Malware Analysis Report

2024-11-13 13:43

Sample ID 240515-zlh41abe76
Target Nurik Crack.exe
SHA256 c0fb1c29e216e6ede0976d74218c4565ee5a525765995883e3d6c39d50e7c5a0
Tags
dcrat xworm microsoft discovery execution infostealer persistence phishing rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c0fb1c29e216e6ede0976d74218c4565ee5a525765995883e3d6c39d50e7c5a0

Threat Level: Known bad

The file Nurik Crack.exe was found to be: Known bad.

Malicious Activity Summary

dcrat xworm microsoft discovery execution infostealer persistence phishing rat trojan

DcRat

Detect Xworm Payload

Xworm

DCRat payload

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Drops startup file

.NET Reactor proctector

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Looks up external IP address via web service

Checks installed software on the system

Enumerates connected drives

Detected potential entity reuse from brand microsoft.

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of FindShellTrayWindow

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-15 20:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-15 20:48

Reported

2024-05-15 20:53

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe"

Signatures

DcRat

rat infostealer dcrat

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

DCRat payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk C:\Users\Admin\AppData\Roaming\Nursultan2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk C:\Users\Admin\AppData\Roaming\Nursultan2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik.exe N/A
N/A N/A C:\Nursultan\Crack.exe N/A
N/A N/A C:\Nursultan\Crack.exe N/A
N/A N/A C:\ProgramData\NurikCracked N/A
N/A N/A C:\ProgramData\NurikCracked N/A
N/A N/A C:\ProgramData\NurikCracked N/A
N/A N/A C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\ProgramData\NurikCracked N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik.exe N/A
N/A N/A C:\Nursultan\Crack.exe N/A
N/A N/A C:\Nursultan\Crack.exe N/A
N/A N/A C:\ProgramData\NurikCracked N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{582ba875-ec42-4505-9e60-ec189a76f52c} = "\"C:\\ProgramData\\Package Cache\\{582ba875-ec42-4505-9e60-ec189a76f52c}\\dotnet-sdk-8.0.300-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NurikCracked = "C:\\ProgramData\\NurikCracked" C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Security.Cryptography.X509Certificates.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Http.Connections.Common.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\trustedroots\codesignctl.pem C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Xml.XDocument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.5\ref\net8.0\PresentationFramework.AeroLite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\es\Microsoft.DotNet.Cli.Utils.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\es\NuGet.Build.Tasks.Pack.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\BuildHost-net472\Microsoft.Extensions.Logging.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\tr\Microsoft.DotNet.Cli.Utils.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\ru\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\msquic.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Diagnostics.TextWriterTraceListener.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\analyzers\dotnet\cs\es\Microsoft.Interop.SourceGeneration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\zh-Hans\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_8_recommended_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_5_default.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_6_none.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.5\ref\net8.0\PresentationFramework.Aero.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\core\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Roslyn\bincore\zh-Hans\Microsoft.CodeAnalysis.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net8.0\fr\Microsoft.DotNet.Cli.Utils.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\NuGet.Build.Tasks.Pack\Desktop\de\NuGet.Build.Tasks.Pack.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_9_minimum_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\tr\Microsoft.DotNet.ApiSymbolExtensions.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Runtime.Loader.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\ru\Microsoft.VisualBasic.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\cs\tr\Microsoft.CodeAnalysis.CSharp.CodeStyle.Fixes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_7_default_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\zh-Hant\NuGet.VisualStudio.Contracts.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\pt-BR\Microsoft.TemplateEngine.Utils.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\BuildHost-net472\de\Microsoft.CodeAnalysis.Workspaces.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Extensions\dump\DumpMinitool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.AzureRepos.Git\tools\net472\es\Microsoft.SourceLink.AzureRepos.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\ru\NuGet.Resolver.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\System.Drawing.Common.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net471\lib\System.Net.Sockets.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Windows.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\targets\Microsoft.NET.Sdk.StaticWebAssets.Pack.CrossTargeting.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tools\net8.0\System.CommandLine.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.IO.MemoryMappedFiles.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.Extensions.FileProviders.Composite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Extensions\it\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_8_default_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\runtimes\any\native\NuGet.RestoreEx.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\zh-Hant\Microsoft.DotNet.Cli.Utils.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.Features.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Diagnostics.Tools.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\NuGet.Build.Tasks.Pack\CoreCLR\fr\NuGet.Build.Tasks.Pack.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Net.Security.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Extensions\fr\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft.Deployment.DotNet.Releases.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_5_default.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Roslyn\bincore\ko\Microsoft.CodeAnalysis.VisualBasic.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net471\lib\System.Data.Common.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net8.0\zh-Hans\Microsoft.DotNet.ApiCompatibility.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-user-jwts\8.0.5-servicing.24224.4\tools\net8.0\any\Microsoft.Extensions.Configuration.Json.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Threading.Thread.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Runtime.Serialization.Formatters.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Reflection.Metadata.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\data\PackageOverrides.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\zh-Hant\Microsoft.VisualStudio.TestPlatform.Common.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\NuGet.Versioning.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5a6d41.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI768B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7B60.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE57.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{6D0341DE-C194-4220-A980-4DE1B1309B2E} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d32.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C6661EB8-C8EC-447C-8BD6-6439592AF0D8} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cc4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7F5B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{F904B9A8-A0A9-42FA-8132-2E1EEC523722} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{34F17197-6239-3B55-851C-B21B1F6C926D} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC552.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d2e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC824.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d19.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6ce2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cf2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cfc.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d06.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d38.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6cbf.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI940A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6ce7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI398F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB9DF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC2A0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cbf.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8190.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6cde.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6ce3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6ce3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9D36.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d15.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d28.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6d2e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d37.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B59E8D78-7A0F-4246-ACB8-9867B22FDBD3} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d0f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8038.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E87.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6ced.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d05.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICF2F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{97EA8828-361E-42AB-A287-67D7F4F4092D} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3249.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cd3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6cd9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID163.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{F3AEB036-4B8A-4C25-B4D2-850944E909C4} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8CE0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8FFF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cd8.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cde.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6d00.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6d1a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEAA0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a6cca.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a6cce.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{CE4D0B17-4E11-41F9-8C3B-73F61DFE0797} C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\44 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\42 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\43 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\43 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\46 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\44 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\45 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\45 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{568F99E8-9F2D-48D7-A05D-D64C512B3AFD}v17.0.8478\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8E99F865D2F97D840AD56DC415B2A3DF\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79171F43932655B358C12BB1F1C629D6\ProductName = "Microsoft ASP.NET Core 8.0.5 Targeting Pack (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\87D8E95BF0A76424CA8B89762BF2BD3D\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64\Version = "17.0.8478" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9716E8593420544459868C1B95747D80\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BFC6307A304B895458FF3D79BA8B1837\Provider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0E4172F60BFE1D04DAD1B6AF950013C2\Provider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9716E8593420544459868C1B95747D80\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63337BB296F4141479799EDBF63E89A0\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64\ = "{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\ = "{A7036CFB-B403-4598-85FF-D397ABB88173}" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\87D8E95BF0A76424CA8B89762BF2BD3D\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.7.63663_x64 C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{582ba875-ec42-4505-9e60-ec189a76f52c}\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\28E014F9DF16265308F7A8717DA9E3F3\79171F43932655B358C12BB1F1C629D6 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9716E8593420544459868C1B95747D80\Version = "1075066127" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.5-servicing.24224.4\Dependents C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{582ba875-ec42-4505-9e60-ec189a76f52c}\ = "{582ba875-ec42-4505-9e60-ec189a76f52c}" C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.20.13583_x64\DisplayName = "Microsoft .NET Host FX Resolver - 8.0.5 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E7D2A8AC10ED774786002B45810D078\ProductName = "Microsoft .NET Targeting Pack - 8.0.5 (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D6FE611E8EAD6E40B8DFE1F54DC54AD C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net7,8.0.100,8.0.5,x64 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\306051AD8B00B0139BD0579A2D71805E C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D97B4C2B5C422845B04132B8CD366F6\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList\PackageName = "729ebc3a4ae248c9d9e33c8304329ec3-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D1536F523A1229E469E4108E462AA11B\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79171F43932655B358C12BB1F1C629D6\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{34F17197-6239-3B55-851C-B21B1F6C926D}v8.0.5.24224\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AFB2D84B46CC89430978440AD5756C04 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.5,x64 C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9716E8593420544459868C1B95747D80\F_PackageContents C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.20.13589_x64 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D1536F523A1229E469E4108E462AA11B\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_64.20.13589_x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{98927287-8779-447A-919E-73028D53F719}v14.0.8478\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{4743A837-AAB3-4E49-A3BE-E1CAE3151EDE}v64.20.13583\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\27F276386764FA53C893931EE30C5745 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Version = "1073747250" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D97B4C2B5C422845B04132B8CD366F6\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_8.3.24.22415_x64\Dependents C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\SourceList\PackageName = "936c24a666cd5966d5685fd74d2648b0-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\214F2F970A72AED3AB5BEC31D42C3CAC\8E99F865D2F97D840AD56DC415B2A3DF C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.5,x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64\Dependents C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 991091.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe N/A
Token: SeDebugPrivilege N/A C:\Nursultan\Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Nursultan\Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\NurikCracked N/A
Token: SeDebugPrivilege N/A C:\ProgramData\NurikCracked N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\NurikCracked N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4508 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
PID 4508 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
PID 4508 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
PID 4508 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan2.exe
PID 4508 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan2.exe
PID 4508 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan2.exe
PID 4508 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nurik2.exe
PID 4508 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nurik2.exe
PID 4508 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nurik2.exe
PID 4508 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
PID 4508 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
PID 4508 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan.exe
PID 4508 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan.exe
PID 4508 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
PID 4508 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
PID 4508 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
PID 4508 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nurik.exe
PID 4508 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe C:\Users\Admin\AppData\Roaming\Nurik.exe
PID 5000 wrote to memory of 496 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\Nursultan.exe
PID 5000 wrote to memory of 496 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\Nursultan.exe
PID 2536 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 2536 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe C:\Windows\SysWOW64\schtasks.exe
PID 5000 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
PID 5000 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
PID 5000 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 848 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Roaming\Nursultan2.exe C:\Windows\SysWOW64\schtasks.exe
PID 5000 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\Nurik.exe
PID 5000 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe C:\Users\Admin\AppData\Roaming\Nurik.exe
PID 3960 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 3960 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Roaming\Nurik2.exe C:\Windows\SysWOW64\schtasks.exe
PID 4444 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe C:\Windows\SysWOW64\WScript.exe
PID 4444 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe C:\Windows\SysWOW64\WScript.exe
PID 4444 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe C:\Windows\SysWOW64\WScript.exe
PID 2024 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe C:\Windows\SysWOW64\WScript.exe
PID 2024 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe C:\Windows\SysWOW64\WScript.exe
PID 2024 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe C:\Windows\SysWOW64\WScript.exe
PID 3316 wrote to memory of 4312 N/A C:\Windows\SysWOW64\WScript.exe C:\Windows\SysWOW64\cmd.exe
PID 3316 wrote to memory of 4312 N/A C:\Windows\SysWOW64\WScript.exe C:\Windows\SysWOW64\cmd.exe
PID 3316 wrote to memory of 4312 N/A C:\Windows\SysWOW64\WScript.exe C:\Windows\SysWOW64\cmd.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe

