Malware Analysis Report

2025-08-11 06:04

Sample ID 240222-web6bsdc4w
Target https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 17:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 17:49

Reported

2024-02-22 17:52

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c649ede4-f16a-4486-a117-dcc2f2a35165} = "\"C:\\ProgramData\\Package Cache\\{c649ede4-f16a-4486-a117-dcc2f2a35165}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} = "\"C:\\ProgramData\\Package Cache\\{901a4233-9860-4dd0-bb2d-0d86482fc5bd}\\dotnet-sdk-6.0.413-win-x86.exe\" /burn.runonce" C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140_threads.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\System.Windows.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Abstractions.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.FileSystemGlobbing.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\templates\6.0.21\microsoft.dotnet.winforms.projecttemplates.6.0.21-servicing.23364.6.nupkg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-libraryloader-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.IO.Compression.FileSystem.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Security.Cryptography.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Connections.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Authentication.OAuth.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Security.AccessControl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\tr\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\es\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\cs\System.Windows.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Cryptography.Internal.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.ThreadPool.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Host.win-arm\6.0.21\runtimes\win-arm\native\nethost.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Configuration.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Cors.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Threading.Thread.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\mscordaccore.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\UIAutomationProvider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\UIAutomationClient.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.HostFiltering.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\templates\6.0.21\microsoft.dotnet.test.projecttemplates.6.0.1.0.2-beta4.22207.1.nupkg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Linq.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.ComponentModel.TypeConverter.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Features.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.Extensions.Logging.Debug.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\tr\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\analyzers\dotnet\cs\tr\System.Windows.Forms.Analyzers.CSharp.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\pt-BR\System.Windows.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\de\Microsoft.VisualBasic.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Diagnostics.Tracing.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\api-ms-win-core-memory-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\netstandard.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hant\System.Windows.Controls.Ribbon.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hans\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\WindowsFormsIntegration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\Microsoft.VisualBasic.Forms.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Runtime.Serialization.Json.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Collections.NonGeneric.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\zh-Hant\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Mvc.Cors.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.NonGeneric.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Text.Encoding.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.Parallel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Reflection.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.21\ru\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.Authorization.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Xml.XmlSerializer.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\WindowsFormsIntegration.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Html.Abstractions.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\6.0.21\ref\net6.0\System.Printing.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.AspNetCore.App.Ref\6.0.21\ref\net6.0\Microsoft.AspNetCore.Components.Web.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\6.0.21\System.Collections.Immutable.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\dotnet\packs\Microsoft.NETCore.App.Ref\6.0.21\ref\net6.0\System.Collections.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e57e649.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e680.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI637F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6bc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e67c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e68b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI569B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e6cc.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6d0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI29DC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI38F3.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{74C05E31-3587-425C-9342-233964C42675} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7A8A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e677.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{EF4A37DD-21FE-43E9-89D1-1C699CC197AC} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e694.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e69f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6ad.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6da.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{AA0C8AB5-7297-4D46-A0D9-08096FE59E46} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e681.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4969.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6ae.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{1B5E440D-23FB-4AC3-89F6-8C7C2E03D774} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI460C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6b7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e6c2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6cb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6db.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e69f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6a8.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e686.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{9C95D5DB-290E-4ACF-BC6A-25809D88D002} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D2D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6a3.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6b2.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2C5E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5283.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e65c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE79.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI430D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e649.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6507.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6c1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D3A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE84D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e65c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e681.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4118.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e6c6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e65b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{19AFE054-CA83-45D5-A9DB-4108EF4BD391} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B8ED272B-5F2D-4FF5-A7CA-C73552D7FB0F} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e677.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e67c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3067.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{F4687860-8C1B-4DB3-B99D-391E99371B71} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6BE1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e699.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e6b8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6FBB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{847C9780-42FF-4621-BA1E-20C0CD779FF0} C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000039a337e041d2b58d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000039a337e00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090039a337e0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d39a337e0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000039a337e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530977892781359" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CA5A49760BB6094EB1B1D7044B76635\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,6.0.300,x86\Dependents C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x86\DisplayName = "Microsoft.NET.Workload.Mono.Toolchain.Manifest" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten,6.0.300,x86 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\60CA4B9C7E30F09459F55E12AE683159\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\Version = "811072667" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\Version = "811072667" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x86\Version = "24.0.28113" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C2490406381063638BC6579BBBE96D2C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,6.0.300,x86 C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D8741E2A456961135BBFCB82C5ABBEC0\A73DD4971C0B96344843400990C2E6E6 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x86 C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\002BA525AC3991642AA78ED27092AEE5\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D044E5B1BF323CA4986FC8C7E2307D47\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0879C748FF241264ABE1020CDC77F90F\F_PackageContent C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\416C3B2A709432D46A89AF5D4CBCBACC\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,6.0.300,x86 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3B1AC64AFB5B2153912DECE86514689 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\450EFA9138AC5D549ABD1480FEB43D19\VC_Runtime_Additional C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_targeting_pack_48.87.64667_x86 C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6D67D16AF5BAEFA35A4EDDEEFAD33444\3792749D1323A184990A3A9429451183 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\PackageCode = "0DEC55757133CB04A8C2F46075C2FC5C" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,6.0.300,x86\Version = "24.78.0" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86\Dependents C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0879C748FF241264ABE1020CDC77F90F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x86 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\Version = "811072723" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_48.87.64723_x86\ = "{F4687860-8C1B-4DB3-B99D-391E99371B71}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0687864FB1C83BD49BD993E19973B117\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\Version = "100663317" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3792749D1323A184990A3A9429451183\ProductName = "Microsoft.NET.Sdk.Android.Manifest-6.0.300" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F69CEBDA7D057DE61BC89C3CE758E01B\808CC02C5C3E9B847B19B041C51D7D7A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain,6.0.300,x86\Dependents C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\450EFA9138AC5D549ABD1480FEB43D19 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DD73A4FEEF129E34981DC196C91C79CA\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B272DE8BD2F55FF47AAC7C53257DBFF0\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8361F15F9659BD047857A47AECF64DF1\ProductName = "Microsoft .NET AppHost Pack - 6.0.21 (x86_arm)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\307514C3C04491841B33B644A2610D7C\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.87.64723_x86\Dependents\{901a4233-9860-4dd0-bb2d-0d86482fc5bd} C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\64300F7B24308E24B92DE09A68A70646\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,6.0.300,x86 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BA8C0AA792764D40A9D8090F65EE964\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3CA42F14C85834547944D6324817CCC6\PackageCode = "21D3C6C32E1B00548990AEF7C72D888F" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86\DisplayName = "Microsoft .NET AppHost Pack - 6.0.21 (x86)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_48.87.64667_x86_arm64\ = "{3C415703-440C-4819-B133-6B442A16D0C7}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\13E50C477853C52439243293464C6257 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13E50C477853C52439243293464C6257\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\64300F7B24308E24B92DE09A68A70646\PackageCode = "B4E6B1313D1C08540803355FA4BF29A6" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A73DD4971C0B96344843400990C2E6E6\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DD73A4FEEF129E34981DC196C91C79CA\Provider C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2D43852F064059945858E814DB701495\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B50510C14E88E6B3B985915B660AAEE8\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{1C01505B-88E4-3B6E-9B58-19B566A0EA8E}v6.0.21.23364\\" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NovaInstaller.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4176 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4176 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nova.fnbuilds.services/Installer/2.4/NovaInstaller.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3ec69758,0x7ffe3ec69768,0x7ffe3ec69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:8

