Analysis Overview
SHA256
c0fb1c29e216e6ede0976d74218c4565ee5a525765995883e3d6c39d50e7c5a0
Threat Level: Known bad
The file Nurik Crack.exe was found to be: Known bad.
Malicious Activity Summary
DcRat
Detect Xworm Payload
Xworm
DCRat payload
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Drops startup file
.NET Reactor proctector
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Looks up external IP address via web service
Checks installed software on the system
Enumerates connected drives
Detected potential entity reuse from brand microsoft.
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-15 20:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-15 20:48
Reported
2024-05-15 20:53
Platform
win10v2004-20240426-en
Max time kernel
300s
Max time network
297s
Command Line
Signatures
DcRat
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\Nurik2.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\Nurik2.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{582ba875-ec42-4505-9e60-ec189a76f52c} = "\"C:\\ProgramData\\Package Cache\\{582ba875-ec42-4505-9e60-ec189a76f52c}\\dotnet-sdk-8.0.300-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NurikCracked = "C:\\ProgramData\\NurikCracked" | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2536 set thread context of 4232 | N/A | C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 848 set thread context of 2412 | N/A | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 3960 set thread context of 1520 | N/A | C:\Users\Admin\AppData\Roaming\Nurik2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 4468 set thread context of 2136 | N/A | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 2856 set thread context of 1800 | N/A | C:\Users\Admin\AppData\Roaming\Nurik2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 5012 set thread context of 4168 | N/A | C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe | C:\Windows\SysWOW64\schtasks.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Security.Cryptography.X509Certificates.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Http.Connections.Common.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\trustedroots\codesignctl.pem | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Xml.XDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.5\ref\net8.0\PresentationFramework.AeroLite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\es\Microsoft.DotNet.Cli.Utils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\es\NuGet.Build.Tasks.Pack.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\BuildHost-net472\Microsoft.Extensions.Logging.Configuration.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\tr\Microsoft.DotNet.Cli.Utils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\ru\System.CommandLine.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\msquic.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Diagnostics.TextWriterTraceListener.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\analyzers\dotnet\cs\es\Microsoft.Interop.SourceGeneration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\zh-Hans\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_8_recommended_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_5_default.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_6_none.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.5\ref\net8.0\PresentationFramework.Aero.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\core\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Roslyn\bincore\zh-Hans\Microsoft.CodeAnalysis.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net8.0\fr\Microsoft.DotNet.Cli.Utils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\NuGet.Build.Tasks.Pack\Desktop\de\NuGet.Build.Tasks.Pack.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_9_minimum_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\tr\Microsoft.DotNet.ApiSymbolExtensions.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Runtime.Loader.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\ru\Microsoft.VisualBasic.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\cs\tr\Microsoft.CodeAnalysis.CSharp.CodeStyle.Fixes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_7_default_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\zh-Hant\NuGet.VisualStudio.Contracts.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\pt-BR\Microsoft.TemplateEngine.Utils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\BuildHost-net472\de\Microsoft.CodeAnalysis.Workspaces.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Extensions\dump\DumpMinitool.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.AzureRepos.Git\tools\net472\es\Microsoft.SourceLink.AzureRepos.Git.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\ru\NuGet.Resolver.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\System.Drawing.Common.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net471\lib\System.Net.Sockets.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Windows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\targets\Microsoft.NET.Sdk.StaticWebAssets.Pack.CrossTargeting.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tools\net8.0\System.CommandLine.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.IO.MemoryMappedFiles.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.Extensions.FileProviders.Composite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Extensions\it\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_8_default_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\runtimes\any\native\NuGet.RestoreEx.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\zh-Hant\Microsoft.DotNet.Cli.Utils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.Features.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Diagnostics.Tools.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\NuGet.Build.Tasks.Pack\CoreCLR\fr\NuGet.Build.Tasks.Pack.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Net.Security.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Extensions\fr\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft.Deployment.DotNet.Releases.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_5_default.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Roslyn\bincore\ko\Microsoft.CodeAnalysis.VisualBasic.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net471\lib\System.Data.Common.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net8.0\zh-Hans\Microsoft.DotNet.ApiCompatibility.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-user-jwts\8.0.5-servicing.24224.4\tools\net8.0\any\Microsoft.Extensions.Configuration.Json.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Threading.Thread.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Runtime.Serialization.Formatters.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Reflection.Metadata.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\data\PackageOverrides.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\zh-Hant\Microsoft.VisualStudio.TestPlatform.Common.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\NuGet.Versioning.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5a6d41.