"C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe"

C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe

"C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe"

C:\Users\Admin\AppData\Roaming\Nursultan2.exe

"C:\Users\Admin\AppData\Roaming\Nursultan2.exe"

C:\Users\Admin\AppData\Roaming\Nurik2.exe

"C:\Users\Admin\AppData\Roaming\Nurik2.exe"

C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe

"C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe"

C:\Users\Admin\AppData\Roaming\Nursultan.exe

"C:\Users\Admin\AppData\Roaming\Nursultan.exe"

C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe

"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"

C:\Users\Admin\AppData\Roaming\Nurik.exe

"C:\Users\Admin\AppData\Roaming\Nurik.exe"

C:\Users\Admin\AppData\Roaming\Nursultan.exe

"C:\Users\Admin\AppData\Roaming\Nursultan.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe

"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Users\Admin\AppData\Roaming\Nurik.exe

"C:\Users\Admin\AppData\Roaming\Nurik.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "

C:\Nursultan\Crack.exe

"C:\Nursultan\Crack.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "

C:\Nursultan\Crack.exe

"C:\Nursultan\Crack.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\NurikCracked'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'NurikCracked'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "NurikCracked" /tr "C:\ProgramData\NurikCracked"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaa0946f8,0x7ffeaa094708,0x7ffeaa094718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffeaa0946f8,0x7ffeaa094708,0x7ffeaa094718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\ProgramData\NurikCracked

C:\ProgramData\NurikCracked

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\ProgramData\NurikCracked

C:\ProgramData\NurikCracked

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\ProgramData\NurikCracked

C:\ProgramData\NurikCracked

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8

C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"

C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe

"C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=584 -burn.filehandle.self=720

C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe

"C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe" -q -burn.elevated BurnPipe.{C62CFA04-2E8C-4440-9F44-2098EFAD17D7} {02896B8C-0E91-42D3-94E3-0EB054652E9D} 5744

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F70A88D50791A1D18A4EB9DA10F3C21B

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 46DF211D480796C53AC52FE3C33D00B4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F64FBA75EC05149602372D18F84189C3

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3C13481A961A76E2DDCBC9504CE684AF

C:\ProgramData\NurikCracked

C:\ProgramData\NurikCracked

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A0CCCAB34A41450A932FA7C99C2C0DE1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 19ABAE2FFE940F0E8F017A2A25616FA8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6DE3FA5370BD6291DDF86FDE7F227994

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A4933E2A93D6774C173996C92C6EC691

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0E290C052E8B06D5608A0A556DD0F5D7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C6D1FE8DA2AD9FE7897BFA60C69C6720

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EE8831F7B7482F665BF796B865CBA957

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5851FCD734D4C75494D88FA697FCC18B

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CA1C08C45EF9FDB4937084BFA8F49FDE

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 672E7A7F1675689AA31D7BDE8FC1C49E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 74FEBC8416E8D257CBED17FDE278927F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8D966127C62ACAAA83D0282A8C7EC319

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4CAFC31175BF607BAC627CFC34F718B6

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C9F7B28CBA21075237940C879CDBB395

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0D6E5DC75D9C6D5A64738726B00415E4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1E34D3C56305C0005EF5DF8C7F90341A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E54C1F0ADBE0DE83BECEEC3EDDD101A9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 94E3B16D9E22AACD771B099481C862E5

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B3BC627E99FE2C87282B940EF48AFAB7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5476A3F87CD0323953DAAFED48E1AF9D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 71AE5A679A7E17632F6C148F8F5ED400

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4FCF1D2EE4AB179033B905BE5AAA2CA0

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A9FA761EAE5FEDA5F8A79E18C010C021 E Global\MSI0000

C:\Program Files\dotnet\dotnet.exe

"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.300\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7DADB730F91733E7D018C6A79383E936

C:\Users\Admin\AppData\Roaming\Nurik2.exe

"C:\Users\Admin\AppData\Roaming\Nurik2.exe"

C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe

"C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe"

C:\Users\Admin\AppData\Roaming\Nursultan.exe

"C:\Users\Admin\AppData\Roaming\Nursultan.exe"

C:\Users\Admin\AppData\Roaming\Nursultan2.exe

"C:\Users\Admin\AppData\Roaming\Nursultan2.exe"

C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe

"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"

C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe

"C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe"

C:\Users\Admin\AppData\Roaming\Nurik.exe

"C:\Users\Admin\AppData\Roaming\Nurik.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"