C:\Users\Admin\Downloads\NovaInstaller.exe

"C:\Users\Admin\Downloads\NovaInstaller.exe"

C:\Users\Admin\Downloads\vc_redist.x64.exe

"vc_redist.x64.exe" /install /quiet /norestart

C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe

"C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.filehandle.attached=684 -burn.filehandle.self=544 /install /quiet /norestart

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{AED49722-AD00-48EE-9714-14CC77A415FB} {1A0D28E8-2AA7-4F23-A92C-75843CF2B994} 2604

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1612 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5764 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{B070B22D-A48F-4676-9D89-05E441AD5FC1} {67987D90-7900-4E7A-9B0C-AE8E6D557472} 3984

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{B070B22D-A48F-4676-9D89-05E441AD5FC1} {67987D90-7900-4E7A-9B0C-AE8E6D557472} 3984

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5F388DC7-D765-4017-8548-0544AC892DCD} {14145B04-E2FC-43A2-92F5-7FEC1A89DC25} 5616

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4644 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:1

C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe

"dotnet-sdk-6.0.405-win-x64.exe" /install /quiet

C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe

"C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=676 /install /quiet

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe

"C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.be\dotnet-sdk-6.0.413-win-x86.exe" -q -burn.elevated BurnPipe.{F4E2C678-98F6-44A0-9879-2730A9EEC88E} {416F94C1-5620-4841-965B-289EF57ADCCE} 3116

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2620 --field-trial-handle=1888,i,1021495483261366260,5230884985567160067,131072 /prefetch:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 519B03C66F343FC1B07C65DE94A41F04

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 40129A8BAE84EC5F2EE5A823E6D4649B

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 84F07D2EEAB6C1499CC944D5B0D77F30

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 04E88923501480380F9DE873B1D84E9A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A822AD27A0C5290EEEB38B19B5C7983E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0B59BA7240895D2D619876EB22AD4EDA

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E0D3856D3325DB25741CC2FDEDA4A4EE

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1A4D61C5D5D2966A46E1FDFBCAE49112

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BDC3DA5FB372F32BDB9F97E7309FE6D4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3637DDDF4F3A84E61EB7C91B6A828A2F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1F9EFD705DB478344C7383E0EFCB63A3

Network

Country Destination Domain Proto
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 nova.fnbuilds.services udp
US 172.67.143.219:443 nova.fnbuilds.services tcp
US 172.67.143.219:443 nova.fnbuilds.services tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 219.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 186.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 launcher.novafn.dev udp
US 188.114.96.2:443 launcher.novafn.dev tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 nova.blksservers.com udp
US 67.227.226.240:443 nova.blksservers.com tcp
US 8.8.8.8:53 aka.ms udp
GB 23.37.1.150:443 aka.ms tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.14:443 developers.google.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 developers.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 216.58.213.14:443 apis.google.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

\??\pipe\crashpad_4176_QVDEEBBTTUHSMEXP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2c80e81b2a33fec511747ae61d0bdb2f
SHA1 27f09e7d56398a15c9b14dec96b0ecdac3375b07
SHA256 9a932540046dc5ceddfc2cdbffb0eb5f21538cd6f070d67c480223ea8d2e6ed4
SHA512 2c0cc5be3aad8be7a31421cccac9aab77d80753c60dc0d6326522c73e6e16ddc400afaf98a63c0793cf93ed37c5036ee6329d6381540156c4f49f54b78415731

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b214a9dfa4c1982dcbce36668614b831
SHA1 f7580e61bfb095c97ace74638eb00df4f6bb6d88
SHA256 796f966f9906d2fbd4b626864aeab694fe62dd7267c920f439df3915974e4d38
SHA512 c5dc8474a3fc388d0466c7d933bb141529c2da18cc89a8e84d78e596fbb9d4a77fa79735087ef52a1534e3d13aa6a0f9abb8f93e19c0cb5e90d2900974785a3d

C:\Users\Admin\Downloads\NovaInstaller.exe

MD5 2b7b606253fd6eb0627165cd95f45ede
SHA1 c3373dfa478622fa0393f94062989669668ea8ba
SHA256 7a744520f5df04549f5d459ca66124d8c560a4151aac350bd33c11b4036c4f00
SHA512 c75334c47ba59c5d751bd20f22e0ceefc02b8d6dd4edba682b79c59812806da4979a520d61d123ed3b367bbe74b3793289b0dd23cd0595881fc4596ffbf90438

C:\Users\Admin\Downloads\NovaInstaller.exe

MD5 a03208c5d2cea1f228c2389651d75435
SHA1 074e611332477bc3bb46975dc17fb953a5da303c
SHA256 fea7639f21fee355b59096ec5ffd1a8f7806f79ac04e92073819e9eac69c620f
SHA512 1a1d14a5e608f89693c25dd59bc5f730bee02cfa1dbab2a2b8800f59655c286e60a1095e0b32439c04c86015f5de14dcedacb559ea3b8b27c324b1f2f913eec0

C:\Users\Admin\Downloads\NovaInstaller.exe

MD5 dd07c7e6d599c554bd3ccf386b878002
SHA1 420aa7d50286a772f8c244825f38857d31636212
SHA256 4ade9fc906f2361dffe9dcda5db7e268a07ebdbe919e9ebb003ada9c4bc5c2fd
SHA512 0bec2bec15f2ab1dd7a3fbc45739ef297f21c6312276dd207b068909ad216592c67493331568148cfc59fbacfd5ff0dcee2ee0c9253a246de55a3dfa6e5d2fe2

memory/4736-66-0x0000000180000000-0x0000000180A25000-memory.dmp

memory/4736-70-0x00007FF7E6070000-0x00007FF7E699D000-memory.dmp

memory/4736-69-0x000001C925E90000-0x000001C926E18000-memory.dmp

memory/4736-73-0x000001C925140000-0x000001C925368000-memory.dmp

memory/4736-76-0x000001C925370000-0x000001C9254CE000-memory.dmp

memory/4736-79-0x000001C924F00000-0x000001C924F44000-memory.dmp

memory/4736-82-0x000001C924F50000-0x000001C924F8E000-memory.dmp

memory/4736-85-0x000001C926E20000-0x000001C927662000-memory.dmp

memory/4736-88-0x000001C925080000-0x000001C925100000-memory.dmp

memory/4736-91-0x000001C9048E0000-0x000001C9048ED000-memory.dmp

memory/4736-94-0x000001C9048F0000-0x000001C9048F5000-memory.dmp

memory/4736-100-0x000001C9047B0000-0x000001C9047B7000-memory.dmp

memory/4736-97-0x000001C904920000-0x000001C904933000-memory.dmp

memory/4736-103-0x000001C904900000-0x000001C904919000-memory.dmp

memory/4736-106-0x000001C924FB0000-0x000001C924FC6000-memory.dmp

memory/4736-109-0x000001C925020000-0x000001C925060000-memory.dmp

memory/4736-115-0x000001C924F90000-0x000001C924FA2000-memory.dmp

memory/4736-112-0x000001C924FD0000-0x000001C924FE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\PresentationNative_cor3.dll

MD5 607039b9e741f29a5996d255ae7ea39f
SHA1 9ea6ef007bee59e05dd9dd994da2a56a8675a021
SHA256 be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369
SHA512 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50

memory/4736-122-0x000001C9255D0000-0x000001C9256C4000-memory.dmp

memory/4736-125-0x000001C925010000-0x000001C925018000-memory.dmp

memory/4736-128-0x000001C925520000-0x000001C925567000-memory.dmp

memory/4736-131-0x000001C9254D0000-0x000001C9254FA000-memory.dmp

memory/4736-134-0x000001C9298A0000-0x000001C92A0BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\wpfgfx_cor3.dll