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI768B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7B60.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBE57.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{6D0341DE-C194-4220-A980-4DE1B1309B2E} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d32.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{C6661EB8-C8EC-447C-8BD6-6439592AF0D8} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cc4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7F5B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{F904B9A8-A0A9-42FA-8132-2E1EEC523722} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{34F17197-6239-3B55-851C-B21B1F6C926D} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC552.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d2e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC824.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d19.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6ce2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cf2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cfc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d06.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d38.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6cbf.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI940A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6ce7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI398F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB9DF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC2A0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cbf.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8190.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6cde.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6ce3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6ce3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D36.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d15.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d28.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6d2e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d37.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B59E8D78-7A0F-4246-ACB8-9867B22FDBD3} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d0f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8038.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8E87.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6ced.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d05.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICF2F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{97EA8828-361E-42AB-A287-67D7F4F4092D} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3249.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cd3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6cd9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID163.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{F3AEB036-4B8A-4C25-B4D2-850944E909C4} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8CE0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8FFF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cd8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cde.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6d00.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6d1a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEAA0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a6cca.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a6cce.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{CE4D0B17-4E11-41F9-8C3B-73F61DFE0797} | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\44 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\42 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\43 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\43 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\46 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\44 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\45 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\45 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{568F99E8-9F2D-48D7-A05D-D64C512B3AFD}v17.0.8478\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8E99F865D2F97D840AD56DC415B2A3DF\F_DependencyProvider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79171F43932655B358C12BB1F1C629D6\ProductName = "Microsoft ASP.NET Core 8.0.5 Targeting Pack (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\87D8E95BF0A76424CA8B89762BF2BD3D\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64\Version = "17.0.8478" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9716E8593420544459868C1B95747D80\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BFC6307A304B895458FF3D79BA8B1837\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0E4172F60BFE1D04DAD1B6AF950013C2\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9716E8593420544459868C1B95747D80\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63337BB296F4141479799EDBF63E89A0\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64\ = "{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\ = "{A7036CFB-B403-4598-85FF-D397ABB88173}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\87D8E95BF0A76424CA8B89762BF2BD3D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.7.63663_x64 | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{582ba875-ec42-4505-9e60-ec189a76f52c}\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\28E014F9DF16265308F7A8717DA9E3F3\79171F43932655B358C12BB1F1C629D6 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9716E8593420544459868C1B95747D80\Version = "1075066127" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.5-servicing.24224.4\Dependents | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{582ba875-ec42-4505-9e60-ec189a76f52c}\ = "{582ba875-ec42-4505-9e60-ec189a76f52c}" | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.20.13583_x64\DisplayName = "Microsoft .NET Host FX Resolver - 8.0.5 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E7D2A8AC10ED774786002B45810D078\ProductName = "Microsoft .NET Targeting Pack - 8.0.5 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D6FE611E8EAD6E40B8DFE1F54DC54AD | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net7,8.0.100,8.0.5,x64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\306051AD8B00B0139BD0579A2D71805E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D97B4C2B5C422845B04132B8CD366F6\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList\PackageName = "729ebc3a4ae248c9d9e33c8304329ec3-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D1536F523A1229E469E4108E462AA11B\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79171F43932655B358C12BB1F1C629D6\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{34F17197-6239-3B55-851C-B21B1F6C926D}v8.0.5.24224\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AFB2D84B46CC89430978440AD5756C04 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.5,x64 | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9716E8593420544459868C1B95747D80\F_PackageContents | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.20.13589_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D1536F523A1229E469E4108E462AA11B\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_64.20.13589_x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{98927287-8779-447A-919E-73028D53F719}v14.0.8478\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{4743A837-AAB3-4E49-A3BE-E1CAE3151EDE}v64.20.13583\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\27F276386764FA53C893931EE30C5745 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Version = "1073747250" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D97B4C2B5C422845B04132B8CD366F6\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_8.3.24.22415_x64\Dependents | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\SourceList\PackageName = "936c24a666cd5966d5685fd74d2648b0-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\214F2F970A72AED3AB5BEC31D42C3CAC\8E99F865D2F97D840AD56DC415B2A3DF | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.5,x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64\Dependents | C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 991091.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe"
C:\Users\Admin\AppData\Roaming\Nursultan2.exe
"C:\Users\Admin\AppData\Roaming\Nursultan2.exe"
C:\Users\Admin\AppData\Roaming\Nurik2.exe
"C:\Users\Admin\AppData\Roaming\Nurik2.exe"
C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
"C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe"
C:\Users\Admin\AppData\Roaming\Nursultan.exe
"C:\Users\Admin\AppData\Roaming\Nursultan.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"
C:\Users\Admin\AppData\Roaming\Nurik.exe
"C:\Users\Admin\AppData\Roaming\Nurik.exe"
C:\Users\Admin\AppData\Roaming\Nursultan.exe
"C:\Users\Admin\AppData\Roaming\Nursultan.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Users\Admin\AppData\Roaming\Nurik.exe
"C:\Users\Admin\AppData\Roaming\Nurik.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "
C:\Nursultan\Crack.exe
"C:\Nursultan\Crack.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "
C:\Nursultan\Crack.exe
"C:\Nursultan\Crack.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\NurikCracked'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'NurikCracked'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "NurikCracked" /tr "C:\ProgramData\NurikCracked"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaa0946f8,0x7ffeaa094708,0x7ffeaa094718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffeaa0946f8,0x7ffeaa094708,0x7ffeaa094718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,8014812777731292225,8524632011462281981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe
"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"
C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe
"C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=584 -burn.filehandle.self=720
C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe
"C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.be\dotnet-sdk-8.0.300-win-x64.exe" -q -burn.elevated BurnPipe.{C62CFA04-2E8C-4440-9F44-2098EFAD17D7} {02896B8C-0E91-42D3-94E3-0EB054652E9D} 5744
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F70A88D50791A1D18A4EB9DA10F3C21B
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 46DF211D480796C53AC52FE3C33D00B4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F64FBA75EC05149602372D18F84189C3
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3C13481A961A76E2DDCBC9504CE684AF
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A0CCCAB34A41450A932FA7C99C2C0DE1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 19ABAE2FFE940F0E8F017A2A25616FA8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6DE3FA5370BD6291DDF86FDE7F227994
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A4933E2A93D6774C173996C92C6EC691
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0E290C052E8B06D5608A0A556DD0F5D7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C6D1FE8DA2AD9FE7897BFA60C69C6720
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EE8831F7B7482F665BF796B865CBA957
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5851FCD734D4C75494D88FA697FCC18B
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding CA1C08C45EF9FDB4937084BFA8F49FDE
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 672E7A7F1675689AA31D7BDE8FC1C49E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 74FEBC8416E8D257CBED17FDE278927F
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8D966127C62ACAAA83D0282A8C7EC319
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4CAFC31175BF607BAC627CFC34F718B6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C9F7B28CBA21075237940C879CDBB395
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0D6E5DC75D9C6D5A64738726B00415E4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1E34D3C56305C0005EF5DF8C7F90341A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E54C1F0ADBE0DE83BECEEC3EDDD101A9
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 94E3B16D9E22AACD771B099481C862E5
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B3BC627E99FE2C87282B940EF48AFAB7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5476A3F87CD0323953DAAFED48E1AF9D
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 71AE5A679A7E17632F6C148F8F5ED400
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4FCF1D2EE4AB179033B905BE5AAA2CA0
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A9FA761EAE5FEDA5F8A79E18C010C021 E Global\MSI0000
C:\Program Files\dotnet\dotnet.exe
"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.300\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7DADB730F91733E7D018C6A79383E936
C:\Users\Admin\AppData\Roaming\Nurik2.exe
"C:\Users\Admin\AppData\Roaming\Nurik2.exe"
C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
"C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe"
C:\Users\Admin\AppData\Roaming\Nursultan.exe
"C:\Users\Admin\AppData\Roaming\Nursultan.exe"
C:\Users\Admin\AppData\Roaming\Nursultan2.exe
"C:\Users\Admin\AppData\Roaming\Nursultan2.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe"
C:\Users\Admin\AppData\Roaming\Nurik.exe
"C:\Users\Admin\AppData\Roaming\Nurik.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"
C:\Users\Admin\AppData\Roaming\Nursultan.exe
"C:\Users\Admin\AppData\Roaming\Nursultan.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Users\Admin\AppData\Roaming\Nurik.exe
"C:\Users\Admin\AppData\Roaming\Nurik.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "
C:\Nursultan\Crack.exe
"C:\Nursultan\Crack.exe"
C:\Nursultan\Crack.exe
"C:\Nursultan\Crack.exe"
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| BE | 2.17.196.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.196.17.2.in-addr.arpa | udp |
| BE | 2.17.196.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 2.21.18.87:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 87.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| IE | 54.73.116.64:443 | mscom.demdex.net | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | 64.116.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.2:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.2:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 196.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 52.213.66.96:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.66.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| GB | 99.84.11.139:443 | d6tizftlrpuof.cloudfront.net | tcp |