C:\Users\Admin\AppData\Roaming\Nursultan.exe

"C:\Users\Admin\AppData\Roaming\Nursultan.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe

"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Users\Admin\AppData\Roaming\Nurik.exe

"C:\Users\Admin\AppData\Roaming\Nurik.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "

C:\Nursultan\Crack.exe

"C:\Nursultan\Crack.exe"

C:\Nursultan\Crack.exe

"C:\Nursultan\Crack.exe"

C:\ProgramData\NurikCracked

C:\ProgramData\NurikCracked

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
BE 2.17.196.160:443 www.bing.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 160.196.17.2.in-addr.arpa udp
BE 2.17.196.160:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
BE 2.21.18.87:443 learn.microsoft.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 87.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 mscom.demdex.net udp
IE 54.73.116.64:443 mscom.demdex.net tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 64.116.73.54.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.2:443 browser.events.data.microsoft.com tcp
US 20.189.173.2:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 127.0.0.1:1337 tcp
DE 104.28.229.13:1337 tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 196.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 52.213.66.96:443 w.usabilla.com tcp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 96.66.213.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
GB 99.84.11.139:443 d6tizftlrpuof.cloudfront.net tcp
GB 99.84.11.139:443 d6tizftlrpuof.cloudfront.net tcp
GB 99.84.11.139:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 139.11.84.99.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
N/A 192.168.2.133:1337 tcp
DE 104.28.229.13:1337 tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:1337 tcp
US 8.8.8.8:53 udp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
DE 104.28.229.13:1337 tcp
DE 104.28.229.13:1337 tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:1337 tcp
DE 104.28.229.13:1337 tcp
N/A 127.0.0.1:1337 tcp
DE 104.28.229.13:1337 tcp
DE 104.28.229.13:1337 tcp
DE 104.28.229.13:1337 tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.25:443 browser.events.data.microsoft.com tcp
DE 104.28.229.13:1337 tcp

Files

memory/4508-0-0x00007FFEB3393000-0x00007FFEB3395000-memory.dmp

memory/4508-1-0x0000000000F00000-0x000000000202A000-memory.dmp

C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe

MD5 78a2304f3a08a66a5f90757dfb397f2b
SHA1 d6e327d3a056a2c6a2b1af1f72aa03293d191df7
SHA256 f3510f0c072e4c056ba514a8579f8eabcd2a4a18756e1da3d56ab17bc42ff358
SHA512 a2d204d6492585d35af689673f806cd85d1030123e929e311fe06e84eb437084386f61614a9ec3b4fa135785a0b1752bac24991294b28c2ebc6f4770ef8b8e41

C:\Users\Admin\AppData\Roaming\Nursultan2.exe

MD5 bdfdfa323d578c1f668a4f97db9b8d10
SHA1 66e7fa0ba48988483c1601a9c2301d318639c5d4
SHA256 4bdfa89047bfe08d94cac51bde472f37e3a002e673e6218fa5a5c3c0cd33117d
SHA512 fe4470f25ff65df557884d131bfbb450e651b3a9151008772d903dac251e3e04bcf1aac370f1b172d3e06145bdafe8b3c5ab95a6bc565e7fbc88add8deb7df38

memory/2536-21-0x0000000074F4E000-0x0000000074F4F000-memory.dmp

memory/2536-34-0x0000000000BC0000-0x0000000000DF8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nurik2.exe

MD5 b8b51df76b3f00ade7d55cd4c7f0d6f4
SHA1 2f7f9ddfab8cad5cef96cb0e9991efb89e642d9c
SHA256 1babeacafc7be55b72451ef9fdc0cb756c74f0cb9f8d6cc5959e731738ae3a91
SHA512 dcce8cac094346deac8f9453e0d3b428b7a1a443e865b3fe6a7e45951607ef017f104f7e48cfaf9c26d1816256a7d62a8c6347cf694dfeab837810cdc5cbf91f

memory/848-38-0x0000000074F40000-0x00000000756F0000-memory.dmp

memory/3960-39-0x00000000002D0000-0x0000000000582000-memory.dmp

memory/848-33-0x0000000000330000-0x0000000000568000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe

MD5 fd3fb20e423d639029be8a7a9b8f591d
SHA1 7e1c144b4028548742b1d324305f6c8a4bd66bf3
SHA256 9877905b046182b385cc16a102e05b0a08495d966f7dadbaea8b39871755eb33
SHA512 e25a7f851cb0a76e33de0ac37de4303b36532a30e983c71136b28b6b494affdbfe3cb4a2eacca4993bdedc6e33c1ba9784c26c303024d5c05b09d7d1e83550dd

C:\Users\Admin\AppData\Roaming\Nursultan.exe

MD5 51da89019cd04b7e3c032638bcdbb44d
SHA1 5c24aa8307f624bcfc8af66e62e59314cad357f0
SHA256 af8a4ba4e90778e99e4dc65b5c15f674a93572f10b562dad9428e7d50ef51c63
SHA512 ffe682c4e98929448d427133e2e3094e0f98e9788cc2bfb3ad226b90e1ee4e2afe4e1d982f4d48269a7b310b20da6b6e879765fdf58bbf601206b4621a2b4fc4

memory/848-67-0x0000000004F10000-0x0000000004FAC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nurik.exe

MD5 229ca4222f782cf9a4de319a507595bb
SHA1 31b9891f4f519bf535b5ca06093fa61c12178db0
SHA256 f827c4f3ead68d8f15ba9447ca69c3119d1eddd917ef36d73494d4844e888dc9
SHA512 8a572cf52f0134f417e18df92d49376b444843a8485b7ac33e0ec963c30ad55a71f363643c7da2a7ce52c3eb5eb4ef1dedf050e91d07b06686f34badc0891186

memory/5000-69-0x0000000000EA0000-0x00000000013B2000-memory.dmp

C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe

MD5 7c1116ef335e3d57298a17a0dc63da3b
SHA1 4c82030db099dd24e6be5cfeada9234bcda47e92
SHA256 a7a8fb604ff5d7eff7dba47b08254be021a7f4490af6de409a7475da98af98e1
SHA512 caf030dce4eb52e9ccfd3d0f8746fa83429e64f8061a73c435781b5b390e98aa868f5fb08f839ce706a352fcaabce0d89b7e698955d1f6c14ff38d5bcd7ef557

memory/2352-83-0x0000000000AB0000-0x0000000000B86000-memory.dmp

memory/848-85-0x0000000005C00000-0x00000000061A4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk

MD5 19759ceaa66931b34b1ea2d0d29a0f52
SHA1 54ce33c4d0b156dd93f2840272cdac504096907c
SHA256 47047347ebe60aef6f7be93fc2e51d2ac4b0cd7f3b7a17c9d5d052e1a951dd48
SHA512 53cb96ccbed95281c53fcb0846b9fab173e5c98cd120aab63e3c877e2bc8a1e8ba257abf1f114d2decc7228ca5cd70a7f00cec2bc2dc2e7960df0fb31ad90611

memory/1520-108-0x0000000000400000-0x00000000004D6000-memory.dmp

memory/848-106-0x0000000074F40000-0x00000000756F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nurik.exe.log

MD5 386677f585908a33791517dfc2317f88
SHA1 2e6853b4560a9ac8a74cdd5c3124a777bc0d874e
SHA256 7caf8779608c167ab6fa570df00c973aff6dee850bb63439770889a68c7cdae0
SHA512 876d2269e25a4b2754bdf2c7e3c410050f885d7e6bd8abce41c5fc74ae1f8c549b2266dd1588c750f614063f36c8a8e5008cea610505897d04e4ef5c3adc52d9

memory/4232-94-0x0000000000400000-0x000000000045C000-memory.dmp

memory/2536-91-0x0000000006160000-0x0000000006216000-memory.dmp

memory/4740-68-0x0000000000B60000-0x0000000000BBC000-memory.dmp

C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe

MD5 071179a85937fdcdd1e7853647b3295b
SHA1 86cf73d4385e9fb7798ef111fb2216575a4f89d9
SHA256 1b65d87e4f452e62e0365924b15814b10a5fd685bfe1b780396684f76961fdd6
SHA512 dca54bf366c81c512430fc49eb6c882b0c71da95cbf9b75a8c8a061a9b537a00033572900aaea0f5546f0274348f462284c1e344d5f3bc53410e0a308fb9f6fb