MD5 f3272b0a0e144c819cba2e8f469549c6
SHA1 f693b8ecb31cb32ed797746c96051c0b753cbd0d
SHA256 68708f067727d09f6576fac3a365ac0204874dbf55369b1efa69691d4ddecd3a
SHA512 ebb14323f7fd45b1dd2ba843e282146ed03e91f6bc62022c4af6e996695b66d5a603295ddd9a6bfc87e0118195f9a3b114ff11f6d1418e969c5977630f9859c9

C:\Users\Admin\AppData\Local\Temp\.net\NovaInstaller\uztLljCegqSJbgApdKxz7vVm_L3UFNo=\D3DCompiler_47_cor3.dll

MD5 9a75ecacc7ffcb95eb0ac2323b6f90bb
SHA1 73301d88697f769daf3d181936a830a15be7af11
SHA256 f601de157de0ef238b6ff16208ba605b95a1c5c503e098f73ba932f6351bd326
SHA512 f963eed4481f11170a6f3b6f805c073e49a54728889151caea3e1a25851d1e1d46c268256f2548270cdd92b946942395548960e7e4e37a9de190f7bba70ee1d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b78ade66925619423c232d0ec9a3876
SHA1 426dfe3cddd57c1382d6b43786f3dfd438099499
SHA256 2c73dced70f68c6496a2e8d49a2e3ab150ab21837d9af6fc427c6443d6fa5f6a
SHA512 bb2680c3aabfe1f4e5cb9c69e308ae9f191bbb7606fb788e581395db1625048244b556183d90135b814198c01c48da64cd7122b086ef73a39b38f030e2a64de6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579664.TMP

MD5 8d848bea247b065786165b0d713c9aa9
SHA1 f33872454c6aeeb09a7456a14e1df9c40b4ebad3
SHA256 e2d87a421b4ae267c93817d8c54093610a56d27fe3180e8569dddb5a3a2b513b
SHA512 cf327ccb29c9893bca0a75f3a10c7675dcc1b8cf826e85e80e22dea1f81643359393e48f77e3ba373b8913a8c613d6531dcc218896f501438527e278e2fa13a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6d540a4f-67b6-4bb6-a0c6-3a778edf3064.tmp

MD5 f0b22e8cefbb2df3950faaf208c558c8
SHA1 e4c14ef23e41b39b68b84666193fceff502d250f
SHA256 a2ec86f220dc948db8c3313341b3590bacc18b161670cced95070d98f91bae17
SHA512 a8d85babdd1693e9cd53f821842d600cfed270f69a058497a35aef1b8a774e1c5182be79da406c475b185381a5ac01d5895634447cb0688684806e4383780937

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 281594e04055706773cd204c26434f93
SHA1 8c2d5798906650b1cd3c1eeda0e2c4a91393e1c4
SHA256 766e48a469dd04ccc6f8ff325d89b3b80b2ab5bee90336f85b663884914f263b
SHA512 48a83ab804ffd438985030caf0f40b67feeb0a0fc1c2c5022bc2487773e1f3d258c41a042fd73962fd486fc37f798e83b6f3bf49a01a50070125cfffe03b70de

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 f3717f895d49e4bb1cfa0172e0792f42
SHA1 53c93e5919fb3e58006520070ec86477272297f0
SHA256 33005305187e489b6667928a5a9ce04cca8e0b7bfab1d589e474bb27da3e657f
SHA512 ee09f1fd8d7e54004711de0b490ab3def4ad50847675330eeb4d53674dd96b2dcf6fbb65746824536ba69406845b15531f9dbf8e00e92df577c07c822886233f

C:\Windows\Temp\{5842B655-4AE8-4FDF-9A6C-CB91197401C6}\.cr\vc_redist.x64.exe

MD5 b73be38096eddc4d427fbbfdd8cf15bd
SHA1 534f605fd43cc7089e448e5fa1b1a2d56de14779
SHA256 ab1164dcaf6c7d7d4905881f332a7b6f854be46e36b860c44d9eedc96ab6607a
SHA512 5af779926d344bc7c4140725f90cddad5eb778f5ca4856d5a31a6084424964d205638815eab4454e0ea34ea56fafca19fadd1eb2779dc6b7f277e4e4ce4b1603

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 217b94c0d0fe6b244493167fea26bd1c
SHA1 fd7a8b06ba0600703221b28c3abe159f57c70bf2
SHA256 a88042fd3954dc3c59a4789478c9d5083bd11d0031d926f703b5f1873196c924
SHA512 310878dbab0af02eb0d0c53c06f1f002b0d326138d5524cb35bf4d762a4d27fe562ef853780d5b564700eb6e4326de8ea45799d2c2b505c1b5585930c5d3a204

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\vcRuntimeMinimum_x64

MD5 e312d6be7dee2b8f3737e0a1bc92e3aa
SHA1 72487572a3f8b8eff93489997c8a5041ea7a6867
SHA256 d48c8e848a219bceb638b2505132756cb908703fe75dee78bdf475435420dc49
SHA512 b39a0c18aa242887e3f9ae3d49bc9d6765ce15097718964cccd86b824d13481cbd53175105db29d17e3a08f74fe4d20dfb3f9989eca5276c3f5fbb255b80f8ae

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\cab5046A8AB272BF37297BB7928664C9503

MD5 3d14b0e254ea96fef419e6da38eb25e4
SHA1 93341ef98a0e2ae2cccc7e467af23bcc477d9a5c
SHA256 8717dc81d0345d8b81aa85e776fd3e0e6010dba974bf0f5660071e6d680c4526
SHA512 64a656648c16aa78ed74196e327126f6a9eb5d89052cdcd8f83eb655842e41c4f42be7f61541371f36ce322d208d1d707f485e99a79aa799fad7fd2c51553811

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\vcRuntimeAdditional_x64

MD5 d5a907e3b279f26804af0c56b0c65d52
SHA1 63bf7f0afd12ef21781dc14dd3b14c59d9e66518
SHA256 401ffa2ef4f070e211ef3f6e4f8a2a7af2bc9ea0119bbacad040669ab6221bba
SHA512 8d23fed4d26f0e2d1e40d5993ab2f588be1e7873cbcbe2064351ca8ef705bf74535225e9d0c2adf93fabfd45691077c7abb3991a013c8b4b234b9751c991f327

C:\Windows\Temp\{2DDD4F91-E68C-4400-AE0A-C47BCD552FAF}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

MD5 d0cbbe859fbb7c25dd5158e0f45d3682
SHA1 9c2f0b8379976fda1b46aa8c4a4a27b6f824b659
SHA256 97aef328363e120e786841903bb51a17547aa84f64d5d3525940ec5a69b9a627
SHA512 7ad84ae54668c07033ad100bc101fd0bf0b0783a1dd1f018d241097e167328b8e87cc15e4c0b45859e1946d41ef7528f46ca3c44deccd8859f11274d9e4189b6

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240222175023_000_vcRuntimeMinimum_x64.log

MD5 92275b263ae8e164b76019158ab5a6cb
SHA1 a1cfb8c881da705c320d29226462a34abe327164
SHA256 5f9a670c88648a7f87b46b8fe3e611a09053c3778d270080233666591ff449c9
SHA512 2afaff8674cc0ceb5d957bf5241b031ab58f3dd7a9f6bf9e16ef7239875985ca4cad95565fd86f8a1feec2d70ca9ec937fe9228c23a63e527116fbf0cbc465b0

