Malware Analysis Report

2024-10-10 13:33

Sample ID 240527-rvtyvsgg26
Target https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool
Tags
rhadamanthys discovery persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery persistence stealer

Detect rhadamanthys stealer shellcode

Rhadamanthys

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 14:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 14:31

Reported

2024-05-27 15:01

Platform

win10v2004-20240508-en

Max time kernel

1242s

Max time network

1234s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool

Signatures

Detect rhadamanthys stealer shellcode

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Rhadamanthys

stealer rhadamanthys

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Windows\system32\rundll32.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\Windows\Temp\{DACECAEE-0F56-4B1F-A5F4-E621AD56323D}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{582ba875-ec42-4505-9e60-ec189a76f52c} = "\"C:\\ProgramData\\Package Cache\\{582ba875-ec42-4505-9e60-ec189a76f52c}\\dotnet-sdk-8.0.300-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\sdk\8.0.300\tr\NuGet.Configuration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\vb\ru\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Net.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Security.Cryptography.X509Certificates.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Metadata.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Common\tools\net472\de\Microsoft.SourceLink.Common.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net8.0\Microsoft.NET.Build.Containers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\vb\pl\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.Fixes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.5\Microsoft.AspNetCore.Mvc.Cors.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Mvc.ApiExplorer.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.workload.mono.toolchain.net7\8.0.5\WorkloadManifest.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\tr\NuGet.ProjectModel.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.Build.Tasks.Git\tools\net472\ja\Microsoft.Build.Tasks.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Roslyn\bincore\es\Microsoft.CodeAnalysis.VisualBasic.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Data.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Net.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Diagnostics.Debug.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Extensions\cs\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.BeforeCommon.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Diagnostics.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\analyzers\dotnet\cs\pt-BR\Microsoft.Interop.SourceGeneration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelnaming_8_default.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\vb\it\Microsoft.CodeAnalysis.CodeStyle.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-user-jwts\8.0.5-servicing.24224.4\tools\net8.0\any\System.IdentityModel.Tokens.Jwt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_9_recommended_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_9_minimum_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Razor\source-generators\RazorSourceGenerator.razorencconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\fr\Microsoft.CodeAnalysis.VisualBasic.Features.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.IO.MemoryMappedFiles.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net8.0\tr\Microsoft.DotNet.PackageValidation.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\SdkResolvers\Microsoft.Build.NuGetSdkResolver\Microsoft.Build.NuGetSdkResolver.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_7_minimum_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\cs\Microsoft.NET.Sdk.WorkloadManifestReader.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\pl\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Dynamic.Runtime.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\System.Text.Encodings.Web.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Diagnostics.Tracing.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\es\System.Windows.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\zh-Hant\Microsoft.TemplateEngine.Utils.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Text.Encodings.Web.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\runtimes\win\lib\net8.0\System.Security.Cryptography.Pkcs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft.NETCoreSdk.BundledCliTools.props C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\ko\Microsoft.CodeAnalysis.Features.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\pl\Microsoft.DotNet.Cli.Sln.Internal.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Security.Cryptography.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\analyzers\dotnet\cs\ja\Microsoft.Interop.LibraryImportGenerator.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Numerics.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\ja\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\analyzers\dotnet\roslyn4.4\cs\zh-Hans\Microsoft.Extensions.Options.SourceGeneration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\pl\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft.VisualStudioVersion.v14.Common.props C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\testhost.net472.x86.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Extensions\dump\DumpMinitool.x86.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\pl\dotnet-format.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-x86\8.0.5\runtimes\win-x86\native\libnethost.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\zh-Hant\PresentationUI.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\pl\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net8.0\it\Microsoft.DotNet.ApiSymbolExtensions.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\ru\NuGet.Frameworks.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net462\lib\System.Runtime.InteropServices.RuntimeInformation.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Threading.Tasks.Parallel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Net.WebHeaderCollection.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\ja\NuGet.Build.Tasks.Pack.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net471\lib\netfx.force.conflicts.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{B59E8D78-7A0F-4246-ACB8-9867B22FDBD3} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC0EF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664767.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID5BC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664772.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI842E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664731.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA8F8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664786.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664762.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICD99.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66477c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66470d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664712.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8877.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66470d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664744.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{025B64AB-0839-4E0C-81A2-758C82A7B07A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB783.