| GB | 99.84.11.139:443 | d6tizftlrpuof.cloudfront.net | tcp |
| GB | 99.84.11.139:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.11.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| N/A | 192.168.2.133:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:1337 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 204.79.197.200:443 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.25:443 | browser.events.data.microsoft.com | tcp |
| DE | 104.28.229.13:1337 | tcp |
Files
memory/4508-0-0x00007FFEB3393000-0x00007FFEB3395000-memory.dmp
memory/4508-1-0x0000000000F00000-0x000000000202A000-memory.dmp
C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
| MD5 | 78a2304f3a08a66a5f90757dfb397f2b |
| SHA1 | d6e327d3a056a2c6a2b1af1f72aa03293d191df7 |
| SHA256 | f3510f0c072e4c056ba514a8579f8eabcd2a4a18756e1da3d56ab17bc42ff358 |
| SHA512 | a2d204d6492585d35af689673f806cd85d1030123e929e311fe06e84eb437084386f61614a9ec3b4fa135785a0b1752bac24991294b28c2ebc6f4770ef8b8e41 |
C:\Users\Admin\AppData\Roaming\Nursultan2.exe
| MD5 | bdfdfa323d578c1f668a4f97db9b8d10 |
| SHA1 | 66e7fa0ba48988483c1601a9c2301d318639c5d4 |
| SHA256 | 4bdfa89047bfe08d94cac51bde472f37e3a002e673e6218fa5a5c3c0cd33117d |
| SHA512 | fe4470f25ff65df557884d131bfbb450e651b3a9151008772d903dac251e3e04bcf1aac370f1b172d3e06145bdafe8b3c5ab95a6bc565e7fbc88add8deb7df38 |
memory/2536-21-0x0000000074F4E000-0x0000000074F4F000-memory.dmp
memory/2536-34-0x0000000000BC0000-0x0000000000DF8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Nurik2.exe
| MD5 | b8b51df76b3f00ade7d55cd4c7f0d6f4 |
| SHA1 | 2f7f9ddfab8cad5cef96cb0e9991efb89e642d9c |
| SHA256 | 1babeacafc7be55b72451ef9fdc0cb756c74f0cb9f8d6cc5959e731738ae3a91 |
| SHA512 | dcce8cac094346deac8f9453e0d3b428b7a1a443e865b3fe6a7e45951607ef017f104f7e48cfaf9c26d1816256a7d62a8c6347cf694dfeab837810cdc5cbf91f |
memory/848-38-0x0000000074F40000-0x00000000756F0000-memory.dmp
memory/3960-39-0x00000000002D0000-0x0000000000582000-memory.dmp
memory/848-33-0x0000000000330000-0x0000000000568000-memory.dmp
C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
| MD5 | fd3fb20e423d639029be8a7a9b8f591d |
| SHA1 | 7e1c144b4028548742b1d324305f6c8a4bd66bf3 |
| SHA256 | 9877905b046182b385cc16a102e05b0a08495d966f7dadbaea8b39871755eb33 |
| SHA512 | e25a7f851cb0a76e33de0ac37de4303b36532a30e983c71136b28b6b494affdbfe3cb4a2eacca4993bdedc6e33c1ba9784c26c303024d5c05b09d7d1e83550dd |
C:\Users\Admin\AppData\Roaming\Nursultan.exe
| MD5 | 51da89019cd04b7e3c032638bcdbb44d |
| SHA1 | 5c24aa8307f624bcfc8af66e62e59314cad357f0 |
| SHA256 | af8a4ba4e90778e99e4dc65b5c15f674a93572f10b562dad9428e7d50ef51c63 |
| SHA512 | ffe682c4e98929448d427133e2e3094e0f98e9788cc2bfb3ad226b90e1ee4e2afe4e1d982f4d48269a7b310b20da6b6e879765fdf58bbf601206b4621a2b4fc4 |
memory/848-67-0x0000000004F10000-0x0000000004FAC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Nurik.exe
| MD5 | 229ca4222f782cf9a4de319a507595bb |
| SHA1 | 31b9891f4f519bf535b5ca06093fa61c12178db0 |
| SHA256 | f827c4f3ead68d8f15ba9447ca69c3119d1eddd917ef36d73494d4844e888dc9 |
| SHA512 | 8a572cf52f0134f417e18df92d49376b444843a8485b7ac33e0ec963c30ad55a71f363643c7da2a7ce52c3eb5eb4ef1dedf050e91d07b06686f34badc0891186 |
memory/5000-69-0x0000000000EA0000-0x00000000013B2000-memory.dmp
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
| MD5 | 7c1116ef335e3d57298a17a0dc63da3b |
| SHA1 | 4c82030db099dd24e6be5cfeada9234bcda47e92 |
| SHA256 | a7a8fb604ff5d7eff7dba47b08254be021a7f4490af6de409a7475da98af98e1 |
| SHA512 | caf030dce4eb52e9ccfd3d0f8746fa83429e64f8061a73c435781b5b390e98aa868f5fb08f839ce706a352fcaabce0d89b7e698955d1f6c14ff38d5bcd7ef557 |
memory/2352-83-0x0000000000AB0000-0x0000000000B86000-memory.dmp
memory/848-85-0x0000000005C00000-0x00000000061A4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk
| MD5 | 19759ceaa66931b34b1ea2d0d29a0f52 |
| SHA1 | 54ce33c4d0b156dd93f2840272cdac504096907c |
| SHA256 | 47047347ebe60aef6f7be93fc2e51d2ac4b0cd7f3b7a17c9d5d052e1a951dd48 |
| SHA512 | 53cb96ccbed95281c53fcb0846b9fab173e5c98cd120aab63e3c877e2bc8a1e8ba257abf1f114d2decc7228ca5cd70a7f00cec2bc2dc2e7960df0fb31ad90611 |
memory/1520-108-0x0000000000400000-0x00000000004D6000-memory.dmp
memory/848-106-0x0000000074F40000-0x00000000756F0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nurik.exe.log
| MD5 | 386677f585908a33791517dfc2317f88 |
| SHA1 | 2e6853b4560a9ac8a74cdd5c3124a777bc0d874e |
| SHA256 | 7caf8779608c167ab6fa570df00c973aff6dee850bb63439770889a68c7cdae0 |
| SHA512 | 876d2269e25a4b2754bdf2c7e3c410050f885d7e6bd8abce41c5fc74ae1f8c549b2266dd1588c750f614063f36c8a8e5008cea610505897d04e4ef5c3adc52d9 |
memory/4232-94-0x0000000000400000-0x000000000045C000-memory.dmp
memory/2536-91-0x0000000006160000-0x0000000006216000-memory.dmp
memory/4740-68-0x0000000000B60000-0x0000000000BBC000-memory.dmp
C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe
| MD5 | 071179a85937fdcdd1e7853647b3295b |
| SHA1 | 86cf73d4385e9fb7798ef111fb2216575a4f89d9 |
| SHA256 | 1b65d87e4f452e62e0365924b15814b10a5fd685bfe1b780396684f76961fdd6 |
| SHA512 | dca54bf366c81c512430fc49eb6c882b0c71da95cbf9b75a8c8a061a9b537a00033572900aaea0f5546f0274348f462284c1e344d5f3bc53410e0a308fb9f6fb |
C:\Nursultan\bc09q.bat
| MD5 | e97fad1a36c0fa03ea46e8a8a6e5da1a |
| SHA1 | 1febf8469161b6d435c8e08b28b599502a207ab7 |
| SHA256 | b8b17538cb450d83232dcad0019c28ea7b5ab3d6a9b16dbe30c449329fbcd593 |
| SHA512 | 6c1b8b00f3755d309b562126226687da9f10220c1504479d2a5525dbdd8864c9a37e9d3392e47adde3ae8121fdf5e787ea3e581be3e89b3f3245094da85f49ff |
C:\Nursultan\Crack.exe
| MD5 | f00e2a0e9f7ec6e13e960670d7bca9cb |
| SHA1 | 5e27881f87bb77136b21229a6fb67e076d06db40 |
| SHA256 | 8dc2e1698909f50c91cc2199a13ce29931f80856854845e27541840e3722df81 |
| SHA512 | 85850eba79e82d11f1b258ece3f6e4894dda54e1ff63f45890d9ffacc7b6b171ab9cf5b1c7400fb7419599a3f44657346adb8cfb36924106f0f48794f3109aba |
memory/3584-118-0x0000000000030000-0x0000000000350000-memory.dmp
memory/3584-120-0x0000000002450000-0x000000000245E000-memory.dmp
memory/3584-121-0x0000000002460000-0x000000000246E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qj5zvdok.5ms.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3752-123-0x0000020B7C360000-0x0000020B7C382000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6d42b6da621e8df5674e26b799c8e2aa |
| SHA1 | ab3ce1327ea1eeedb987ec823d5e0cb146bafa48 |
| SHA256 | 5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c |
| SHA512 | 53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a7cc007980e419d553568a106210549a |
| SHA1 | c03099706b75071f36c3962fcc60a22f197711e0 |
| SHA256 | a5735921fc72189c8bf577f3911486cf031708dc8d6bc764fe3e593c0a053165 |
| SHA512 | b9aaf29403c467daef80a1ae87478afc33b78f4e1ca16189557011bb83cf9b3e29a0f85c69fa209c45201fb28baca47d31756eee07b79c6312c506e8370f7666 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 04f1d68afbed6b13399edfae1e9b1472 |
| SHA1 | 8bfdcb687a995e4a63a8c32df2c66dc89f91a8b0 |
| SHA256 | f358f33a42122e97c489fad7bbc8beab2eb42d42e4ec7fce0dd61fe6d8c0b8de |