C:\Config.Msi\e57e64e.rbs

MD5 c5e6e95a3aa9f0a791eb1fc9408a6215
SHA1 112114449c5e0d880bc57dfc345b901bfe7bdceb
SHA256 2bf3d75ab25db0096b24fe873109b92b39c04961ba52e77411bf907b2ebba797
SHA512 8cc520f926cc2e85a46edb326637e4d54e99c5a0619161299c9af42a893e3c1a6d9bd2a2d2a993e75c536388f0a3644119314c7fbc2f52c8d39c4db42f833cea

C:\Config.Msi\e57e65a.rbs

MD5 ad57074ba7d7fa9ffc3ca5d15b96ed6f
SHA1 908a5b17648a6ee9172f8d9f3d18cb268ab9e0f5
SHA256 b228d5df67c6e154544572dbf0eaaba0ab64a9a4e2c29c147f55e8ac061f6533
SHA512 1afe0e22b0510854f4288bcac1fb6eefe4d49ec6480c1929c3bf21d806eaf7dfa65076e8a049dfa63ed2dab3e3402d6b92dc64fb9173a92f21d5abee6ebc4ee4

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240222175023_001_vcRuntimeAdditional_x64.log

MD5 f95d6ac40dbe808f821cac6201630a08
SHA1 0e63c9d9942f94fc8d3e1c700494ab0b8d0a21c8
SHA256 6353926b45ce9cbb9f7505fbf7fcc71be2517d1fd98aebac0a178c39c8c210db
SHA512 ec6d2b44ffc5b634f963f570351b1cac770d6f457af548193eb43ea5cd64a9018633e395b1793a2825b952840554454628b719b203a88628a13a30673a238307

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1955ab5101b579648b4c29278e7f60f3
SHA1 add5c958f3121465bfe183fcadd70d08cb13e5a0
SHA256 3f9d6c966068230cfd38595d0f7cd78596ab30b305a5a32f3a1f7c6837938179
SHA512 04bb19297e0ae6df5877cb03393b15a40cb13b48f9bd9b8837783c04293c1ca1474e5b37b982a7ac990516648c2fd5543c9835951f3a655bfa193a958c9873dc

C:\Config.Msi\e57e661.rbs

MD5 6ee74dc18bbd9651d0f8a9bf251d8379
SHA1 c91184f782331029ef4e9103e1df380075623ad4
SHA256 d2ebecab53d08f2f6ec53a4bc5699a7d6344e83849c8cf48a1ed396ead1afb42
SHA512 fa4ac7e46d64edef61fb1af8e69877858fcfcabe05653699b360f4710e6ba8b21308bf2f3371f59de7d64e587a4c5ba5608807d75623d843b542d951ae1aad9c

C:\Config.Msi\e57e670.rbs

MD5 26abdab671e41357e341a4664578ebe7
SHA1 9ed0766bd5cc7248abe296803e7c1874255dee5f
SHA256 3f7563bb9e29898f259347db6a0cabdd195c17fd525e9ae3038dfe88404e0f4d
SHA512 9653fbba78db7367405837b1e9debf32e515eaeab0b1b5f1db32cff267bccc67c2c244862acf9cbe7921f697967b4ddaf6bd4bede0b06375a59e87976741498a

memory/4736-460-0x00007FF7E6070000-0x00007FF7E699D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 505114dc19d34046f48bf90ee042b477
SHA1 f707268a5d9a800353baa28bb235ba9a1f8f5e86
SHA256 09d7bc5ba64d52dc19c1d6b545cafb90194c8b7628e13b6972bbbe8abfb66927
SHA512 6a132fbcd7866dc49de7c61c3b6ba0ea79ede5f3c6824689af8e36ffde581014fe7aec5c832612d20f397b29e43ea298a0291ba9264b80262b1cf7fc7e7afe6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a1f62dc0856f63b6fc2e482de56a3f5
SHA1 299b6b6ace0eb6c136142b2aa7676a9a1522bfa7
SHA256 5395e8bbd986e532acec9dba32957fd7c75fc70e20ee93a4d9b833e13e2b1460
SHA512 305d68c6e9e7de496ee7689b6aff1e0ebf226f7aa17ede6b49ac9782f970ff42fc115460486fab65b5cd48a5829ba00369f8e1dc4d8f041874bcde4333bb27ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7fb44e0ef897887f29b1dd6d66c7a283
SHA1 1fbfe433c992510b722446c740bcc478794dc26e
SHA256 9fca57d431a44bb57c02ccc7dfcd4cdffc3bfccf80cc1635bae50fb00f3c0ec9
SHA512 b087bef49711a51b53f4693092fc8897d1f8f0d67c9a08837e560b62ba0a461ef0e670f2b1024a3912ae37240a5eeee78e1f1b1af3501de34e4d1a25b45ac185

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9f85b5df000371797f53ad6f53f4963
SHA1 b0a190c929c14d5587d5a3314b462c6743da2837
SHA256 a85e417e7f1f97e559e6a1a05cb3ff953d1d28a445f28130878832f62bf8c8fb
SHA512 eced734f092ac548103aa35df166d64d672ed312f56e91efdca8356e4afb0f6bf0226639719ee430bbf4d6a2ba7504002ff64533e9c18763a8c7bfa6de892f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4b9fcf8e39e7a343c44d794ad03ab625
SHA1 7816ef53a5c790b78ec6ef82e1ce78e338d4db7d
SHA256 f8a7cbc1e21434d89fa7af8a3781878964a162330bab22db8553517ac3215eb5
SHA512 76120c6991ba04b6d6bcac8a6bd7adf781bd550f8aed318b0f4bf79d1ac3dbf1f24bc4e369cbf92a7b5e3e2bde4ac17ec497403a2d430b1deee45ea1212951e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_developers.google.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3f5cb71f57967c047367c7a18dc2304
SHA1 ad369bf8a171804e2352d6d60d6d10c744a861ee
SHA256 627a831722e9c2e400427cad5cb46777874f0f17585cf42df02c9b9f6ed5893d
SHA512 cc2d85096290bafccd15339a940ea68fdc221443ad22cd6d3adda87f2c0c0e9835c850dee07b8747956cbd7db1700ed91b4dcfe34d3d8cbe5dae336774f03029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e046195b948c32cbe7c103d1e633ea6
SHA1 bc923517ff286c5747cdd8d9c8ba36d205e37278
SHA256 b18712ad62d6658e63eae21141f9a91080fff9a0d3932ca724cedf8cb3aae150
SHA512 2b819b01c8454b0efec9cf9308f4461fc940e0e67191d7aa3656fa5a2cdb0fa70ecd2e9391872a625dc0e52ede24759be437bbd5f3c3f88724a0fba17509e98e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e4c1321206d6de2cc937b361111020da
SHA1 995075a2990ec1e8e6f110f93ac3fd4d73d36b49
SHA256 0f1eee70bfa1b5b5ef7c5d085c9d07f62f114bedd792cf6b2c310c087b467f3c
SHA512 6cf91b928b43267fed6c429f27feffbc78d459a4d2af93f73fd1f1f147854418982bea05e8010af17f34515874eaff4b8a5f2cbe7cd9129cb19a22aa5af9207c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3b5e1049271c64affdae14c8c4850cc1
SHA1 8b61a718cca6b9b77bef882e6895517b43ab8940
SHA256 93a9694290d9cf5448ffec817d034f1c7b02adfe299deba24f2b4739e4187408
SHA512 f0ee23c74d655448907bdb4d54622f68dab1882e819a76506afd1c42750d23181b89cb4143bc49c733f0051d4e4d49c6e01023a2268626c2481dd5a7f0af6c04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dc42.TMP