C:\Nursultan\bc09q.bat

MD5 e97fad1a36c0fa03ea46e8a8a6e5da1a
SHA1 1febf8469161b6d435c8e08b28b599502a207ab7
SHA256 b8b17538cb450d83232dcad0019c28ea7b5ab3d6a9b16dbe30c449329fbcd593
SHA512 6c1b8b00f3755d309b562126226687da9f10220c1504479d2a5525dbdd8864c9a37e9d3392e47adde3ae8121fdf5e787ea3e581be3e89b3f3245094da85f49ff

C:\Nursultan\Crack.exe

MD5 f00e2a0e9f7ec6e13e960670d7bca9cb
SHA1 5e27881f87bb77136b21229a6fb67e076d06db40
SHA256 8dc2e1698909f50c91cc2199a13ce29931f80856854845e27541840e3722df81
SHA512 85850eba79e82d11f1b258ece3f6e4894dda54e1ff63f45890d9ffacc7b6b171ab9cf5b1c7400fb7419599a3f44657346adb8cfb36924106f0f48794f3109aba

memory/3584-118-0x0000000000030000-0x0000000000350000-memory.dmp

memory/3584-120-0x0000000002450000-0x000000000245E000-memory.dmp

memory/3584-121-0x0000000002460000-0x000000000246E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qj5zvdok.5ms.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3752-123-0x0000020B7C360000-0x0000020B7C382000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 6d42b6da621e8df5674e26b799c8e2aa
SHA1 ab3ce1327ea1eeedb987ec823d5e0cb146bafa48
SHA256 5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c
SHA512 53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a7cc007980e419d553568a106210549a
SHA1 c03099706b75071f36c3962fcc60a22f197711e0
SHA256 a5735921fc72189c8bf577f3911486cf031708dc8d6bc764fe3e593c0a053165
SHA512 b9aaf29403c467daef80a1ae87478afc33b78f4e1ca16189557011bb83cf9b3e29a0f85c69fa209c45201fb28baca47d31756eee07b79c6312c506e8370f7666

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 04f1d68afbed6b13399edfae1e9b1472
SHA1 8bfdcb687a995e4a63a8c32df2c66dc89f91a8b0
SHA256 f358f33a42122e97c489fad7bbc8beab2eb42d42e4ec7fce0dd61fe6d8c0b8de
SHA512 30c5e72a8134992094d937d2588f7a503b1d6407d11afe0265b7c8b0ce14071925e5caed13fc4f9c28705df4c7aed3601f81b007048b148af274d7784aa5fb75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_2848_FWAYQEFQUFQERCDD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa6961b6c2ffce2e800a1a2a569099a3
SHA1 7e15ae483663f345f4d3d4a22a629c92ecde143f
SHA256 a2adfe09bc784b7c29e3e809f2041722324dbf130807babd265bb2de474e95bb
SHA512 595fccc3ab50ab1c62f9435ae339ab898626315873a8d0516c8c702ba287f9a63d1f60f0c4bb6a4dab08c84bfe232607010d27db91f5abb3778e97a6445cd024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Crack.exe.log

MD5 5cb90c90e96a3b36461ed44d339d02e5
SHA1 5508281a22cca7757bc4fbdb0a8e885c9f596a04
SHA256 34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb
SHA512 63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a2337611329533bb9f587e0bd08ef8d
SHA1 f91833b910dc5a90a5a0bbc4f4f8133a9455ebc3
SHA256 cd24de6e71b5285a36ea4b66973869de3d50e7ce8045d10df3d6399a477009a4
SHA512 40e6855e9e540f89979589abc5f7b81059eef214b9ec48477c6656c0ffc8e46b22bfd5d07fc091ce9b1fe74e0958d65b6c9c30cfd838a4d2e6af9108760dc897

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dad1169fd1b5a77173c8348516b8e3fa
SHA1 f6fd8d3c94eb4aaab412e1b2b19327d424eb8e11
SHA256 520cb76daf8bae9180c0fce90247eab1cc9fb0774a69d97a2d20d46b683a3281
SHA512 6988a7fd185b25b7624939ef84cb6e466873e6dfe95af680bfa42174420a2ac9fe88aace08e7b5f04adc095b9c5084067a56a919ae55b5f54ccbccb192e2aabe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 e51f388b62281af5b4a9193cce419941
SHA1 364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA512 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39122d2f8ffa3772f606567f47a8cd18
SHA1 a6da77d0be4fcb53886720948075070cc54a97a7
SHA256 5771d4bff035467a03e3875c178b8c42b276bb6b3dd20b16aff2031a5ef9ba43
SHA512 18d83f90b5057cc9b64359dcc286febb4d3af3d3075fd8e4b1922132d69df10873025dba4ae24838d8eeebd296199c682b4f05174ac84ba741dc3aea6aa31428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09ae786aff14d21baa84f433022decf4
SHA1 7b4f2ec18a2880cf9d4ab007b2a92087b5c81d9e
SHA256 4d3d869624809eeaf621207c791435002005f189b49a7e0ecc81eb2d11a2079e
SHA512 fd007ff1001f9146f9d3e017d030d06c8b5db89255858f52396d1d93077a73f196baa0fab77472632d00858119a4a65e0f4c386ba7a149145f836096c4ecdfaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b594.TMP

MD5 ed2db914561daa438648c0c3395dcbe0
SHA1 10928ae0c7351ac88b6cffe646908799b215d7a1
SHA256 f3610dc52d9a0da55c6ab67a87420cb3eaf58be486565d2801b4d69d55681eca
SHA512 89accac5963e223e082c267418754f517821373de209926f67dbe8bc7c4689501bc86628f3c4877a4c6687ad6dbdd824fbb224e51eb673926c9dc1bcaec6f200

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28923dfcdc22f19773cde9d25085160a
SHA1 14cf9ee8e4f9bc88c142271a5b2bbc0e6f865875
SHA256 29106b45b6397f0e8b45130194d186cd23c67cd635264ce973ccd868b5e760ca
SHA512 3a16360c07f5247b0c7c64943489677ebddd5dca626748b6f8e3fc84ea7590fac784bc84ff5f19f0599858917f8ba891268393330c2bc23f3c6508372434fe8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 02520cf0d32faf36cf1b3dc4a5cbccfe
SHA1 dbef7aa84a6d9a1ecb14596402af11753aa610d4
SHA256 e314c47f35713800baabf3cbc2f3e91316a98b18797933a0bb44bac16839acc6
SHA512 d981a955358f01d2de325cc4129ac93b015592c24dc49d73d4ed72f2d049e30a37fe6db8725b98e4994577b4af06577d1b04b7f654b3b38af9f3b72e50b28eed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f9e43bd60f6c4a01eee24135d1af46e
SHA1 248b9b30dcc1e72aaeab47cf9e637eface3d3cb2
SHA256 5ad8568854f7f8565bdb8f2212286ccd52e14881df73eaadbb2c5b3473b69475
SHA512 067d2145ea3583165b935adc87ab7e6170f8ebb1b4714a38e58b31ac47ad422f92afd0dbb927cc94d91c01d3273cfa86afbb7c9fd4af6c62c5f58f4f2572651e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a1d65915983958b763e37b320945f6cb
SHA1 e8ae20c71cd41078bab1a758fa74f59244ffd74a
SHA256 261b9e858b9ee63ed2b57d4b5f73b74ebb09f45d1d05947fa59d8042a12ee50c
SHA512 b0d548408ed0c010c291e6a4cef0f32041810742391f01a05c515101e6da5a3579fb2293dcb49034502961d5de9684694325c7d47dacc736db1109914c524ace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2bbece15b03af95e4a0ffb953b3b6cc6
SHA1 d57cafe9b0223d5a4ca4a434caef6220fe452412
SHA256 da8fd90b899e153115736b4f1e48d69a85dd00792d4cc80dacd061cd43372000
SHA512 d2ee84f067c24f2b44c06a84def526509863f00bb7132234b8e2b65e0d02cd37a083d8bfc4e2af55bb40d12f3bcbf0e63f434244c583fda6e3b46ff6bd7a306e