| SHA512 | 30c5e72a8134992094d937d2588f7a503b1d6407d11afe0265b7c8b0ce14071925e5caed13fc4f9c28705df4c7aed3601f81b007048b148af274d7784aa5fb75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2848_FWAYQEFQUFQERCDD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa6961b6c2ffce2e800a1a2a569099a3 |
| SHA1 | 7e15ae483663f345f4d3d4a22a629c92ecde143f |
| SHA256 | a2adfe09bc784b7c29e3e809f2041722324dbf130807babd265bb2de474e95bb |
| SHA512 | 595fccc3ab50ab1c62f9435ae339ab898626315873a8d0516c8c702ba287f9a63d1f60f0c4bb6a4dab08c84bfe232607010d27db91f5abb3778e97a6445cd024 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Crack.exe.log
| MD5 | 5cb90c90e96a3b36461ed44d339d02e5 |
| SHA1 | 5508281a22cca7757bc4fbdb0a8e885c9f596a04 |
| SHA256 | 34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb |
| SHA512 | 63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6a2337611329533bb9f587e0bd08ef8d |
| SHA1 | f91833b910dc5a90a5a0bbc4f4f8133a9455ebc3 |
| SHA256 | cd24de6e71b5285a36ea4b66973869de3d50e7ce8045d10df3d6399a477009a4 |
| SHA512 | 40e6855e9e540f89979589abc5f7b81059eef214b9ec48477c6656c0ffc8e46b22bfd5d07fc091ce9b1fe74e0958d65b6c9c30cfd838a4d2e6af9108760dc897 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dad1169fd1b5a77173c8348516b8e3fa |
| SHA1 | f6fd8d3c94eb4aaab412e1b2b19327d424eb8e11 |
| SHA256 | 520cb76daf8bae9180c0fce90247eab1cc9fb0774a69d97a2d20d46b683a3281 |
| SHA512 | 6988a7fd185b25b7624939ef84cb6e466873e6dfe95af680bfa42174420a2ac9fe88aace08e7b5f04adc095b9c5084067a56a919ae55b5f54ccbccb192e2aabe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39122d2f8ffa3772f606567f47a8cd18 |
| SHA1 | a6da77d0be4fcb53886720948075070cc54a97a7 |
| SHA256 | 5771d4bff035467a03e3875c178b8c42b276bb6b3dd20b16aff2031a5ef9ba43 |
| SHA512 | 18d83f90b5057cc9b64359dcc286febb4d3af3d3075fd8e4b1922132d69df10873025dba4ae24838d8eeebd296199c682b4f05174ac84ba741dc3aea6aa31428 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09ae786aff14d21baa84f433022decf4 |
| SHA1 | 7b4f2ec18a2880cf9d4ab007b2a92087b5c81d9e |
| SHA256 | 4d3d869624809eeaf621207c791435002005f189b49a7e0ecc81eb2d11a2079e |
| SHA512 | fd007ff1001f9146f9d3e017d030d06c8b5db89255858f52396d1d93077a73f196baa0fab77472632d00858119a4a65e0f4c386ba7a149145f836096c4ecdfaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b594.TMP
| MD5 | ed2db914561daa438648c0c3395dcbe0 |
| SHA1 | 10928ae0c7351ac88b6cffe646908799b215d7a1 |
| SHA256 | f3610dc52d9a0da55c6ab67a87420cb3eaf58be486565d2801b4d69d55681eca |
| SHA512 | 89accac5963e223e082c267418754f517821373de209926f67dbe8bc7c4689501bc86628f3c4877a4c6687ad6dbdd824fbb224e51eb673926c9dc1bcaec6f200 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28923dfcdc22f19773cde9d25085160a |
| SHA1 | 14cf9ee8e4f9bc88c142271a5b2bbc0e6f865875 |
| SHA256 | 29106b45b6397f0e8b45130194d186cd23c67cd635264ce973ccd868b5e760ca |
| SHA512 | 3a16360c07f5247b0c7c64943489677ebddd5dca626748b6f8e3fc84ea7590fac784bc84ff5f19f0599858917f8ba891268393330c2bc23f3c6508372434fe8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02520cf0d32faf36cf1b3dc4a5cbccfe |
| SHA1 | dbef7aa84a6d9a1ecb14596402af11753aa610d4 |
| SHA256 | e314c47f35713800baabf3cbc2f3e91316a98b18797933a0bb44bac16839acc6 |
| SHA512 | d981a955358f01d2de325cc4129ac93b015592c24dc49d73d4ed72f2d049e30a37fe6db8725b98e4994577b4af06577d1b04b7f654b3b38af9f3b72e50b28eed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f9e43bd60f6c4a01eee24135d1af46e |
| SHA1 | 248b9b30dcc1e72aaeab47cf9e637eface3d3cb2 |
| SHA256 | 5ad8568854f7f8565bdb8f2212286ccd52e14881df73eaadbb2c5b3473b69475 |
| SHA512 | 067d2145ea3583165b935adc87ab7e6170f8ebb1b4714a38e58b31ac47ad422f92afd0dbb927cc94d91c01d3273cfa86afbb7c9fd4af6c62c5f58f4f2572651e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a1d65915983958b763e37b320945f6cb |
| SHA1 | e8ae20c71cd41078bab1a758fa74f59244ffd74a |
| SHA256 | 261b9e858b9ee63ed2b57d4b5f73b74ebb09f45d1d05947fa59d8042a12ee50c |
| SHA512 | b0d548408ed0c010c291e6a4cef0f32041810742391f01a05c515101e6da5a3579fb2293dcb49034502961d5de9684694325c7d47dacc736db1109914c524ace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2bbece15b03af95e4a0ffb953b3b6cc6 |
| SHA1 | d57cafe9b0223d5a4ca4a434caef6220fe452412 |
| SHA256 | da8fd90b899e153115736b4f1e48d69a85dd00792d4cc80dacd061cd43372000 |
| SHA512 | d2ee84f067c24f2b44c06a84def526509863f00bb7132234b8e2b65e0d02cd37a083d8bfc4e2af55bb40d12f3bcbf0e63f434244c583fda6e3b46ff6bd7a306e |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NurikCracked.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b67908e0308ed715bdb2f44f55cc5783 |
| SHA1 | d9c94ddd7414d98c01bd3db352fd4b1a716bb960 |
| SHA256 | 59c0a6fbb54789c95f43d0ebe078a587fc10e6c3d5f287a324aa45585fc960ed |
| SHA512 | 3eb95d75765277c6ec643c2cddf118bb276b404c24b26b874e3d077a3e629f6125cf6a0ffcedce2b0358ec86d543bcf2bb0ce9889acb0075e06927c8c46c1284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2bf7eb081904dd6f51e09bfb68d3a438 |
| SHA1 | 33d80575aa509953a3c7b69b1dd939c94200ff78 |
| SHA256 | 2b669fb34b82989ca9bea80c9c6030014cc4ad379080d957321d623646c43dbd |
| SHA512 | 7430961e9b2f396bf1cd01bf9014ae9e3620cadb098d397971faf764284ce21e0f816691f84ac996a2c6d5b0172e23b5f1f54ef7a01d8cdfef89869a627ee5f7 |
memory/4724-511-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-512-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-513-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-520-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-523-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-522-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-521-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-519-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-518-0x00000142DB440000-0x00000142DB441000-memory.dmp
memory/4724-517-0x00000142DB440000-0x00000142DB441000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk
| MD5 | 7333dbbdf4f6fb5b15981557a934e0a8 |
| SHA1 | 4a40e68c660377fd61c3903e353828784e35475e |
| SHA256 | f4bfab6eddcb44f2819092be06c7fcc6b97a77b39b8fe4b98615d4e60fc683e0 |
| SHA512 | 0bff18ed66afa13f6728c711151beaf7d2bdbae431a016d27f41333243855c93ae924cf7e776f2b34fef12f534a8279d6958a0bee2e40606f0b8e469ccbb274c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6753cc3287975b8c745b5c10c81bfcac |
| SHA1 | cd4ad325c75bda80ecb9ac2d8bc225989cb7bfd5 |
| SHA256 | 99d8e41ef9bcb6dfe8b538e47495f748f3cd7ef4b0bba4e659442987efdbc51e |
| SHA512 | b47daffed8a00c41ace4877a64f3d384c6d05979303f1cb174fd783cde40378f943afe2a0d832c8d45b8ee5a45811f793b40ffc79009e219c5ddc2e3d0c4a502 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9c90377379be158e3c75986ce0c3e34e |
| SHA1 | 9d07a94e1aa3e6477c7da1eea75a533e4b93be03 |
| SHA256 | 8de627a4a41f97c2ace4d73e3feedf7258f19f5ce7eb58d83d8c21dcbce484dd |
| SHA512 | 60f9e7d072e1b7bdfbde6cfb1c973d392f8e21d95401d6500c39686bfdd63b58091ce2d8e4d4093b5790dffcc7fc20a48f6178b99318349c8b6dddcea5d7b21a |
C:\Windows\Temp\{48EA2440-3BFC-48FC-A819-C8370D976AA4}\.cr\dotnet-sdk-8.0.300-win-x64.exe
| MD5 | 3e5623a5ff8d3523bf9baa47ba4be97a |
| SHA1 | e2c83a2a7e591aadf891364f88030880f227058b |
| SHA256 | 09b93545d93cf4feaaeb5f827d91bea5581dd2f7045de4b02f77d42c9dc0f5ce |