MD5 27badc272e24d0cc397fe1667e20b501
SHA1 4a5f7cd880ddc2b2d6a8f7c9317aa9864225c7b1
SHA256 2f156ca94cb599b9b93fd1ed63c1bc448f7ef508017bab4f674cd4905d2a1f5e
SHA512 91d4c55f658c76f649846a54cf6c5926f5e57bc6c56f74cfac2c6404ba9fa23dfd69049fe06bbac76b83d2bb3f54345eebee34a28fd13e1f80a105a363607aab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1f676241675c17fec33c9895515f4a82
SHA1 26843db438ccc50294409b0d4ed0e099d7a74fc9
SHA256 89a4c62b8087979600783f7d5c8c922d3c2d4bd3bfe36b6c8c5540cb72891e10
SHA512 cfdc99d3c49a954a9cb371faa4539e6957b1b10a89619cc32831c97123c035a35dd65abb16cecc4d94badd5697ce903af691e451bd59fce72dcb606f87e611e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\3fc57804-53aa-4e9f-b880-2f113f6e0f6a\index-dir\the-real-index~RFe58df8d.TMP

MD5 6ded383b2e3ea3a68d30228f344ce050
SHA1 fabd4f700ce2d859e55460d23beb341d44f83dd5
SHA256 2e4fd848282e98247fce3a6e7031b9d16b529d00194d012224753dafd3b91368
SHA512 43a55a4e81eb32de0bf5be78b874ba9b9cee426d50af698cbaacea6521e8c46d1d1a932bfe8938abe20f931538ca47e32e5cde70063893aaf7960093d9839dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\3fc57804-53aa-4e9f-b880-2f113f6e0f6a\index-dir\the-real-index

MD5 a794fb5ff1406f182de9491be17593ce
SHA1 5c626df5ebd49f5ff32389346fa4931fb5a5ca64
SHA256 d55f604270176af2ed7b3c2b01094c5664b2fcb2a71a44969209274360e2235f
SHA512 757f052301db7a8dd3b06ebfee49b5b8591dd5bbd91862b61466d23bd52d47daf73ebc124a7f254f802dbcec818f12c8b70091913be0b0c682650c3e143a5145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt

MD5 c42a2edc55cbfefd6b62652d2a179ba2
SHA1 d4e10bd177f097b21929527ad397f3b9c11916c8
SHA256 51520bd5b7a90dd572ad86b5251a4e98cab7911f670747484bac553eb085563f
SHA512 d9626aa8710b122cf037a7e916ee7f4eab46c05249eed0a28e1a8f361783a8654cca1708baafa40b06dd260e5bc1e123ded9352fa6fd905efe59ffb27c9b11c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt~RFe58dfbc.TMP

MD5 9c033c83c1c2760a43c1744834740f35
SHA1 569adaff76a7960f1f85a8a5b125e9d725626664
SHA256 2cbd48e7ea5270c28abda39365bd0bf17dc811a087da125807a1ceae42e1980a
SHA512 aa552c12f5469ab12413c845ebd669853a6987a129d5bb8d9174e25190df9db19b1ba27e0ae77f07779d0a61968af6dcf8d31539ef31bdf36c0a5dc20985dbbc

C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe

MD5 b6de8f061c6bbe607b5e53f37311865b
SHA1 6f05655e44651dcbe96b9712f5273862a5981cf7
SHA256 8543ad70296dc1511eb978f6437a4f49461e5ef5b7a915dd87356cf649b4ca4f
SHA512 55ca40ea6f6ca406e417a9f73351815b60a414de449fe8d6c856a3bde1c7911e8fb968864ba2fd26c3168765e9088e09ac3c806f4dabeb48ec52f9e611f6fc7c

C:\Users\Admin\Downloads\dotnet-sdk-6.0.405-win-x64.exe

MD5 28c031be6d17f352db27cd8e6c27bc42
SHA1 852b6e793ea8d76d3387e1d98446fe106172e95f
SHA256 fe24f490cb6bf9312d9bb92ed39908249b101c5975c490ec51c44c9393645839
SHA512 73ed5ffe7d4dfdc6b15d005d80c9c173958c6f81bbf421b1e468b802e25aeb9719c3e3a1afcad69eb19368293ea4b1140c38d24dc42d0e44011f5b094d1dee50

C:\Windows\Temp\{9826CD0F-E1CB-4260-8708-020934925889}\.cr\dotnet-sdk-6.0.405-win-x64.exe

MD5 c829733fccac1d023514b6a56647d461
SHA1 eae92bb4711c6d9e1e19ebe79b3afc2de7dfabec
SHA256 fec2580479532e2a36b75e9e4d14835be00e1fb65f43166ee4b4660aae13f2bc
SHA512 dd7f1299ba1db1c3ada0110dc75e91d5b68731fae7261b6c06f330354653e1ca1e8dde2150d34843b76c4066d2328fbac18f0b9ba989446c29c86ac38f507706

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.ba\wixstdba.dll

MD5 4356ee50f0b1a878e270614780ddf095
SHA1 b5c0915f023b2e4ed3e122322abc40c4437909af
SHA256 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512 b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\ProgramData\Package Cache\{c649ede4-f16a-4486-a117-dcc2f2a35165}\state.rsm

MD5 efc70a09597ed5d7f6bee3e5dae97b74
SHA1 eefec0dd29191ece459b15a533e97d9924542f6a
SHA256 a80426357919ebe640066657a30292f6d0f29cd373d43c2e769a050c36883e87
SHA512 233c48e3b0e7174dff9a8bed6fc825ba6d3415d5088265b2a4be634faf9a4c21adf010404da7680a79547a41a5f8882ff0f0b0ed874aabeb3ef887d9b83ae612

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\windowsdesktop_targeting_pack_6.0.21_win_x86.msi

MD5 301ecae747b29905894719430a79d2a8
SHA1 2f3a35247dc66e3eed74ed925547005bf99a1ef8
SHA256 8110a0aebcaa8b36f35bf9eac28c7b5975cd0cbc509123782755192ee099d47a
SHA512 0bf1f4f69a4c685816fe5adfe11df3e2406a5e636538dbc00a0ec2676eade309cd580bdfdc235fa5dd8cfae43793d13e8b362a1b14e40476fe130dfffa50d4c7

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\AspNetCoreSharedFramework_x86

MD5 0fa3a77c2aa5c177281565e6ccbb5554
SHA1 0793fc303279f581d69037c26152a036627a1012
SHA256 aa70a191dc6bf89f406bc10f603d6b6df7d93428be7f88346c53a18623c81e08
SHA512 fb806e3d58ac51139b0573fd5e8b23d0d100bc9fb30810b79bb1165fffb6ad2cfe96de3df4aeab61b1b2087bc006b8b7d8ac7ba076dc0ea048faa592bd98c2aa

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Finalizer

MD5 1ec0ef0eb7860f069bda682b0e74df8d
SHA1 12ffab75565303e970e27218efeeb364b3ecdd18
SHA256 2f6948e63b4c8e4493b32dedcaad3d871bd86940e160435bb794fb9be12e2001
SHA512 9964a24217aaf610f1bcd85ef246d9f361313090e1acddc5eaee7b2e241fc441b2ddcdb305e3cbc5591a0c6566856291ff549aab1e09c8b7acf45482df1cb71b