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{98927287-8779-447A-919E-73028D53F719} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDCC5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66471d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664726.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI901B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5CFA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66471d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66476d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC3B0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC44D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{4743A837-AAB3-4E49-A3BE-E1CAE3151EDE} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF564.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664703.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664708.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6FB5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66472c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664740.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664759.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID2BC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664718.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7FB7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664721.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI871E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD91.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{568F99E8-9F2D-48D7-A05D-D64C512B3AFD} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8577.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{6F2714E0-EFB0-40D1-AD1D-6BFA5900312C} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8C61.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664736.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA32A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664703.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5F4F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6704.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE08F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66473b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e664759.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC75C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE5D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC9AF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7D24.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI812F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e664730.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\45 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\45 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\44 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\43 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\44 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\43 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\46 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\42 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net6,8.0.100,8.0.5,x64\DisplayName = "Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81673062D6BFCB74F999C434324CEC6C\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D97B4C2B5C422845B04132B8CD366F6\F_RegistryKeys C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\90B010360F482CD3483320B456026161 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.20.13583_x64\Version = "64.20.13583" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D881F2EC0135A4B72CA89D27FD72F577\23304BF894DC77E44AD02E0D398636D2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.5-servicing.24224.4 C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{97EA8828-361E-42AB-A287-67D7F4F4092D}v64.20.13583\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D1536F523A1229E469E4108E462AA11B C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E7D2A8AC10ED774786002B45810D078\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63337BB296F4141479799EDBF63E89A0\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\SourceList\PackageName = "windowsdesktop-targeting-pack-8.0.5-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\ProductName = "Microsoft.NET.Workload.Emscripten.net6.Manifest (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8BE1666CCE8CC744B86D469395A20F8D\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{C6661EB8-C8EC-447C-8BD6-6439592AF0D8}v32.7.63663\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{582ba875-ec42-4505-9e60-ec189a76f52c} C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0E4172F60BFE1D04DAD1B6AF950013C2\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\87D8E95BF0A76424CA8B89762BF2BD3D\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\782729899778A74419E93720D8357F91 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.20.13583_x64_arm64\ = "{6F2714E0-EFB0-40D1-AD1D-6BFA5900312C}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36FA49A2314054B34BAB6DD1F6BCB0B5\630BEA3FA8B452C44B2D5890449E904C C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{8FB40332-CD49-4E77-A40D-E2D09368632D}v64.20.13583\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0E4172F60BFE1D04DAD1B6AF950013C2\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\71B0D4EC11E49F14C8B3376FD1EF7079\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList\PackageName = "f0a38d69b91da2c9cf4812140d614380-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B553E43B09B5BB56F5BFD648001EF738 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AC4835B8981DEFC4D80FD2504BAE4899\F_PackageContents C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{98927287-8779-447A-919E-73028D53F719}v14.0.8478\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.20.13583_x64\DisplayName = "Microsoft .NET Runtime - 8.0.5 (x64)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E7D2A8AC10ED774786002B45810D078\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71B0D4EC11E49F14C8B3376FD1EF7079\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.7.63663_x64\Dependents C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71B0D4EC11E49F14C8B3376FD1EF7079\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D6FE611E8EAD6E40B8DFE1F54DC54AD C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E7D2A8AC10ED774786002B45810D078\MainFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\PackageCode = "66303D4B51054E0419EB241E70A0E316" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net7,8.0.100,8.0.5,x64\Dependents C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.5-servicing.24224.4\DisplayName = "Microsoft ASP.NET Core 8.0.5 Targeting Pack (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D04AA1A3B0C02631AD2CCE434FCBEDA\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A9B409F9A0AAF241823E2E1CE257322\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BA46B5209380C0E4182A57C8287A0BA7\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71B0D4EC11E49F14C8B3376FD1EF7079\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE4D0B17-4E11-41F9-8C3B-73F61DFE0797}v64.20.13589\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\782729899778A74419E93720D8357F91\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\Dependents C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 267923.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8EFA8D6E\XWorm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8EFA8D6E\XWorm.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4748 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm.rar"