| SHA512 | e6fd7e4f9f9954dc91c1e3e90ed24d073960e0cbad41e15c53c4bf2660bedba0f6f8405554a98bb3b0e210856756e0ef3a79d297055c4ebe822233e6657a9f65 |
C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.ba\wixstdba.dll
| MD5 | 87c8a7ea44e8ee0d9358e25b7dcd397d |
| SHA1 | 0e2021be823fee499175d2c0d68346d15c02a376 |
| SHA256 | b7de0a0ca3a94738747abd708e30ba1f9638a8c8b7d8173c76d4f39fae3d9346 |
| SHA512 | 98b5bbe5bb3ec331a0025e3da209296050b2f695be5a4b90b5c939f8fbbaada6dd93483eba779c10151546c2798aab5282fa619a55ec0cf04f56a03795a0a3f5 |
C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{24F89BE8-0E75-4F13-9171-C2BED1468DE4}\windowsdesktop_targeting_pack_8.0.5_win_x64.msi
| MD5 | ecc61fc4446eea417696e929f43fa891 |
| SHA1 | e197da3c227187b67cb2343e78e7de6955bf7217 |
| SHA256 | 1b0a334e1ef3563c679fe7b6ab13b5b460c132ee52a95872e5de0d96d3a675d7 |
| SHA512 | cb772e282b7f9845f79de09e4c74f61ead830b7fcf261db101fdab6ae374c5d3bac05961fd8f0e23a884560c8e88b95fe61f84f2485c25b99d2d80795f87d99d |
C:\Windows\Installer\e5a6cb9.msi
| MD5 | f515c54d4ed80fe910e9ed252111adda |
| SHA1 | 0ca07002ca35e4f01818f9aad91b9f16ea9c4f90 |
| SHA256 | 23dd0b88aaf091992aadc29cf3845f09e6c6ee385395e86c6b735e7899af096d |
| SHA512 | e93af9c67e1cdafeb29abb6df9eb7ebb30e2d300f044bf6144543c1d6983f78b1e59384e43a1a1d18a1a97e0f68872f637b1fb98ca2763738ebf5cdbc36b0f3c |
C:\Config.Msi\e5a6cb8.rbs
| MD5 | 557f18c3ea86f37ce9643aebf57a21ee |
| SHA1 | d51db96fea475e0993d77f446cabdf70f6fdf30a |
| SHA256 | 588157b2ff000fe8187eb291193e75b84cf2f0a5865396c2ed89ab56248a793d |
| SHA512 | a9632d2205d5c8808295a6f81a0cfab4156caa562a4d6fb77bff954d5346a6682177ebe12d503f1b553d460c1999d92286d00654b219ba1072ae86d31122c031 |
C:\Windows\Installer\MSI796A.tmp
| MD5 | 8edc1557e9fc7f25f89ad384d01bcec4 |
| SHA1 | 98e64d7f92b8254fe3f258e3238b9e0f033b5a9c |
| SHA256 | 78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5 |
| SHA512 | d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd |
C:\Config.Msi\e5a6cbd.rbs
| MD5 | 23c53895a7f8624ce162b3f087a17d92 |
| SHA1 | dbfe0fac08db3c4a23c657267300af4ff1a9ee65 |
| SHA256 | fc148ada6a7692d04dea01de83420698f9b4244152a283ad89fbdaf27f942331 |
| SHA512 | db88ceef7bfffceed513973fe1d308c21494a55d9418a51beba069fc4ac11ee33404f6b7c9a0ba36942f0c78511b3002653afd329a649b783c6ef90b5496c118 |
C:\Config.Msi\e5a6cc8.rbf
| MD5 | 33b4c87f18b4c49114d7a8980241657a |
| SHA1 | 254c67b915e45ad8584434a4af5e06ca730baa3b |
| SHA256 | 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662 |
| SHA512 | 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9 |
C:\Config.Msi\e5a6cc9.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Config.Msi\e5a6cc2.rbs
| MD5 | cfabc9e91e337cc9aceac235bef3e534 |
| SHA1 | a60828d936a90f8e54dc5accc30e4fb20ad23496 |
| SHA256 | dc06e88d4bfa5b6620d7a1c41a7a13f8b2d8ca1d4ab244a99cc5179c8c099919 |
| SHA512 | c88a3562ba0486798f98d6692c570a037307888aebb6245848a16379ad5c2dcb7236d6a350a5e278be2e912daeb686e50231bac7e3a4914a6013823c5d407b6c |
C:\Config.Msi\e5a6cc7.rbs
| MD5 | 536523e8dec0164461bde053a1f55f6a |
| SHA1 | aaf8ef3e53093e4bf6317526f8fa1403ccd4bf39 |
| SHA256 | a244a46750a920138633e88f25658af858fa98f1c2c44ac422e7f080ded202c8 |
| SHA512 | a0f0829c51dae2cf162abe4e959619d0687a8f108d8ace937b5a99f5f74679f244ccdc8d616ecfbe5a51e501a73d437de5178ff9e1c2e89a3f7023d5b16dea4a |
C:\Windows\Installer\e5a6cca.msi
| MD5 | e88a6f08d2bbe974b89979f71676c1b7 |
| SHA1 | a00841527ed694c9314f686d379a3979164d2808 |
| SHA256 | ceeb7d052b2bd39fc15ffa3b578b7dcfbcb5b5a182a693afcdd6646433a3482b |
| SHA512 | 7f2b4f2402a60384d1054f9311c7a02bf4c3455f979269a8c708644d74774c15100c767b062f965c2e6711c8351699b1ed4ce22894585f99e3c64956a2e6cee6 |
C:\Config.Msi\e5a6ccd.rbs
| MD5 | 16ea75b2fad2699969c4119ccab1ed7a |
| SHA1 | 03c56799655e912de128b7be20a7b19184bf3f16 |
| SHA256 | 0b5d6d6a29a7bba4448c98491446595e9775ef9ea85762172a3f3e12e8dfbab2 |
| SHA512 | 9255792e6a9f69cd1cf088b38163db525bc956d3f09544e53f25951864e4dd9ac27409cc17cacfc7d2a814798433694d38d10f3217b69d3ffa17273f39dba476 |
C:\Config.Msi\e5a6cd2.rbs
| MD5 | ea03c45f4b0cc732d6cb684fe8dbb10b |
| SHA1 | 1b6d29c21efa960dbea5ea8b3d21968707da6719 |
| SHA256 | fbf44c1d8a468440ca7702062abbf0eb674336df154778009be2ca63ec0fbc40 |
| SHA512 | 7abfdae3023b8e1ff3ab46de7d6b17c78dcde93958a9a270caa3eb63e00848c17f130428d10192d97b96a0b0e80c1a6cfae27b0c10192672390f1a137b4449cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05bc01c99bda29698088d14f6360a994 |
| SHA1 | 1c281bde3d83c8e825881252f38cca54a0ea7a32 |
| SHA256 | 564923dd0378cd4958e7b511beb83f76842f470204cad3e8a2164a39ac2996f5 |
| SHA512 | b1ddce634807bef975a0765ad1f851be369f267ab5b03aff080203e8f3c3a2efa9ee6d54848546082dd29dbb9dc31cb963cfbbd43578bbbdf35283ec496ba573 |
C:\Config.Msi\e5a6cd7.rbs
| MD5 | 3924a558ff3428d5f8a6cd1672a93e60 |
| SHA1 | 8d477a4e5286d7abd2598c5bc6edad01b51b31c1 |
| SHA256 | ba2b2dc3ca6e90d6e59a089b251d1efe7bc390a054da9de1e82124ee1ea2ae08 |
| SHA512 | 555a2a550c71a3645e1982f28b85561906f6bd078307466f45798a39ae19a8b6477345bdeb053d71b2d29cc1bfa55bfd7366a42b2825c6e6a25e5cbde7715c0e |
C:\Config.Msi\e5a6cdc.rbs
| MD5 | 7231d3396c967f612c90d5b1126ac586 |
| SHA1 | 34c66ccd139238e6b856cde25de95aed208f9ea2 |
| SHA256 | 8b6e466f7674100880d6a04bfe479512b41a912afff0bc7f11fd6bdd4934fece |
| SHA512 | 07035f65678d83e9d9de5b5b32df6c82fd5c6fd8319d5ada51f139aeedbd9f67732f778d8749f072c8aa67fd5fb6e47456e6a4d678cb756d265097c67694fdca |
C:\Config.Msi\e5a6ce1.rbs
| MD5 | 60c02f1d0f2994442e7b44daa57f0911 |
| SHA1 | db0825f71648fba278466d7bd8142cddea40bc20 |
| SHA256 | 8c61317e3d80de37dbbff4a463337b61b3a81bf2e76ee5a5367a4ce4a865b9df |
| SHA512 | 96442be20ebba662aa39ddf2bafdc1e6e8a7f96c214ec3059945333c3cea3ee9d1e98a6f2b10d10ed659457121d1c83faf51c5d94493263ce52e875c43fccfe5 |
C:\Windows\Installer\e5a6ce7.msi
| MD5 | 2d8a9f00fb0887ffd890b622aecb2da5 |
| SHA1 | 16c6686b4c44abd01ed814d218528fae411fd87e |
| SHA256 | 2edde9257410ad2303baf9395016558e398674e2c18e9774e46c9f8cab1506b7 |
| SHA512 | 3c2236f4ebe388fc6276d555058d4cfb72c67612ccc947570155d10297076d748d6b1f8fd8b18ae477951c2a20d74c0994de2ff0b19ba247a84a63de8eb24eea |
C:\Config.Msi\e5a6ce6.rbs
| MD5 | b97c378347bab4b4f9b95483104ca4b1 |
| SHA1 | 47d2278ccecd23a80ec818652182cee5183f86c1 |
| SHA256 | 3b244d79cbddb8920ec247f75b994e1627c8d73f11ef6fa57ebfd820288a2c75 |
| SHA512 | 691a5f0637de08c5d88b86af5389738a042b9307abc4cc557cc0d7a86aeb2f68674b1febb6908a3abea5b05b3067a1eff6b0f12a657cf45657b1941a278ac861 |
C:\Config.Msi\e5a6ceb.rbs
| MD5 | eb99d8e60e8618f71d43a955beb54af0 |
| SHA1 | 7aaf67ef47fe1a1cdd5a4bd9e2a19782151356d5 |
| SHA256 | 68c65082c368e74a657a48d5feb260faeb230ac22d72713f52b08cce282b074f |
| SHA512 | a5e477d097d62653db5849ab35e6d2a457e1c35fbf571a6ee4011129ad489f0b1964a48f68a9987beaffb698918aa31602ada2cab0d617e003ec5da94b30611b |
C:\Windows\Installer\MSIB095.tmp
| MD5 | 60e8c139e673b9eb49dc83718278bc88 |
| SHA1 | 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56 |
| SHA256 | b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb |
| SHA512 | ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103 |
C:\Config.Msi\e5a6cf0.rbs
| MD5 | ced82889e4673a5a49ef832cff453b68 |
| SHA1 | d9838c29570d6629681bb83343805b4114ee7690 |
| SHA256 | 87a5950b4d3b34642118b90483fe04849fdd53adc7a83a112f9092c76869160b |