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_runtime_6.0.21_win_x86.msi

MD5 a5fadf292988ad801c1987adf306054d
SHA1 5b1309ae8512a6b624e34a8806daf4e0961009ca
SHA256 769f3ddf0ba5b89e5d28c849725050e59912a457bdddcdbd436b48210395ef8a
SHA512 33f830fc86ddaa369ecbfd82c3001f6f70df513f1449171a18ae78ac728d6a0908fff5cacb8acda9feaa15d611e4e6fc670e7ec8eae153647d7e8c75cb9ad420

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_host_6.0.21_win_x86.msi

MD5 06a94b7b03fd6ddc6942959b0360551a
SHA1 6ec5e317599efa731ebd86a1fdca187391cd5f59
SHA256 837eb5ef21b543600c4dcd1905d7072e5ec88dd4ea7c177a9755df602f7aad97
SHA512 6c276e21070995f57ad2f31eeb4cdddd42e28dd1cd37405aa773883b567621c97077ef669f34dd357d15ffb3930c67b1a5950cc39ee7f78927002f3c8b2fbac8

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_hostfxr_6.0.21_win_x86.msi

MD5 1da4c6997d53b4e057eacba87395c44c
SHA1 e62f066789d3494799b3b0edd6885e8b92e59f53
SHA256 13cda8492bbcbf19f0d09582e259eab6f7b934f74b1bfb50c4250a4e27d80fde
SHA512 e2c39964a116cb14833c83a3efe09d890c8c0cac963c007a477aaf8c181230ebcfc54412953816588ac932656982ebd667739fefc135869d848ebab0f789c83f

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_targeting_pack_6.0.21_win_x86.msi

MD5 de8422d18458aaf0d9aba8a07c9c07b2
SHA1 4f03e7b04c4b36ba9b83725ed7eb49302522672d
SHA256 7da9195a7c7d8c60f1a66df58c988a5d523e55c6256d031167c94982d3cb447d
SHA512 937d6b1216145712cee543c4b1e8b1cce375c4aa6bfffa041b78ad21f52b598d6d85d20345d0acceb91dfde3e8245c60932647931d33b0cebbffa7d3713a1193

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86_x64.msi

MD5 1ed329f3cabf76cdf1d2d1528f8c99e6
SHA1 d85ebcde2a0d21d04e023398282fcbc3730c9144
SHA256 cd6ea31d71c900c99ecf944e415f29744b496715a726d24b17653de6cb941f2b
SHA512 6e713bc3ecf33de6627b9886db791913745d29d9d122792d43ae233578ea453e718107681944d0e504ac0e7212f0d5150c1cbcf625eae8e1dd038158a32baa6f

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86.msi

MD5 a770e7c5f3cedf9a6aeac0a92c4ebb8f
SHA1 49e6f030e12ccddaf20ea67a2080c80282776b99
SHA256 268df9fd4c1382dd39419081cd27a98bacd764a950442e40442d298dc5e4b837
SHA512 d305f09dffc7f8cff95e184bbf6abf5624858e16200f18fc4e80f8d5e5f9200fdc8f8a9d4f3316d10674adc43506036416a824814d30a0738af7985a2d0117ce

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86_arm.msi

MD5 6999b5d640b5e194dc5e87abe05fb2ac
SHA1 d01e97273945b853b76a53ac657788269d2ffa10
SHA256 3bd2495165f4d325205b7e4f37fa0654a6ac12c65be7ebb515f12c5413859b8e
SHA512 9481dfeabcefb3446d9c54502b3537f2298926269da39c12c92ccc51c4bc6c73a79ac51b92fdbe7ae1e7be0bd47c7c4a192ba5bfd806adeb3a99d7a9037a8711

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_6.0.413_(x86)_20240222175142_000_dotnet_runtime_6.0.21_win_x86.msi.log

MD5 e2445a6776677a26978965ab7488c70c
SHA1 713e44044a0ef51a802c242f633bbce3aaf990cd
SHA256 dd5d7773a49fd136498413141342a29730f3d1b5cca7a02f3c645ae26d7c2c9d
SHA512 c0a9d81b8f977aafb3f7e8b25ab5e14b2e6ee3de64c803a4c9393bc4845209e56c3a02eae5dee599a865d009f25ad95363bd2d19ee1327b489d73b9768582a7e

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\aspnetcore_targeting_pack_6.0.21_servicing.23364.38_win_x86.msi

MD5 f846d2bd240a812ef7735f1af9a0d7a0
SHA1 ede9a3627e6e761739d3c6180fd7595f9fa6124f
SHA256 5008ada911bf5596fb526cec3c449ff58d61761d66b6ba4bb42ef1e6ae9422fa
SHA512 eb8b2a3b86dc9a3ff55c4a6db198e583011cb039d30dc9d131463ba8492cdfbf8f6f64d4258e9050d73180460b5b3e99413bd4f4fd2513f9239689f8b17ff367

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.MacCatalyst.Manifest_6.0.300.15.4.303_x86.msi

MD5 a5979d34f92f39d27a21d8163583862e
SHA1 1203352b2c68f873648a3ebbad6b83cbe00a0822
SHA256 9f9a931214de020a6be34633bf9f5e22d616ad7aaa10563144cdf8189c4bb17e
SHA512 b0cfa77b9f207ed25e8dc17e7922b3b5f6eb419f3a393eb7505a6a9800fdb6a8eda568efcaa7c89d6cf52af024277158242f59563ce0396280c90a2c0dc57feb

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.iOS.Manifest_6.0.300.15.4.303_x86.msi

MD5 4e4d26193bd7adf82dba0ad97ec8f5d2
SHA1 c9ac4301dc31d9888cd65f15aa2fe9e110a59209
SHA256 86ef7bfcfbae9b65d940db6cb03b53a1b69c911d1d1d57bd6e082a4f97723135
SHA512 c77078e499c249c738946edb9bc52577e3df56a067da15e5d5f24bf855cf9acda7ac377a35ac184498c6751fbf4ee552b8b4b6744a297f9c60a7da73059a9343

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\Microsoft.NET.Sdk.Android.Manifest_6.0.300.32.0.301_x86.msi

MD5 a4b79c3af25e4ff3125e872bbe8abece
SHA1 d72feb62deb1585f9743312fd3d4160706aeb4ce
SHA256 187d2afab3e747f49d9afc4e720e312f098194760517adcd822ce6f18bd30bc6
SHA512 42bd976aff2fde5cf4d06ec314efead67715cc34c8635669d89712a743a9ac6a4da5de5fddd9e682fc72a458e5b7d38c8ce8a80b6fb12b74e72c8536473433e6

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_60templates_6.0.413_servicing.23367.26_win_x86.msi

MD5 d058ba14c23a55a07e639470d5594017
SHA1 b99a4598362a0034e62564eb515f310e3dabbbef
SHA256 a1b0e104219780c14c5067dcc3edd03b5204306bd6c4e882f10ded3a5d58e6b8
SHA512 3b97b280893dbce7b01bdff2c51e20de7a48ee850fab9da16bcd2bc23b29a38f1d37c1a7215a73f4d4a65a6dc3f9f4469c2a02268a8fa3b416ca3fe0dd0f40d5

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\windowsdesktop_runtime_6.0.21_win_x86.msi