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NurikCracked.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b67908e0308ed715bdb2f44f55cc5783
SHA1 d9c94ddd7414d98c01bd3db352fd4b1a716bb960
SHA256 59c0a6fbb54789c95f43d0ebe078a587fc10e6c3d5f287a324aa45585fc960ed
SHA512 3eb95d75765277c6ec643c2cddf118bb276b404c24b26b874e3d077a3e629f6125cf6a0ffcedce2b0358ec86d543bcf2bb0ce9889acb0075e06927c8c46c1284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2bf7eb081904dd6f51e09bfb68d3a438
SHA1 33d80575aa509953a3c7b69b1dd939c94200ff78
SHA256 2b669fb34b82989ca9bea80c9c6030014cc4ad379080d957321d623646c43dbd
SHA512 7430961e9b2f396bf1cd01bf9014ae9e3620cadb098d397971faf764284ce21e0f816691f84ac996a2c6d5b0172e23b5f1f54ef7a01d8cdfef89869a627ee5f7

memory/4724-511-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-512-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-513-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-520-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-523-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-522-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-521-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-519-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-518-0x00000142DB440000-0x00000142DB441000-memory.dmp

memory/4724-517-0x00000142DB440000-0x00000142DB441000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk

MD5 7333dbbdf4f6fb5b15981557a934e0a8
SHA1 4a40e68c660377fd61c3903e353828784e35475e
SHA256 f4bfab6eddcb44f2819092be06c7fcc6b97a77b39b8fe4b98615d4e60fc683e0
SHA512 0bff18ed66afa13f6728c711151beaf7d2bdbae431a016d27f41333243855c93ae924cf7e776f2b34fef12f534a8279d6958a0bee2e40606f0b8e469ccbb274c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6753cc3287975b8c745b5c10c81bfcac
SHA1 cd4ad325c75bda80ecb9ac2d8bc225989cb7bfd5
SHA256 99d8e41ef9bcb6dfe8b538e47495f748f3cd7ef4b0bba4e659442987efdbc51e
SHA512 b47daffed8a00c41ace4877a64f3d384c6d05979303f1cb174fd783cde40378f943afe2a0d832c8d45b8ee5a45811f793b40ffc79009e219c5ddc2e3d0c4a502

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9c90377379be158e3c75986ce0c3e34e
SHA1 9d07a94e1aa3e6477c7da1eea75a533e4b93be03
SHA256 8de627a4a41f97c2ace4d73e3feedf7258f19f5ce7eb58d83d8c21dcbce484dd
SHA512 60f9e7d072e1b7bdfbde6cfb1c973d392f8e21d95401d6500c39686bfdd63b58091ce2d8e4d4093b5790dffcc7fc20a48f6178b99318349c8b6dddcea5d7b21a

C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe

MD5 3e5623a5ff8d3523bf9baa47ba4be97a
SHA1 e2c83a2a7e591aadf891364f88030880f227058b
SHA256 09b93545d93cf4feaaeb5f827d91bea5581dd2f7045de4b02f77d42c9dc0f5ce
SHA512 e6fd7e4f9f9954dc91c1e3e90ed24d073960e0cbad41e15c53c4bf2660bedba0f6f8405554a98bb3b0e210856756e0ef3a79d297055c4ebe822233e6657a9f65

C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.ba\wixstdba.dll

MD5 87c8a7ea44e8ee0d9358e25b7dcd397d
SHA1 0e2021be823fee499175d2c0d68346d15c02a376
SHA256 b7de0a0ca3a94738747abd708e30ba1f9638a8c8b7d8173c76d4f39fae3d9346
SHA512 98b5bbe5bb3ec331a0025e3da209296050b2f695be5a4b90b5c939f8fbbaada6dd93483eba779c10151546c2798aab5282fa619a55ec0cf04f56a03795a0a3f5

C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\windowsdesktop_targeting_pack_8.0.5_win_x64.msi

MD5 ecc61fc4446eea417696e929f43fa891
SHA1 e197da3c227187b67cb2343e78e7de6955bf7217
SHA256 1b0a334e1ef3563c679fe7b6ab13b5b460c132ee52a95872e5de0d96d3a675d7
SHA512 cb772e282b7f9845f79de09e4c74f61ead830b7fcf261db101fdab6ae374c5d3bac05961fd8f0e23a884560c8e88b95fe61f84f2485c25b99d2d80795f87d99d

C:\Windows\Installer\e5a6cb9.msi

MD5 f515c54d4ed80fe910e9ed252111adda
SHA1 0ca07002ca35e4f01818f9aad91b9f16ea9c4f90
SHA256 23dd0b88aaf091992aadc29cf3845f09e6c6ee385395e86c6b735e7899af096d
SHA512 e93af9c67e1cdafeb29abb6df9eb7ebb30e2d300f044bf6144543c1d6983f78b1e59384e43a1a1d18a1a97e0f68872f637b1fb98ca2763738ebf5cdbc36b0f3c

C:\Config.Msi\e5a6cb8.rbs

MD5 557f18c3ea86f37ce9643aebf57a21ee
SHA1 d51db96fea475e0993d77f446cabdf70f6fdf30a
SHA256 588157b2ff000fe8187eb291193e75b84cf2f0a5865396c2ed89ab56248a793d
SHA512 a9632d2205d5c8808295a6f81a0cfab4156caa562a4d6fb77bff954d5346a6682177ebe12d503f1b553d460c1999d92286d00654b219ba1072ae86d31122c031

C:\Windows\Installer\MSI796A.tmp

MD5 8edc1557e9fc7f25f89ad384d01bcec4
SHA1 98e64d7f92b8254fe3f258e3238b9e0f033b5a9c
SHA256 78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5
SHA512 d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

C:\Config.Msi\e5a6cbd.rbs

MD5 23c53895a7f8624ce162b3f087a17d92
SHA1 dbfe0fac08db3c4a23c657267300af4ff1a9ee65
SHA256 fc148ada6a7692d04dea01de83420698f9b4244152a283ad89fbdaf27f942331
SHA512 db88ceef7bfffceed513973fe1d308c21494a55d9418a51beba069fc4ac11ee33404f6b7c9a0ba36942f0c78511b3002653afd329a649b783c6ef90b5496c118

C:\Config.Msi\e5a6cc8.rbf

MD5 33b4c87f18b4c49114d7a8980241657a
SHA1 254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA512 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

C:\Config.Msi\e5a6cc9.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e5a6cc2.rbs

MD5 cfabc9e91e337cc9aceac235bef3e534
SHA1 a60828d936a90f8e54dc5accc30e4fb20ad23496
SHA256 dc06e88d4bfa5b6620d7a1c41a7a13f8b2d8ca1d4ab244a99cc5179c8c099919
SHA512 c88a3562ba0486798f98d6692c570a037307888aebb6245848a16379ad5c2dcb7236d6a350a5e278be2e912daeb686e50231bac7e3a4914a6013823c5d407b6c

C:\Config.Msi\e5a6cc7.rbs

MD5 536523e8dec0164461bde053a1f55f6a
SHA1 aaf8ef3e53093e4bf6317526f8fa1403ccd4bf39
SHA256 a244a46750a920138633e88f25658af858fa98f1c2c44ac422e7f080ded202c8
SHA512 a0f0829c51dae2cf162abe4e959619d0687a8f108d8ace937b5a99f5f74679f244ccdc8d616ecfbe5a51e501a73d437de5178ff9e1c2e89a3f7023d5b16dea4a

