbcd41ae3f70dc179c55dc24e915c83d0be39 |
| SHA256 | ea7bf8307857078c104f8807a9fbbed8dca4a2e9b6002212154cdbb05bb3b1d1 |
| SHA512 | d1baf82c05c0a9b5de8694cd940ae654db59bf727478b2ef1207fe372582f05045cf2b097453c42134706ef9e0148a3c7c1d00815b66f98b9c264542e033833e |
C:\Windows\Installer\e57e6a3.msi
| MD5 | cbf54c4b5d6933adecb71a52a339b803 |
| SHA1 | cba937a79a0213883e8a121d8c78df908407d0b8 |
| SHA256 | f0818f42c0fd0ef871584232e6b7ced40b42860fb9dcdbf836cecfbb183ca278 |
| SHA512 | 34ef525c7be386772081ab6f8e4336138f26c3014c371fbb82bcbddfa05b51d0742f3a9b8853a29acafe283d47386d32e76b904ae6d99f4c56eb6558b17d2f4c |
C:\Config.Msi\e57e6a2.rbs
| MD5 | 1a728180359bab1baade294a4328e066 |
| SHA1 | 20cd3e0fa0160810a71515bc72084f691f6ec182 |
| SHA256 | 300493acf71d4e9539395585294b15835b02b62060d8aace8ec98da6b5b5e496 |
| SHA512 | ddd30cd69ea8f7fe48b6b967e45cb2ff22fb8e680fefa52cfb4127916abfb0d9a3150f9d0818f0ad9391fcd8834e9d212267efdf004c7b1c6dba35f279db8b57 |
C:\Config.Msi\e57e6a7.rbs
| MD5 | 0a62a1fb65ad8277a9940c1b37c9530d |
| SHA1 | c49d3697de0220626e5a999925cfae518d9cf8d4 |
| SHA256 | 719e08b5752ccf1a60ffba58477cde9c3921aa9bdd6f7321edb002af094a01c7 |
| SHA512 | 38cd6bb020af3ef4e0a273464ecb3e3befbe40b23bb8bf640720f4e592ae7d62568424715e3bc5e8b36060820c8b92982bd6cfac19e0ed7e18713f0c1047e5f8 |
C:\Config.Msi\e57e6ac.rbs
| MD5 | 31975e6b143146d980577a94e8cfa624 |
| SHA1 | 367a3028e7d6946903efef6ac9c511dc6874cd25 |
| SHA256 | 02393ab70a2374880ff5833009b7ab9e79b14237b86351a8f62fc43d96460d76 |
| SHA512 | a38b7b7cda553ea2a58002a24c1491b923a3759f2eaa5add339edbe22c2695140a1e77e8e33ad29f519a61919f74920ef892e3a64067e87d2e367edff04cb62e |
C:\Config.Msi\e57e6b1.rbs
| MD5 | 9efe4a1a27ce0ba8f7a1c87df98a4507 |
| SHA1 | 55d5822c55cc03eec1168128be7503958f10cfc9 |
| SHA256 | d9bb155ef9e38236880691d1d725d00b759bedc5b3441d5836b87b68272caf4e |
| SHA512 | 1b98b8f490b49da58b635fa530bd6840090daf7c1e46003f4bf3a7011989b5b4fbd711c7dd7e3423754f52dbc09df797508da5a84ff42b3ad897c22df6a94950 |
C:\Config.Msi\e57e6b6.rbs
| MD5 | 74adf6b729963e89b1e4c1a49437d32d |
| SHA1 | c866483fae82ee68ada656a13b94f3dd515b104e |
| SHA256 | b07f3eb4761eb5322246faf78118c6287f36d5c6e0d774f7bafe2f0083e4f9f0 |
| SHA512 | ec1351f03e00e7c818e5282bd32e41e163adf3452eae80a70767f8df8aff0f63edca0a7a00338f49ec2ca27b401a3010fee584e71dbf0346c6e23cf2b1664e5f |
C:\Config.Msi\e57e6bb.rbs
| MD5 | 60dac93caa2ac1271a3c827125bb632e |
| SHA1 | ec1e7e8e1731f2ebb2a549782fdc264512dc2e87 |
| SHA256 | 377732d0f414b3511d9f4668fea044d59d4e352245092028fa679be88d72a79a |