MD5 97e42507d53d448b3806128080d5a758
SHA1 9c378f65dd6b3b85c3989f06b01d569bfa16f669
SHA256 0554cae60e8c0751b2ff2ac733d88170162dac823afe43ce516af2b4280a9a7f
SHA512 5201570866972f0e2cb53fdeb97584eec405896e864c014fbb8b0911717e2dd27e394865b2772bb63009494bb00cc8776bea20990bdbc8889005a90f233d794d

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\netstandard_targeting_pack_2.1.0_win_x86.msi

MD5 48c5e8790b27c069b2f7f711a77ced17
SHA1 bb5fd31397a04b7f9064572b49099582f559bc79
SHA256 dea4e3d5fc348cfc668f7caf89c3503ecb99e90405474efe36cfc4d72084245b
SHA512 6d8ed59bc050ec94ab400ccf37aec74dab80d517a3e5a5f0deb6693005f4eedf0c1dcced0ec85febd72f7fd82aac7c7516a542095e20c5120c591d05ab393ff2

C:\Windows\Temp\{55DFEA3F-7C22-43A2-BC9B-F07155A439EC}\dotnet_apphost_pack_6.0.21_win_x86_arm64.msi

MD5 d1658a415473267e6c2233db17b78d93
SHA1 4b04f1994cd456437200816e13bb2fd7750f6f4b
SHA256 e643202cfe7c17c8efcfd3299a5e9f808204b4ec1029ec2a02fb3b6f995f65f1
SHA512 31953a50c60018d5e7d65885d88305a7703893e826ebd0d16ac171f72a4615206e6ea28243da2bfb73f4ffd09607852fdd74766446bd82814f5b460fc009174c

C:\Windows\Installer\e57e676.msi

MD5 e79bada7cb5640f0c5c486a63fcfb75d
SHA1 b8c1fdadebd64a237ba63676e45c4702f998278b
SHA256 7d585a27e8fe15388570ea170765651189bad6ad7d2d84b6c252bf950784e516
SHA512 950f938fee3ae3328ad69ebc39e515fd0473753b1266a0f5a4c2354235526a6865661648990f90f844a4e493cef8c4b42495626e7ea8912442579ccfd3c7af36

C:\Config.Msi\e57e675.rbs

MD5 162d899ef151d56de9f32c229da03934
SHA1 dd5b46ea41add1dec67a86571f4cdc7ce9e30a59
SHA256 a70933d684d55e5f363989126b15e51172c43efc6d314e44ae901b1bbc01e8e4
SHA512 0cfb172e75733999a41a5eabac65e227892f6929ae9826a47d9013091f09b41d7bcc44ee5f0d0ccbcd8afdcfb5e40e35684d56c14d6c97c438767d0995676cb7

C:\Config.Msi\e57e67a.rbs

MD5 3f164db3be0c5fef5738ff4113f0951f
SHA1 46c41644e2709d8cf777a0fd3df051827ab6d6e6
SHA256 301329b5d9032b64976ce9b8d62667db2fbc28c69b0b28a970172dad54fd68a6
SHA512 b3fcfa212eddbc8ecb0727cd94af352779f5a89946e9212cfe7b175644ef1b2eba5a749444e5349eb26b9bb0c60777bfdbd40bbe1f969d7d619f4fed26210d26

C:\Program Files (x86)\dotnet\LICENSE.txt

MD5 31c5a77b3c57c8c2e82b9541b00bcd5a
SHA1 153d4bc14e3a2c1485006f1752e797ca8684d06d
SHA256 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
SHA512 ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt

MD5 f77a4aecfaf4640d801eb6dcdfddc478
SHA1 7424710f255f6205ef559e4d7e281a3b701183bb
SHA256 d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7
SHA512 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

C:\Config.Msi\e57e67f.rbs

MD5 59f6942c8939004f1ac206f9ef6c6600
SHA1 768d6b79bb49f27c6e8eb9497ea82adc381e06a8
SHA256 d4e5a565dca1b25285b743c2de9a38d3b959df8f104ecda9df033388dc6397cc
SHA512 03abbcbc7b6518b1a6f0ff4bda977a708eac0988ac2f7bc8e578e38a9ebe61c1372da7fa9edc7b0dbdc92b17cd7fcffbc8fbeacba7bb851fb9773f88f65f0b39

C:\Windows\Installer\MSI2DD6.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Config.Msi\e57e684.rbs

MD5 d6627d91ca83e9c52dee3c836084249a
SHA1 4ea8d9e933ffa01a1486d9b518473d1103e424cc
SHA256 c9198d0dca07f7c6a711a397ff04d0e5f575356f69d664e7bf40d26c97800194
SHA512 1b32f61376408feb1c7b8c7405fd5af5383214e2f4bca9ae4b2aed36e43f163b99627a8c6f72714d4492d8a8ace67c8fdf287751244baeb3aba87866ce351ae8

C:\Config.Msi\e57e689.rbs

MD5 39da5d142c2ffd30ff3bc5176e33efb9
SHA1 c3c73082d42e40879bcacba17c139039115513dc
SHA256 2a34c01c32b8f8a0c28c767c9b2c658433509f911c3503ec67edbada3514c993
SHA512 ea5fa788b9ee319ff9e95dbe4ab09b02cf2bf8962cfe9ebcea703d0260a5e964799678611d9ff518b60eefdfabf87e7e23a0dd5e8968682451138bf8bee9e0ce

C:\Config.Msi\e57e68e.rbs

MD5 60e8abf01e171050c706919df093e41a
SHA1 1233cb473a8529fa5175125f86e6e84612dce254
SHA256 4d437844732d7bccb28b8b9e7cd1b1b1764a3ce695294c15321b336e066f23e2
SHA512 9f187721706d53e2cc81bc6e3304f461945789475823ef11ca3ee285decb359a884826250b35bdde6133f92407c76bb563f3da56495c024ba1378aecf6d7907c

C:\Config.Msi\e57e693.rbs

MD5 5c6f0a1997ac101358428bdf4cbee9cd
SHA1 096b8af93a9b8bc8344112b4ccc2a1f33eb25691
SHA256 adc3306ff7dbd7f3f53de47b5e4331bfd754634e75106030712964eac7cdfd42
SHA512 aa7ce37578d73d6f0593689c76e6daf631d5d92a8c4c713629df3fd087ea70644ec0beccad57f6a8ce3fdc4371917aacaf28420a3b33b481b12143f5fb28b4c7

C:\Config.Msi\e57e698.rbs

MD5 8a02abf1fb063b897646657285b5ad72
SHA1 0d8efb786ae008aa0eae365bf664355fe8bcf287
SHA256 3c1d92707b359cc9a9d7fd64479bcb1837a835b35bc38d95c80e31f2c8e1735b
SHA512 ed8ee73bce2dd02b0419f5b7e64909ee0c19cf18dd0be18c79debc4fbe180ef1e2f8d9ce45134b3fd68a7ff682d6a71660375b90b57d92c732e0e84c1c29397b

C:\Config.Msi\e57e69d.rbs

MD5 45d33cbdb9062c02b5e4d2956e515213
SHA1 aa5dbcd41ae3f70dc179c55dc24e915c83d0be39
SHA256 ea7bf8307857078c104f8807a9fbbed8dca4a2e9b6002212154cdbb05bb3b1d1
SHA512 d1baf82c05c0a9b5de8694cd940ae654db59bf727478b2ef1207fe372582f05045cf2b097453c42134706ef9e0148a3c7c1d00815b66f98b9c264542e033833e