C:\Windows\Installer\e5a6cca.msi

MD5 e88a6f08d2bbe974b89979f71676c1b7
SHA1 a00841527ed694c9314f686d379a3979164d2808
SHA256 ceeb7d052b2bd39fc15ffa3b578b7dcfbcb5b5a182a693afcdd6646433a3482b
SHA512 7f2b4f2402a60384d1054f9311c7a02bf4c3455f979269a8c708644d74774c15100c767b062f965c2e6711c8351699b1ed4ce22894585f99e3c64956a2e6cee6

C:\Config.Msi\e5a6ccd.rbs

MD5 16ea75b2fad2699969c4119ccab1ed7a
SHA1 03c56799655e912de128b7be20a7b19184bf3f16
SHA256 0b5d6d6a29a7bba4448c98491446595e9775ef9ea85762172a3f3e12e8dfbab2
SHA512 9255792e6a9f69cd1cf088b38163db525bc956d3f09544e53f25951864e4dd9ac27409cc17cacfc7d2a814798433694d38d10f3217b69d3ffa17273f39dba476

C:\Config.Msi\e5a6cd2.rbs

MD5 ea03c45f4b0cc732d6cb684fe8dbb10b
SHA1 1b6d29c21efa960dbea5ea8b3d21968707da6719
SHA256 fbf44c1d8a468440ca7702062abbf0eb674336df154778009be2ca63ec0fbc40
SHA512 7abfdae3023b8e1ff3ab46de7d6b17c78dcde93958a9a270caa3eb63e00848c17f130428d10192d97b96a0b0e80c1a6cfae27b0c10192672390f1a137b4449cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 05bc01c99bda29698088d14f6360a994
SHA1 1c281bde3d83c8e825881252f38cca54a0ea7a32
SHA256 564923dd0378cd4958e7b511beb83f76842f470204cad3e8a2164a39ac2996f5
SHA512 b1ddce634807bef975a0765ad1f851be369f267ab5b03aff080203e8f3c3a2efa9ee6d54848546082dd29dbb9dc31cb963cfbbd43578bbbdf35283ec496ba573

C:\Config.Msi\e5a6cd7.rbs

MD5 3924a558ff3428d5f8a6cd1672a93e60
SHA1 8d477a4e5286d7abd2598c5bc6edad01b51b31c1
SHA256 ba2b2dc3ca6e90d6e59a089b251d1efe7bc390a054da9de1e82124ee1ea2ae08
SHA512 555a2a550c71a3645e1982f28b85561906f6bd078307466f45798a39ae19a8b6477345bdeb053d71b2d29cc1bfa55bfd7366a42b2825c6e6a25e5cbde7715c0e

C:\Config.Msi\e5a6cdc.rbs

MD5 7231d3396c967f612c90d5b1126ac586
SHA1 34c66ccd139238e6b856cde25de95aed208f9ea2
SHA256 8b6e466f7674100880d6a04bfe479512b41a912afff0bc7f11fd6bdd4934fece
SHA512 07035f65678d83e9d9de5b5b32df6c82fd5c6fd8319d5ada51f139aeedbd9f67732f778d8749f072c8aa67fd5fb6e47456e6a4d678cb756d265097c67694fdca

C:\Config.Msi\e5a6ce1.rbs

MD5 60c02f1d0f2994442e7b44daa57f0911
SHA1 db0825f71648fba278466d7bd8142cddea40bc20
SHA256 8c61317e3d80de37dbbff4a463337b61b3a81bf2e76ee5a5367a4ce4a865b9df
SHA512 96442be20ebba662aa39ddf2bafdc1e6e8a7f96c214ec3059945333c3cea3ee9d1e98a6f2b10d10ed659457121d1c83faf51c5d94493263ce52e875c43fccfe5

C:\Windows\Installer\e5a6ce7.msi

MD5 2d8a9f00fb0887ffd890b622aecb2da5
SHA1 16c6686b4c44abd01ed814d218528fae411fd87e
SHA256 2edde9257410ad2303baf9395016558e398674e2c18e9774e46c9f8cab1506b7
SHA512 3c2236f4ebe388fc6276d555058d4cfb72c67612ccc947570155d10297076d748d6b1f8fd8b18ae477951c2a20d74c0994de2ff0b19ba247a84a63de8eb24eea

C:\Config.Msi\e5a6ce6.rbs

MD5 b97c378347bab4b4f9b95483104ca4b1
SHA1 47d2278ccecd23a80ec818652182cee5183f86c1
SHA256 3b244d79cbddb8920ec247f75b994e1627c8d73f11ef6fa57ebfd820288a2c75
SHA512 691a5f0637de08c5d88b86af5389738a042b9307abc4cc557cc0d7a86aeb2f68674b1febb6908a3abea5b05b3067a1eff6b0f12a657cf45657b1941a278ac861

C:\Config.Msi\e5a6ceb.rbs

MD5 eb99d8e60e8618f71d43a955beb54af0
SHA1 7aaf67ef47fe1a1cdd5a4bd9e2a19782151356d5
SHA256 68c65082c368e74a657a48d5feb260faeb230ac22d72713f52b08cce282b074f
SHA512 a5e477d097d62653db5849ab35e6d2a457e1c35fbf571a6ee4011129ad489f0b1964a48f68a9987beaffb698918aa31602ada2cab0d617e003ec5da94b30611b

C:\Windows\Installer\MSIB095.tmp

MD5 60e8c139e673b9eb49dc83718278bc88
SHA1 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256 b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512 ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

C:\Config.Msi\e5a6cf0.rbs

MD5 ced82889e4673a5a49ef832cff453b68
SHA1 d9838c29570d6629681bb83343805b4114ee7690
SHA256 87a5950b4d3b34642118b90483fe04849fdd53adc7a83a112f9092c76869160b
SHA512 e23a91ff8f9fbb6e39a6e75714c0ddabad0bd0e337c0d6cfffd26cad9d65389628bc1cbc193f90eb7f132b6bb9751f5af434500acf7cdc9404cfaeb00741425f

C:\Windows\Installer\e5a6cf6.msi

MD5 fe1dae231d859bb8873a1cfb4d10a780
SHA1 cd11a4fc943785281145e7d94817be6e3147faa4
SHA256 0a971de7da8d04d1cc0491f9d16bfdaec605dc7eec0d7e7df9844645e58f75fb
SHA512 76608d7eca7df522d23636bd29439280db828d1e0ad1fdba7e22e12a5cd740ae9d7b3c90c2840085686279ce0e015f477f4d4270c944c1ab9203f138aa14b486

C:\Config.Msi\e5a6cf5.rbs

MD5 cfde3c1b2b31dfa2fb357f4837067d9c
SHA1 85d604ea9ab8075600fa22ea87011954bb5883d6
SHA256 eb3148f17406771258aa88a79c21205b8a8f4ccd2982274cf10398aec13eabae
SHA512 a0e6d5a66b2a1ea0f095b0d3243d1d3ab5832804059312e6fc4b9c2b5a9bfdc39cfac98e420dffe1ff18718637718c6bebbbc573181a12bd9a35f7d392368653

C:\Windows\Installer\MSIBC32.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Config.Msi\e5a6cfa.rbs

MD5 de88c0189c4e21efb7310acda6dae228
SHA1 ea824726ee71313a5a071efcf87de493147b88ec
SHA256 62747b47eb53dcb21c5167984ccd2ccb60ebb8373811aaa1acdf77ad44c4352a
SHA512 de381b9b964a48fc64368f43d8bd1bbc1765ac2f90e8ebe60b57248ebb34c25c8dd44d8b53788187be0321705c19801bbd91f3930cf604fe360155814dd4fbea