C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8EFA8D6E\XWorm.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8EFA8D6E\XWorm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8

C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"

C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe

"C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=580

C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"

C:\Windows\Temp\{DACECAEE-0F56-4B1F-A5F4-E621AD56323D}\.cr\dotnet-sdk-8.0.300-win-x64.exe

"C:\Windows\Temp\{DACECAEE-0F56-4B1F-A5F4-E621AD56323D}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=692 -burn.filehandle.self=696

C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"

C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe

"C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=660

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe

"C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe" -q -burn.elevated BurnPipe.{8B11EB5E-267B-4659-A21A-0482B7E580EC} {F0AA8A11-8E6F-4043-894C-C7F2CFD7E252} 4516

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A75BF037CA2274F32285832B03A76266

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F9458977C3880F44297F263AC4239CDC

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 414C29158390DAE66E88B79A919CFAF9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2920DD0A6FA7A335EBB22BDCA942A92F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 409A453E06B2AFC6EC58A6A0AA2FA8C6

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A8543B1D407EA83F928058F282CBA803

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8DEF51E37B81F3B541C76B5218269941

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 29A8A02202C8D934902AA52CE916284C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D0945977AB620D1C6833EA2C6963185C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BB05446FD92B7E7D6DF069D59D5AA85D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 93BF0F19D78EBE67655D1573EB4B472D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F97592C095823FE369A7571C5E87B14D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B741D9963A6EC454E99925270E9FCB80

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 82454A3F013A928260E0047FF24608B6

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 44CAC26C5EC34F5C6DDAFE5A1CE6F325

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C4A1D038CAB8FD2DA85D9F89474BC971

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D90B5406F539542373E58B301A05DF4A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DAB688707F4CF0F411D24D5A23048274

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 41CDEDA31D8E117620AA902079AEEC15

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6A5E260ED825361D3CBE519FAD66BD5A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6409D8C61A94E091BE0AB8BC88ADA026

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 23D0929D29D8E45052D4099DA017F2E1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 104301761E5DC36DFD13A6755767C4B5

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F6908A1F30714FD75F14FB2330749721

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 82630994578926AE422AE2816E83EE91

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B0024C057A0A6C7DBEA26C029D94FB7F

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7FC90379543634715A9E1EA574E58D74 E Global\MSI0000

C:\Program Files\dotnet\dotnet.exe

"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.300\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B284B2FDAF2F759B74DDE917D0812F34

C:\Users\Admin\Desktop\xworm\XWorm.exe

"C:\Users\Admin\Desktop\xworm\XWorm.exe"

C:\Users\Admin\Desktop\xworm\XWorm.exe

"C:\Users\Admin\Desktop\xworm\XWorm.exe"

C:\Windows\system32\pcwrun.exe

C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\xworm\XWorm.exe" ContextMenu

C:\Windows\System32\msdt.exe

C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW8913.xml /skip TRUE

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w2wvm2k4\w2wvm2k4.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8DE5.tmp" "c:\Users\Admin\AppData\Local\Temp\w2wvm2k4\CSC86DD88D14DB7453F987FF5E28070F5E.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ay2oyft\5ay2oyft.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8ED0.tmp" "c:\Users\Admin\AppData\Local\Temp\5ay2oyft\CSCC5133424FBE141E892BEC5F9DFA62C4.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dzxtp25y\dzxtp25y.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9102.tmp" "c:\Users\Admin\AppData\Local\Temp\dzxtp25y\CSC721BF77B2BA425DB0FB749B943124A5.TMP"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Desktop\xworm\XWorm.exe"

C:\Users\Admin\Desktop\xworm\XWorm.exe

"C:\Users\Admin\Desktop\xworm\XWorm.exe"

C:\Users\Admin\Desktop\xworm\XWorm.exe

"C:\Users\Admin\Desktop\xworm\XWorm.exe"

C:\Users\Admin\Desktop\xworm\XWorm.exe

"C:\Users\Admin\Desktop\xworm\XWorm.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\xworm\XWorm.config