C:\Windows\Installer\e57e6a3.msi

MD5 cbf54c4b5d6933adecb71a52a339b803
SHA1 cba937a79a0213883e8a121d8c78df908407d0b8
SHA256 f0818f42c0fd0ef871584232e6b7ced40b42860fb9dcdbf836cecfbb183ca278
SHA512 34ef525c7be386772081ab6f8e4336138f26c3014c371fbb82bcbddfa05b51d0742f3a9b8853a29acafe283d47386d32e76b904ae6d99f4c56eb6558b17d2f4c

C:\Config.Msi\e57e6a2.rbs

MD5 1a728180359bab1baade294a4328e066
SHA1 20cd3e0fa0160810a71515bc72084f691f6ec182
SHA256 300493acf71d4e9539395585294b15835b02b62060d8aace8ec98da6b5b5e496
SHA512 ddd30cd69ea8f7fe48b6b967e45cb2ff22fb8e680fefa52cfb4127916abfb0d9a3150f9d0818f0ad9391fcd8834e9d212267efdf004c7b1c6dba35f279db8b57

C:\Config.Msi\e57e6a7.rbs

MD5 0a62a1fb65ad8277a9940c1b37c9530d
SHA1 c49d3697de0220626e5a999925cfae518d9cf8d4
SHA256 719e08b5752ccf1a60ffba58477cde9c3921aa9bdd6f7321edb002af094a01c7
SHA512 38cd6bb020af3ef4e0a273464ecb3e3befbe40b23bb8bf640720f4e592ae7d62568424715e3bc5e8b36060820c8b92982bd6cfac19e0ed7e18713f0c1047e5f8

C:\Config.Msi\e57e6ac.rbs

MD5 31975e6b143146d980577a94e8cfa624
SHA1 367a3028e7d6946903efef6ac9c511dc6874cd25
SHA256 02393ab70a2374880ff5833009b7ab9e79b14237b86351a8f62fc43d96460d76
SHA512 a38b7b7cda553ea2a58002a24c1491b923a3759f2eaa5add339edbe22c2695140a1e77e8e33ad29f519a61919f74920ef892e3a64067e87d2e367edff04cb62e

C:\Config.Msi\e57e6b1.rbs

MD5 9efe4a1a27ce0ba8f7a1c87df98a4507
SHA1 55d5822c55cc03eec1168128be7503958f10cfc9
SHA256 d9bb155ef9e38236880691d1d725d00b759bedc5b3441d5836b87b68272caf4e
SHA512 1b98b8f490b49da58b635fa530bd6840090daf7c1e46003f4bf3a7011989b5b4fbd711c7dd7e3423754f52dbc09df797508da5a84ff42b3ad897c22df6a94950

C:\Config.Msi\e57e6b6.rbs

MD5 74adf6b729963e89b1e4c1a49437d32d
SHA1 c866483fae82ee68ada656a13b94f3dd515b104e
SHA256 b07f3eb4761eb5322246faf78118c6287f36d5c6e0d774f7bafe2f0083e4f9f0
SHA512 ec1351f03e00e7c818e5282bd32e41e163adf3452eae80a70767f8df8aff0f63edca0a7a00338f49ec2ca27b401a3010fee584e71dbf0346c6e23cf2b1664e5f

C:\Config.Msi\e57e6bb.rbs

MD5 60dac93caa2ac1271a3c827125bb632e
SHA1 ec1e7e8e1731f2ebb2a549782fdc264512dc2e87
SHA256 377732d0f414b3511d9f4668fea044d59d4e352245092028fa679be88d72a79a
SHA512 75779804fb7b1ce0bd3d9b4e74d2a4a8100b28bf78401625eeb4218c895d88137140ead2d4528ea082e58d1ec45a2a666e773ab72bfb85feceb65f56e0c78f89

C:\Config.Msi\e57e6c0.rbs

MD5 9ff456134da27275f8f65f8bcb3993f1
SHA1 e1b5a2c2264b68e9c330acefcfa6d6ef9fa3b1ef
SHA256 e9aa0af028229bc8adece6697d5c70b959b56eb517e259d768e6c4b15b1152a3
SHA512 50c02d309857449c01121368c38b8f9272d721f690f7bcecaba02ab9fe2d906e88dc34733f29d7c715637cca5abc82f38d185bf022a2b2c74e94058d23daf45b

C:\Config.Msi\e57e6c5.rbs

MD5 d06d97a8341bc9eeb04da21c0c3027de
SHA1 3e275f5f31e3478c62ce12127b9a1e46b61c7125
SHA256 9bac74c1101683d97cac968fdc7f95bcdac2d2589556a291251907238b559f47
SHA512 42733a89545b19505a5c96f124a67d1e9bdb38f1da38dadb80e5ddc9cc292bf566bb2db891bc0e759dc4e4c4ce671093ee577e22bc5ad84cf4f49ae53e907829

C:\Config.Msi\e57e6ca.rbs

MD5 799a78df9128b3e81b1666e22c8f8cc1
SHA1 34b7c3b4c5d7c5c3291f394f10cf7e727d6807d6
SHA256 643d83cfc70656b959646bac7f6d899bf88c7040ad44df936e237aee5f6317d1
SHA512 21383b3207e23f131cd821bf1bc8f8937705f446a2f3babe54a9280557e2791d7f20ea961f878ae08e377840b49d43693abb8240b5fe03519de7ea7057c9bb0c

C:\Config.Msi\e57e6cf.rbs

MD5 759c576624d17ec19a3038744cc17b7e
SHA1 d9771a1dd296adc589932ca3fde5cb642bb463f9
SHA256 d9aa2815397feee53c3ed07bcdf98253b981ddad6b3cb4ca873a6440da6dcbc1
SHA512 e7b28cd43dbf898e92a562d44ca7d63e8104138409a9def29273012f55bac3816afb14fc324c8fc15c4cfdf3f9abaec6a678ac616c5d4bb0cc5339cb5a4dc631

C:\Config.Msi\e57e6d4.rbs

MD5 62e1086d7a72fb7b5237fe25ee54fe5e
SHA1 e3d9b7d0319e1dc0ec27bc137308378795660b65
SHA256 634431bf0c785235c2bbe2a39ca57a1924f45a07b1d1381a6f6ec0a029c0b3de
SHA512 d42bc2d72b206ae0dcd0c69d396b8fb37b94f7e09a9279f463d034828153b899be04494cef69a4569ce1b832bbbbd6837069e5538eef75ecb8c5b13faff8083a

C:\Config.Msi\e57e6d9.rbs

MD5 043634b619e251e182ffad9959eef231
SHA1 3ac012a79c0f8c41c095c880aba356f775a93b65
SHA256 7ab82a9f076c307031f22f4811fc9de5c29ccc5a4f05c7ddf8dd9f25d38d4d42
SHA512 6665a78d7463df71c603a042a2421a12ae84aa9e04c60a5cc03965277115c00f74664e81197df19f54606e63903f69d76f0093afc6c9f5341b70458ae7be1a6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 056df94620c2335d246ad2fffe90176e
SHA1 fc9a417d605a5e51f6a88dd54832c5a5a86e729b
SHA256 9e6702e199c8e69129b96d6cb37eee0cfc8c85228b5d3cd8cf666a8741a81737
SHA512 9590e77fe0a43483f6faf3f0bc6f7c0fbdd40d3ca67bc5d80a5b8634ab26bccf967de81db3c5be3b875e30c73f26e2a18559e1f0b1a4a6d3d3dbce2357cd3462