| SHA512 | e23a91ff8f9fbb6e39a6e75714c0ddabad0bd0e337c0d6cfffd26cad9d65389628bc1cbc193f90eb7f132b6bb9751f5af434500acf7cdc9404cfaeb00741425f |
C:\Windows\Installer\e5a6cf6.msi
| MD5 | fe1dae231d859bb8873a1cfb4d10a780 |
| SHA1 | cd11a4fc943785281145e7d94817be6e3147faa4 |
| SHA256 | 0a971de7da8d04d1cc0491f9d16bfdaec605dc7eec0d7e7df9844645e58f75fb |
| SHA512 | 76608d7eca7df522d23636bd29439280db828d1e0ad1fdba7e22e12a5cd740ae9d7b3c90c2840085686279ce0e015f477f4d4270c944c1ab9203f138aa14b486 |
C:\Config.Msi\e5a6cf5.rbs
| MD5 | cfde3c1b2b31dfa2fb357f4837067d9c |
| SHA1 | 85d604ea9ab8075600fa22ea87011954bb5883d6 |
| SHA256 | eb3148f17406771258aa88a79c21205b8a8f4ccd2982274cf10398aec13eabae |
| SHA512 | a0e6d5a66b2a1ea0f095b0d3243d1d3ab5832804059312e6fc4b9c2b5a9bfdc39cfac98e420dffe1ff18718637718c6bebbbc573181a12bd9a35f7d392368653 |
C:\Windows\Installer\MSIBC32.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Config.Msi\e5a6cfa.rbs
| MD5 | de88c0189c4e21efb7310acda6dae228 |
| SHA1 | ea824726ee71313a5a071efcf87de493147b88ec |
| SHA256 | 62747b47eb53dcb21c5167984ccd2ccb60ebb8373811aaa1acdf77ad44c4352a |
| SHA512 | de381b9b964a48fc64368f43d8bd1bbc1765ac2f90e8ebe60b57248ebb34c25c8dd44d8b53788187be0321705c19801bbd91f3930cf604fe360155814dd4fbea |
C:\Config.Msi\e5a6cff.rbs
| MD5 | 7767d246883c1cb5e7bbd820621c7fc1 |
| SHA1 | 73d6d95f469ac083c2397e1f0f4c2fd76050da08 |
| SHA256 | 693fb8113335c57d24e7795b6292460058a1d7a30d7b911df90cbb50f1683cd3 |
| SHA512 | a5feb6bb2bcdd427af3ca757aa41fbd4a98464408b4dc48443250f6752c37820ca0bf48c213374247998c1d4e63ec6b6d1808ce8f11b1279ec6703784572e4ce |
C:\Config.Msi\e5a6d04.rbs
| MD5 | 5e6bc937ca30316964b89a5e7346fac9 |
| SHA1 | fd5450f7bc88875ad08162d8a7cf890b7fb11f7c |
| SHA256 | 79396db8bdf4701bf02862066cce89eb2a817234d808f479901ad7db0337a5e8 |
| SHA512 | c86f381abbebfd338d678f366542d75191e84127dd511c943be42f36cfbb8c2689261b7422b92f81d8108f403bef373581954f075b55eb40a6decc41ffa504a9 |
C:\Config.Msi\e5a6d09.rbs
| MD5 | 028aaf2081dbe1974fb2c4850f033a7f |
| SHA1 | de2a6d1910f3bfde39619b11481e0a7658727fdf |
| SHA256 | 4075d37aeca75511edcafe47b780cf2ed7a373574b80a230875c48e1b8d87aa6 |
| SHA512 | ade89ec913e51a286168d14dd9f1cf8531d231f75c3db33bf58a5d53e9db6caec09053e1d3de66f986fca9fc4d10a00a1f4620cfc53e93034ca9635444f19b41 |
C:\Config.Msi\e5a6d0e.rbs
| MD5 | 031320b99ae05c663433078d16b05679 |
| SHA1 | 07e667668fb4ffa5f4d2feac6619c20afceddfb1 |
| SHA256 | 28239eb74d25c2d95d39ddaa1ed99c7091ae1ddf8423e55d4eb2e8de0544bcd4 |
| SHA512 | a20e9c8ebc98a8e26365b14caf29ab37f2689043ab80d00bea9989b38d28b2ea20904daeeaa5037f43126ad0a4c5245d30cf35b65ab94480d4627d8d6818ac6a |
C:\Config.Msi\e5a6d13.rbs
| MD5 | 710f1a543bb6901a4bbae6a2506ada52 |
| SHA1 | 943d6341c5121dc3ed12b0b405236b8fe3611f05 |
| SHA256 | 3dc4ee7282af38af54e00130ee3cbacc903b8f5c13056e5fea6f54fd1e0a3018 |
| SHA512 | f88ff2c73f6842d42af4226c4558c83a3a518525fdc8409528f8f2d495c32b2e72ba8c89e51d7ca8caf8eef929d818605d1ce210b63bc5eca9f7d6fe9556d436 |
C:\Config.Msi\e5a6d18.rbs
| MD5 | de7d68f3bd35caaf0be694f34cb84aca |
| SHA1 | 4cd5f2805234ea6660d1337dc8d71deb5779c665 |
| SHA256 | bb7c8ef889962a672b1ae6ae291f9c0ea0d09088199137e5e8a074e646425bb4 |
| SHA512 | 04091b7c43feeaf561ce0ec8d08963f0dc7f28cb2f3b51e1a3a7be3dc2e2e7dd9c03f6ddd81676b010115bb5225beeff30b7a935a3cacc5917d746cc6528c3c7 |
C:\Config.Msi\e5a6d1d.rbs
| MD5 | 244a7ff1ac1bd99624f6ba5f04bd7f67 |
| SHA1 | 8179c442c820f3cdb46832947a0acb47112a88d2 |
| SHA256 | 09ee69150bb69383c9bca194d1318523f52293cc05f77f3f852fa92f52b34de7 |
| SHA512 | 6d6fefbb396d8c1f846c3f65fc564a5df233b6a46bb05b44b4ff82bc1b5d565d8328a4ae3759c9c92f59656107acba5106ba51d1253a0aea29363bcf8d96f72c |
C:\Config.Msi\e5a6d22.rbs
| MD5 | 15dff3e506cb5bc9c483697ab0a4800b |
| SHA1 | 690ebff49e2c70061904d824c060b5fdc361f0c7 |
| SHA256 | b872f4cd3163f4ca888b72aa31669c001f48c29074d1ba360b4fdd0b30a16c98 |
| SHA512 | f32c88596a8bdac11a148ba815f88f257a42041fd3a310704c24fd70fb56f45750b02c6979d90156b8ece74d887b4c3dcc619ecf9307783587f1f68bcfc32a21 |
C:\Config.Msi\e5a6d27.rbs
| MD5 | b46ee5ded76537ee834c8e1e7b3f642f |
| SHA1 | ed371883dce58fea14eb8c2704b10cbbccc2e33e |
| SHA256 | f68cff0be695c98dd1fd147b526781880fb9081c698e33d16645f570273b456b |
| SHA512 | 45c72f7cd4dbe2d50ce464bffca8499c6acdb7871435f888bc5a60e6a3a50e9c0581ea4955cf68be04ec1f6409c67e9cd5cbbc8e5f25b272c78191572aff5032 |
C:\Config.Msi\e5a6d2c.rbs
| MD5 | 2144b79894e89590cfc51453779e53e6 |
| SHA1 | 4e2562de9e5ab9a59a8801027f63868ced63d53c |
| SHA256 | 8a322115af876528b8f6f949b61e37dc898e839b813b4f99c5c2e3d2c575fe2d |
| SHA512 | 0d2fb8775db026c70b393334c3375feb3f9838891ab03d012cc94dea1c34ab7b0d13c851353ddc0799623e15155b8b8d0e7c587adf2d45880d5c0f99fb45918a |
C:\Config.Msi\e5a6d31.rbs
| MD5 | 423d1ffa774660ba5817afa191cda7ac |
| SHA1 | b43934413d24f5bc6038ef9a07c461ac9541c644 |
| SHA256 | aaa63100343d085e8e35ae379834720efaa4de6d9572e55a041916a40a909bff |
| SHA512 | 56c0b437670b78d6c9ad60b05b2e1d1f9e5e77c796052a19c6412cae15750565716eb987a61dafe7410044eb1269cbfda26dea53a4eef533149ad80b85cc165d |
C:\Config.Msi\e5a6d36.rbs
| MD5 | 9b18bed1d2932c44bf54062aa22cfefa |
| SHA1 | ba631e4d0d7703b49f21f5a65eef3a0bcf96f660 |
| SHA256 | f719909aecd69a09c0a498dea953923ad4eabe14647adc6c4f7d940dc825d695 |
| SHA512 | 3fe54800cf8860780cca987ad913796dfee66b6480bf48838058d4cc30336e4a8ecb856a18b29244b122a3812bbf6f95b6b20d355e1e2173d473a859e9a55a91 |
C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\testhost.net472.x86.exe.config
| MD5 | a22cdd3374234d3a50c2ace2dc33a63f |
| SHA1 | d71bb2417cb805c3da21ebcc0e1ae5a102823c9b |
| SHA256 | b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874 |
| SHA512 | 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Text.Encodings.Web.dll
| MD5 | fa9d0d182c63c49a4c567f7c1652b6e6 |
| SHA1 | 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc |
| SHA256 | e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84 |
| SHA512 | 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll
| MD5 | f09441a1ee47fb3e6571a3a448e05baf |
| SHA1 | 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde |
| SHA256 | bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f |
| SHA512 | 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Program Files\dotnet\sdk\8.0.300\zh-Hans\System.CommandLine.resources.dll
| MD5 | c182eebde556be386ca5b656974993fa |
| SHA1 | 864aab5c6e71bc3537612c2541e7737d02e6f4c0 |
| SHA256 | d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd |
| SHA512 | 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll
| MD5 | ea1fc85ccabec5aa1ae22452afbafac1 |
| SHA1 | 8ea9da27d9335f80c76867837688218b78311148 |
| SHA256 | f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483 |
| SHA512 | 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll
| MD5 | 3f14df8e4be6100673090c43eb3c3476 |
| SHA1 | 61c1e35aeb6cb477077416f050c344fb18f5f87b |
| SHA256 | 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2 |
| SHA512 | 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c |
C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.targets
| MD5 | 5725a6d47308db618d015c3e55dd499c |
| SHA1 | 9b3e1ac8d62d522505f57fee89a249ac33325edd |
| SHA256 | 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1 |