| SHA512 | 75779804fb7b1ce0bd3d9b4e74d2a4a8100b28bf78401625eeb4218c895d88137140ead2d4528ea082e58d1ec45a2a666e773ab72bfb85feceb65f56e0c78f89 |
C:\Config.Msi\e57e6c0.rbs
| MD5 | 9ff456134da27275f8f65f8bcb3993f1 |
| SHA1 | e1b5a2c2264b68e9c330acefcfa6d6ef9fa3b1ef |
| SHA256 | e9aa0af028229bc8adece6697d5c70b959b56eb517e259d768e6c4b15b1152a3 |
| SHA512 | 50c02d309857449c01121368c38b8f9272d721f690f7bcecaba02ab9fe2d906e88dc34733f29d7c715637cca5abc82f38d185bf022a2b2c74e94058d23daf45b |
C:\Config.Msi\e57e6c5.rbs
| MD5 | d06d97a8341bc9eeb04da21c0c3027de |
| SHA1 | 3e275f5f31e3478c62ce12127b9a1e46b61c7125 |
| SHA256 | 9bac74c1101683d97cac968fdc7f95bcdac2d2589556a291251907238b559f47 |
| SHA512 | 42733a89545b19505a5c96f124a67d1e9bdb38f1da38dadb80e5ddc9cc292bf566bb2db891bc0e759dc4e4c4ce671093ee577e22bc5ad84cf4f49ae53e907829 |
C:\Config.Msi\e57e6ca.rbs
| MD5 | 799a78df9128b3e81b1666e22c8f8cc1 |
| SHA1 | 34b7c3b4c5d7c5c3291f394f10cf7e727d6807d6 |
| SHA256 | 643d83cfc70656b959646bac7f6d899bf88c7040ad44df936e237aee5f6317d1 |
| SHA512 | 21383b3207e23f131cd821bf1bc8f8937705f446a2f3babe54a9280557e2791d7f20ea961f878ae08e377840b49d43693abb8240b5fe03519de7ea7057c9bb0c |
C:\Config.Msi\e57e6cf.rbs
| MD5 | 759c576624d17ec19a3038744cc17b7e |
| SHA1 | d9771a1dd296adc589932ca3fde5cb642bb463f9 |
| SHA256 | d9aa2815397feee53c3ed07bcdf98253b981ddad6b3cb4ca873a6440da6dcbc1 |
| SHA512 | e7b28cd43dbf898e92a562d44ca7d63e8104138409a9def29273012f55bac3816afb14fc324c8fc15c4cfdf3f9abaec6a678ac616c5d4bb0cc5339cb5a4dc631 |
C:\Config.Msi\e57e6d4.rbs
| MD5 | 62e1086d7a72fb7b5237fe25ee54fe5e |
| SHA1 | e3d9b7d0319e1dc0ec27bc137308378795660b65 |
| SHA256 | 634431bf0c785235c2bbe2a39ca57a1924f45a07b1d1381a6f6ec0a029c0b3de |
| SHA512 | d42bc2d72b206ae0dcd0c69d396b8fb37b94f7e09a9279f463d034828153b899be04494cef69a4569ce1b832bbbbd6837069e5538eef75ecb8c5b13faff8083a |
C:\Config.Msi\e57e6d9.rbs
| MD5 | 043634b619e251e182ffad9959eef231 |
| SHA1 | 3ac012a79c0f8c41c095c880aba356f775a93b65 |
| SHA256 | 7ab82a9f076c307031f22f4811fc9de5c29ccc5a4f05c7ddf8dd9f25d38d4d42 |
| SHA512 | 6665a78d7463df71c603a042a2421a12ae84aa9e04c60a5cc03965277115c00f74664e81197df19f54606e63903f69d76f0093afc6c9f5341b70458ae7be1a6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 056df94620c2335d246ad2fffe90176e |
| SHA1 | fc9a417d605a5e51f6a88dd54832c5a5a86e729b |
| SHA256 | 9e6702e199c8e69129b96d6cb37eee0cfc8c85228b5d3cd8cf666a8741a81737 |
| SHA512 | 9590e77fe0a43483f6faf3f0bc6f7c0fbdd40d3ca67bc5d80a5b8634ab26bccf967de81db3c5be3b875e30c73f26e2a18559e1f0b1a4a6d3d3dbce2357cd3462 |