C:\Config.Msi\e5a6cff.rbs

MD5 7767d246883c1cb5e7bbd820621c7fc1
SHA1 73d6d95f469ac083c2397e1f0f4c2fd76050da08
SHA256 693fb8113335c57d24e7795b6292460058a1d7a30d7b911df90cbb50f1683cd3
SHA512 a5feb6bb2bcdd427af3ca757aa41fbd4a98464408b4dc48443250f6752c37820ca0bf48c213374247998c1d4e63ec6b6d1808ce8f11b1279ec6703784572e4ce

C:\Config.Msi\e5a6d04.rbs

MD5 5e6bc937ca30316964b89a5e7346fac9
SHA1 fd5450f7bc88875ad08162d8a7cf890b7fb11f7c
SHA256 79396db8bdf4701bf02862066cce89eb2a817234d808f479901ad7db0337a5e8
SHA512 c86f381abbebfd338d678f366542d75191e84127dd511c943be42f36cfbb8c2689261b7422b92f81d8108f403bef373581954f075b55eb40a6decc41ffa504a9

C:\Config.Msi\e5a6d09.rbs

MD5 028aaf2081dbe1974fb2c4850f033a7f
SHA1 de2a6d1910f3bfde39619b11481e0a7658727fdf
SHA256 4075d37aeca75511edcafe47b780cf2ed7a373574b80a230875c48e1b8d87aa6
SHA512 ade89ec913e51a286168d14dd9f1cf8531d231f75c3db33bf58a5d53e9db6caec09053e1d3de66f986fca9fc4d10a00a1f4620cfc53e93034ca9635444f19b41

C:\Config.Msi\e5a6d0e.rbs

MD5 031320b99ae05c663433078d16b05679
SHA1 07e667668fb4ffa5f4d2feac6619c20afceddfb1
SHA256 28239eb74d25c2d95d39ddaa1ed99c7091ae1ddf8423e55d4eb2e8de0544bcd4
SHA512 a20e9c8ebc98a8e26365b14caf29ab37f2689043ab80d00bea9989b38d28b2ea20904daeeaa5037f43126ad0a4c5245d30cf35b65ab94480d4627d8d6818ac6a

C:\Config.Msi\e5a6d13.rbs

MD5 710f1a543bb6901a4bbae6a2506ada52
SHA1 943d6341c5121dc3ed12b0b405236b8fe3611f05
SHA256 3dc4ee7282af38af54e00130ee3cbacc903b8f5c13056e5fea6f54fd1e0a3018
SHA512 f88ff2c73f6842d42af4226c4558c83a3a518525fdc8409528f8f2d495c32b2e72ba8c89e51d7ca8caf8eef929d818605d1ce210b63bc5eca9f7d6fe9556d436

C:\Config.Msi\e5a6d18.rbs

MD5 de7d68f3bd35caaf0be694f34cb84aca
SHA1 4cd5f2805234ea6660d1337dc8d71deb5779c665
SHA256 bb7c8ef889962a672b1ae6ae291f9c0ea0d09088199137e5e8a074e646425bb4
SHA512 04091b7c43feeaf561ce0ec8d08963f0dc7f28cb2f3b51e1a3a7be3dc2e2e7dd9c03f6ddd81676b010115bb5225beeff30b7a935a3cacc5917d746cc6528c3c7

C:\Config.Msi\e5a6d1d.rbs

MD5 244a7ff1ac1bd99624f6ba5f04bd7f67
SHA1 8179c442c820f3cdb46832947a0acb47112a88d2
SHA256 09ee69150bb69383c9bca194d1318523f52293cc05f77f3f852fa92f52b34de7
SHA512 6d6fefbb396d8c1f846c3f65fc564a5df233b6a46bb05b44b4ff82bc1b5d565d8328a4ae3759c9c92f59656107acba5106ba51d1253a0aea29363bcf8d96f72c

C:\Config.Msi\e5a6d22.rbs

MD5 15dff3e506cb5bc9c483697ab0a4800b
SHA1 690ebff49e2c70061904d824c060b5fdc361f0c7
SHA256 b872f4cd3163f4ca888b72aa31669c001f48c29074d1ba360b4fdd0b30a16c98
SHA512 f32c88596a8bdac11a148ba815f88f257a42041fd3a310704c24fd70fb56f45750b02c6979d90156b8ece74d887b4c3dcc619ecf9307783587f1f68bcfc32a21

C:\Config.Msi\e5a6d27.rbs

MD5 b46ee5ded76537ee834c8e1e7b3f642f
SHA1 ed371883dce58fea14eb8c2704b10cbbccc2e33e
SHA256 f68cff0be695c98dd1fd147b526781880fb9081c698e33d16645f570273b456b
SHA512 45c72f7cd4dbe2d50ce464bffca8499c6acdb7871435f888bc5a60e6a3a50e9c0581ea4955cf68be04ec1f6409c67e9cd5cbbc8e5f25b272c78191572aff5032

C:\Config.Msi\e5a6d2c.rbs

MD5 2144b79894e89590cfc51453779e53e6
SHA1 4e2562de9e5ab9a59a8801027f63868ced63d53c
SHA256 8a322115af876528b8f6f949b61e37dc898e839b813b4f99c5c2e3d2c575fe2d
SHA512 0d2fb8775db026c70b393334c3375feb3f9838891ab03d012cc94dea1c34ab7b0d13c851353ddc0799623e15155b8b8d0e7c587adf2d45880d5c0f99fb45918a

C:\Config.Msi\e5a6d31.rbs

MD5 423d1ffa774660ba5817afa191cda7ac
SHA1 b43934413d24f5bc6038ef9a07c461ac9541c644
SHA256 aaa63100343d085e8e35ae379834720efaa4de6d9572e55a041916a40a909bff
SHA512 56c0b437670b78d6c9ad60b05b2e1d1f9e5e77c796052a19c6412cae15750565716eb987a61dafe7410044eb1269cbfda26dea53a4eef533149ad80b85cc165d

C:\Config.Msi\e5a6d36.rbs

MD5 9b18bed1d2932c44bf54062aa22cfefa
SHA1 ba631e4d0d7703b49f21f5a65eef3a0bcf96f660
SHA256 f719909aecd69a09c0a498dea953923ad4eabe14647adc6c4f7d940dc825d695
SHA512 3fe54800cf8860780cca987ad913796dfee66b6480bf48838058d4cc30336e4a8ecb856a18b29244b122a3812bbf6f95b6b20d355e1e2173d473a859e9a55a91

C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\testhost.net472.x86.exe.config

MD5 a22cdd3374234d3a50c2ace2dc33a63f
SHA1 d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256 b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA512 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Text.Encodings.Web.dll

MD5 fa9d0d182c63c49a4c567f7c1652b6e6
SHA1 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc
SHA256 e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84
SHA512 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Program Files\dotnet\sdk\8.0.300\zh-Hans\System.CommandLine.resources.dll

MD5 c182eebde556be386ca5b656974993fa
SHA1 864aab5c6e71bc3537612c2541e7737d02e6f4c0
SHA256 d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd
SHA512 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

MD5 ea1fc85ccabec5aa1ae22452afbafac1
SHA1 8ea9da27d9335f80c76867837688218b78311148
SHA256 f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483
SHA512 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

MD5 3f14df8e4be6100673090c43eb3c3476
SHA1 61c1e35aeb6cb477077416f050c344fb18f5f87b
SHA256 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2
SHA512 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Buffers.dll

MD5 ecdfe8ede869d2ccc6bf99981ea96400
SHA1 2f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256 accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA512 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.targets

MD5 5725a6d47308db618d015c3e55dd499c
SHA1 9b3e1ac8d62d522505f57fee89a249ac33325edd
SHA256 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512 ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ru\System.CommandLine.resources.dll

MD5 7717b3eae55b3ec74f40699c1b9896c0
SHA1 1483166af6059633de2e20545bc3f3cb6f035304
SHA256 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02
SHA512 c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Text.Json.dll