| SHA512 | ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ru\System.CommandLine.resources.dll
| MD5 | 7717b3eae55b3ec74f40699c1b9896c0 |
| SHA1 | 1483166af6059633de2e20545bc3f3cb6f035304 |
| SHA256 | 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02 |
| SHA512 | c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Text.Json.dll
| MD5 | 63f1d0b53ce47b0ac3216281c8bcaf24 |
| SHA1 | 090cb7392ed07a94d237b5aa2175689faaf49b7b |
| SHA256 | de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb |
| SHA512 | 386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521 |
C:\Program Files\dotnet\sdk\8.0.300\MSBuild.runtimeconfig.json
| MD5 | 29b1d428243138af5176ef6b2c1b2c99 |
| SHA1 | e056c83aa5dbbef653ce26a02eb05eb7e54cdc75 |
| SHA256 | 6359ce84d5ca840557e9b26b85499f2ac90dad7784cce1071b3fbdfcb3aeb7ad |
| SHA512 | 063d2d52f6bef27945a31949c1cbeffa23ecee8d6b225d7f64189ab1b2fcbd4387cd4cea17e5a0c3bb32d14fc80417f7a4a714742c03035e933fb888fee9def6 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\zh-Hant\System.CommandLine.resources.dll
| MD5 | 9101e8227a7ab83cafd27e4ec222ba10 |
| SHA1 | 3a80807f7cd695bd9258eaaadf8b2d7dccefc125 |
| SHA256 | 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e |
| SHA512 | e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\pt-BR\System.CommandLine.resources.dll
| MD5 | c7f0f7e0a7562225d7b60b88459bde92 |
| SHA1 | 96c432044ecf7d346e09c6c46f5ca163396d97f8 |
| SHA256 | 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353 |
| SHA512 | 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999 |
C:\Program Files\dotnet\sdk\8.0.300\de\System.CommandLine.resources.dll
| MD5 | e771e643a2f47b5d527aa4dd1e857aed |
| SHA1 | ddb6ebbdc354122989c67ed9cc2555da640b16e5 |
| SHA256 | 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15 |
| SHA512 | 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | ff34978b62d5e0be84a895d9c30f99ae |
| SHA1 | 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85 |
| SHA256 | 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc |
| SHA512 | 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\fr\System.CommandLine.resources.dll
| MD5 | aa8eeb801d74a4e562fd8c044e03fa8c |
| SHA1 | 8653841bd62dc74f605f608ed8f354dd692faaa2 |
| SHA256 | 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b |
| SHA512 | 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\it\System.CommandLine.resources.dll
| MD5 | 4e92ced559ff6f26d238fc5393dab39f |
| SHA1 | 400983302371c5a7ba38e3dba8fbc4c5f8192018 |
| SHA256 | 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471 |
| SHA512 | 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ja\System.CommandLine.resources.dll
| MD5 | 5d26652b0f420ca6ba2bfa00b84eea38 |
| SHA1 | 8dc1d2a7cb6b857344c120544f842fccdaa97e79 |
| SHA256 | 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c |
| SHA512 | 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419 |
C:\Program Files\dotnet\sdk\8.0.300\es\System.CommandLine.resources.dll
| MD5 | 79e57433e70b5a0a300303dfc5d759b4 |
| SHA1 | cfe5862964f3b389cbac01e157e9ade0031e45ef |
| SHA256 | b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8 |
| SHA512 | 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\cs\System.CommandLine.resources.dll
| MD5 | 2f679e46823cf54660405eda0dbf0842 |
| SHA1 | 29fdcbd753e36022b6308425dad9323e5f3472fb |
| SHA256 | 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf |
| SHA512 | f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Common\buildMultiTargeting\Microsoft.SourceLink.Common.props
| MD5 | a5dcc9e5bf323d748b26652e11956905 |
| SHA1 | 7f8c7a2523d1f4600e0f8bf347d10564cef36780 |
| SHA256 | 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c |
| SHA512 | 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\tr\System.CommandLine.resources.dll
| MD5 | c9c8df325a05d227bc32a5d854713c4a |
| SHA1 | cf9ea69ccebd1ef0bd46beff01254a02c5fb0131 |
| SHA256 | 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf |
| SHA512 | fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 91dba54eca40d3cfaa3ac78a883363f9 |
| SHA1 | 61743c077f10a80b42597a3a968e1b40b52203b6 |
| SHA256 | 8bed1f80f0f88ae90728d3ba3e13b49c408b7642667a2550c5724638d1252cb7 |
| SHA512 | 72993a8a886fa740801b3a9c8d7a7f4fa7ca1db898039728971f1c7c2e212007f374f1123b527dc3c75d3cd454943639435a0b29194fad990cf16202bbce4e68 |
C:\Users\Admin\.dotnet\TelemetryStorageService\20240515205244_6164f1b8fc4e4aea8b3c8cf3d5d8e06d.trn
| MD5 | 97bfc5edd3c99f70589a286a14d09989 |
| SHA1 | bdc25f1adc9adeeb65691cac6ef5ee310dc7662b |
| SHA256 | 2753ee87b488866f3013d903b0109ace984ae8dad3392d87feeab53e14d0fadc |
| SHA512 | 77f1c63ba9a782591c9afb7696a46c77aa874b0a879aaddddb5f55bd23df555429c63d2b2f4219e6c0abe5a9e1825bf4e22469a7337fbda5fb06161eda1b60e0 |
C:\Config.Msi\e5a6d3b.rbs
| MD5 | 5926bd24cdce7928adafcb73435b43dc |
| SHA1 | 9f71b98920273f0df3b30f0bfc05135cf63d848d |
| SHA256 | 719aa4323c481693eb73c48e9fef11851e5158ce107a75393af7a3f4c87b986e |
| SHA512 | 19e783d7010346bbc25ac6336df7a8477728282439456598de556e9f59647fd6d88983121b6f1071377d63f5ef3fe43daed0d08799d2fd055a72637400416237 |
C:\Windows\Installer\e5a6d41.msi
| MD5 | f8247cb4681460bacaa8c44719257952 |
| SHA1 | 3a41a903ae164b823215b195b618c8c3dc159b9e |
| SHA256 | 94b57e7393198f0fe80ccb0ce070a2fa6f719134d7f976899f710aefcbacac0d |
| SHA512 | aeb476c9ea76d3ee8529c3074125833eddfa4cf331d8ac5cd4ff3b7ed48d5c09510e4923593a880851f45804926ee40795273ebfa6cedb8c54812145f11ccf92 |
C:\Config.Msi\e5a6d40.rbs
| MD5 | c9c6881ad07d3f2d7a2659710227b062 |
| SHA1 | abf9ee8af14341cd8c37e2ae592a0a903ae5f073 |
| SHA256 | e2da45a646aa2521467cb25f88aef52e3a067c4570821fa8f76e74a1cedb2190 |
| SHA512 | 00076797a5312f6785b6a64a59db9492c1a7dd6163f142dc858b6bc65507ae6826144fdc64dbc14c72609e50968df0c903f2665cfc2bc2b2eb5c4e87e63bc11f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 284b862111416c280f179f8748fdd96d |
| SHA1 | 60f4b20c9baab2c1a71dcc8e4217f01dc0fc6e18 |
| SHA256 | a4da4ae32b9aaa72ed564282371e99d29c95de2c6560447d15347864b23b8960 |
| SHA512 | a9c26b183b92f0de8c8b119dd58119915a42abdfe17601047942d7cc55f4a21a56c5b6d0b72be04b88783ce8aab3612a40dc803ed25a1d7fdd92160f1fd5a45e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3d68c204c80041c9dc32bcbc44627c4 |
| SHA1 | 56292d26bf685fe8188be4fcc58f0f33c0840732 |
| SHA256 | 951e359b438d47d1cbde508def7c31eb8dc7904febcc15f70604d366e8f1a5eb |
| SHA512 | a7f965ea9f197f53111e3157dca62d20ed47d6b32f54f4730dd677b22f2e17761f80174b3acccb0f8ada1db178684356baf20da0c355bfffd092e92bd340a9e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70e6a2f0db8851d3b10275f0f5794b18 |
| SHA1 | e729bf4bca9a172cdd97d4e8c57bc57c3ba69918 |
| SHA256 | 5fe8639e0465fcc1ee589bbe57e7683578e31ff8dbc8a17a83d393982efa6127 |
| SHA512 | 3e296f236525dbfcca69e910658fc02db2d15f0627de8ec1dc1d2e064c0b39f50aef8cd5b91d027f433023f59e9feb59dcc6bdd43485b1f1fad39d6f5a989926 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b009d7d5f73f6582388a6f7a63fa67d2 |
| SHA1 | bbe691ec7d6d322e01dbe3a8ab200e1b47888555 |
| SHA256 | ba1301cc14059829fc9c921933e7373aad6d41a54756ef6ec57d7d6ea5b5ec4d |
| SHA512 | b2c774eee0b7040de2467c600c8829c843005b19ea6db0e4976b3ee7c750e36fcfa30664643f075d08c786e921d3ec327d278a8893fa64f9ac9c53bb34e2e623 |