MD5 63f1d0b53ce47b0ac3216281c8bcaf24
SHA1 090cb7392ed07a94d237b5aa2175689faaf49b7b
SHA256 de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb
SHA512 386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

C:\Program Files\dotnet\sdk\8.0.300\MSBuild.runtimeconfig.json

MD5 29b1d428243138af5176ef6b2c1b2c99
SHA1 e056c83aa5dbbef653ce26a02eb05eb7e54cdc75
SHA256 6359ce84d5ca840557e9b26b85499f2ac90dad7784cce1071b3fbdfcb3aeb7ad
SHA512 063d2d52f6bef27945a31949c1cbeffa23ecee8d6b225d7f64189ab1b2fcbd4387cd4cea17e5a0c3bb32d14fc80417f7a4a714742c03035e933fb888fee9def6

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\zh-Hant\System.CommandLine.resources.dll

MD5 9101e8227a7ab83cafd27e4ec222ba10
SHA1 3a80807f7cd695bd9258eaaadf8b2d7dccefc125
SHA256 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e
SHA512 e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\pt-BR\System.CommandLine.resources.dll

MD5 c7f0f7e0a7562225d7b60b88459bde92
SHA1 96c432044ecf7d346e09c6c46f5ca163396d97f8
SHA256 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353
SHA512 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

C:\Program Files\dotnet\sdk\8.0.300\de\System.CommandLine.resources.dll

MD5 e771e643a2f47b5d527aa4dd1e857aed
SHA1 ddb6ebbdc354122989c67ed9cc2555da640b16e5
SHA256 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15
SHA512 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll

MD5 ff34978b62d5e0be84a895d9c30f99ae
SHA1 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA256 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA512 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\fr\System.CommandLine.resources.dll

MD5 aa8eeb801d74a4e562fd8c044e03fa8c
SHA1 8653841bd62dc74f605f608ed8f354dd692faaa2
SHA256 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b
SHA512 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\it\System.CommandLine.resources.dll

MD5 4e92ced559ff6f26d238fc5393dab39f
SHA1 400983302371c5a7ba38e3dba8fbc4c5f8192018
SHA256 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471
SHA512 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ja\System.CommandLine.resources.dll

MD5 5d26652b0f420ca6ba2bfa00b84eea38
SHA1 8dc1d2a7cb6b857344c120544f842fccdaa97e79
SHA256 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c
SHA512 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

C:\Program Files\dotnet\sdk\8.0.300\es\System.CommandLine.resources.dll

MD5 79e57433e70b5a0a300303dfc5d759b4
SHA1 cfe5862964f3b389cbac01e157e9ade0031e45ef
SHA256 b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8
SHA512 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\cs\System.CommandLine.resources.dll

MD5 2f679e46823cf54660405eda0dbf0842
SHA1 29fdcbd753e36022b6308425dad9323e5f3472fb
SHA256 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf
SHA512 f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Common\buildMultiTargeting\Microsoft.SourceLink.Common.props

MD5 a5dcc9e5bf323d748b26652e11956905
SHA1 7f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA256 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA512 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\tr\System.CommandLine.resources.dll

MD5 c9c8df325a05d227bc32a5d854713c4a
SHA1 cf9ea69ccebd1ef0bd46beff01254a02c5fb0131
SHA256 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf
SHA512 fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

C:\Program Files\dotnet\dotnet.exe

MD5 91dba54eca40d3cfaa3ac78a883363f9
SHA1 61743c077f10a80b42597a3a968e1b40b52203b6
SHA256 8bed1f80f0f88ae90728d3ba3e13b49c408b7642667a2550c5724638d1252cb7
SHA512 72993a8a886fa740801b3a9c8d7a7f4fa7ca1db898039728971f1c7c2e212007f374f1123b527dc3c75d3cd454943639435a0b29194fad990cf16202bbce4e68

C:\Users\Admin\.dotnet\TelemetryStorageService\20240515205244_6164f1b8fc4e4aea8b3c8cf3d5d8e06d.trn

MD5 97bfc5edd3c99f70589a286a14d09989
SHA1 bdc25f1adc9adeeb65691cac6ef5ee310dc7662b
SHA256 2753ee87b488866f3013d903b0109ace984ae8dad3392d87feeab53e14d0fadc
SHA512 77f1c63ba9a782591c9afb7696a46c77aa874b0a879aaddddb5f55bd23df555429c63d2b2f4219e6c0abe5a9e1825bf4e22469a7337fbda5fb06161eda1b60e0

C:\Config.Msi\e5a6d3b.rbs

MD5 5926bd24cdce7928adafcb73435b43dc
SHA1 9f71b98920273f0df3b30f0bfc05135cf63d848d
SHA256 719aa4323c481693eb73c48e9fef11851e5158ce107a75393af7a3f4c87b986e
SHA512 19e783d7010346bbc25ac6336df7a8477728282439456598de556e9f59647fd6d88983121b6f1071377d63f5ef3fe43daed0d08799d2fd055a72637400416237

C:\Windows\Installer\e5a6d41.msi

MD5 f8247cb4681460bacaa8c44719257952
SHA1 3a41a903ae164b823215b195b618c8c3dc159b9e
SHA256 94b57e7393198f0fe80ccb0ce070a2fa6f719134d7f976899f710aefcbacac0d
SHA512 aeb476c9ea76d3ee8529c3074125833eddfa4cf331d8ac5cd4ff3b7ed48d5c09510e4923593a880851f45804926ee40795273ebfa6cedb8c54812145f11ccf92

C:\Config.Msi\e5a6d40.rbs

MD5 c9c6881ad07d3f2d7a2659710227b062
SHA1 abf9ee8af14341cd8c37e2ae592a0a903ae5f073
SHA256 e2da45a646aa2521467cb25f88aef52e3a067c4570821fa8f76e74a1cedb2190
SHA512 00076797a5312f6785b6a64a59db9492c1a7dd6163f142dc858b6bc65507ae6826144fdc64dbc14c72609e50968df0c903f2665cfc2bc2b2eb5c4e87e63bc11f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 284b862111416c280f179f8748fdd96d
SHA1 60f4b20c9baab2c1a71dcc8e4217f01dc0fc6e18
SHA256 a4da4ae32b9aaa72ed564282371e99d29c95de2c6560447d15347864b23b8960
SHA512 a9c26b183b92f0de8c8b119dd58119915a42abdfe17601047942d7cc55f4a21a56c5b6d0b72be04b88783ce8aab3612a40dc803ed25a1d7fdd92160f1fd5a45e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e3d68c204c80041c9dc32bcbc44627c4
SHA1 56292d26bf685fe8188be4fcc58f0f33c0840732
SHA256 951e359b438d47d1cbde508def7c31eb8dc7904febcc15f70604d366e8f1a5eb
SHA512 a7f965ea9f197f53111e3157dca62d20ed47d6b32f54f4730dd677b22f2e17761f80174b3acccb0f8ada1db178684356baf20da0c355bfffd092e92bd340a9e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70e6a2f0db8851d3b10275f0f5794b18
SHA1 e729bf4bca9a172cdd97d4e8c57bc57c3ba69918
SHA256 5fe8639e0465fcc1ee589bbe57e7683578e31ff8dbc8a17a83d393982efa6127
SHA512 3e296f236525dbfcca69e910658fc02db2d15f0627de8ec1dc1d2e064c0b39f50aef8cd5b91d027f433023f59e9feb59dcc6bdd43485b1f1fad39d6f5a989926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b009d7d5f73f6582388a6f7a63fa67d2
SHA1 bbe691ec7d6d322e01dbe3a8ab200e1b47888555
SHA256 ba1301cc14059829fc9c921933e7373aad6d41a54756ef6ec57d7d6ea5b5ec4d
SHA512 b2c774eee0b7040de2467c600c8829c843005b19ea6db0e4976b3ee7c750e36fcfa30664643f075d08c786e921d3ec327d278a8893fa64f9ac9c53bb34e2e623