C:\Users\Admin\Desktop\xworm\XWorm.exe

"C:\Users\Admin\Desktop\xworm\XWorm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 138.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
NL 23.62.61.97:443 th.bing.com tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 52.49.113.86:443 w.usabilla.com tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
GB 3.162.19.12:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.113.49.52.in-addr.arpa udp
US 8.8.8.8:53 43.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
GB 51.104.15.252:443 browser.events.data.microsoft.com tcp
GB 51.104.15.252:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 12.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 150.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
GB 3.162.19.12:443 d6tizftlrpuof.cloudfront.net tcp
GB 3.162.19.12:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4748_ETTDNYFVPSENZTPV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec846ad367a4609f0e7086ab3f76806e
SHA1 2e3872fa3c9d9e7fb37a74c790af0b2c85b314c9
SHA256 13364d3e8c318d721632c5b0282ba17b4bc2efd6776c4bdf46e3c3d6be01df30
SHA512 3f1b97d47da6169e4c908009ccfb1a582b9375a7f8c375c700c51a98d6438a29d417067000fef883e44bb115c3cb7100e0c434b2d551d97d5d3e791f371bbb65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b2e0711ac2cb72418c2b29590957ed9
SHA1 689a3655a74bf7122326fcd297aff91f5e6319cc
SHA256 b260ea560641dfffb2b7872af99c56605f7e2a5748a972694c9cdf8d8a1ac866
SHA512 4f781bbc3824673ad1248eb123186ace66d0bef8d3666c05421ecd3555477be6eefb1aa8c80c26a0df02df33e5f3508f688802b05f4c7b74b8748a7f95d8c944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e26ab10b1e60139972f8f909c9792a84
SHA1 d47588828879b093e3a25bd0a266508a5de50d23
SHA256 be083419a2d6bc1155e1e2c7622486c25f88344f37d9fc65c7dca465a6522042
SHA512 b8f845f621b0d36c1f423b5b6de5301222bc093f38881f3c7ee8897ea7c3a654ab60b087c7df00e92d30a3fc49d11c755c5ef13220b007c562abe2bff7a06cb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae852079ab02b5886ef13ab1427940fe
SHA1 b4298afe5230d3a7e846968e0158d8d43bde5c3c
SHA256 bbb81ec837479584494ff8aee88aef458041abbc23b9d64dacbd5edd0c4dc659
SHA512 b9590e0949bc6fc70a163117d245b0dc3006ba4c39bc4b1392712ccfecdb87e52256198ccebc6c20bfb88f5503d984d743a5c403afc0a27ff031c0c8f952cfe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b8c4ad018d0814754851568cdefcb1af
SHA1 279288f935399c034ee9911388ae8593ada0c34e
SHA256 d847d4a68e21139392d607406a715d81bd1b7e9cd7fb0bac496c747b124aa3bb
SHA512 f951696d2372ad862bbce4b9944a76b57a175d0061d587b75e8e3d3123286b25995f33aed6c98a103bf926891675805240a845e01ea489d32db62050550f9416

C:\Users\Admin\Downloads\XWorm.rar

MD5 8845f7149b64a79343f12ee97b8d90ad
SHA1 d48a4d2b00859e6e7e362e38a34190da60ff8550
SHA256 17c103b0cd832139aded6213496300760f83abc7922d3829d10f09d422b2b348
SHA512 132c47c287aad520e29c42debff6c2a847487323a57824e7b43f48fa5562d9b008c28b297fd3a260b108aebfd99246ed2fff5d38cc9fd52b3406a047aedd5bd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9b89f6001d0f9abc11a53f35d355656f
SHA1 f8f88521a4b856c68739fc26e3be63c7cf85b5d0
SHA256 4eebf3df15aa85a6ae045599a5e180946acddea6e41cbf86b7b8d223996936bd
SHA512 5105d28656f84d6e0564bfa16f2f0e3065955644ffc7dd06ebddf479992afc6c6c43d246dab54790676b6a01f1bd831ab5961ed2d37a4524cbecd55cd7fcd923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e2856.TMP

MD5 250698ed7bf15717e9f2edb0d9edc6a6
SHA1 821bdf450b5b39a4aa8943a4922f67c3bcb2bca0
SHA256 4035de4dc891ff5022267660270bc0500b5d7ff7899b5215787c8b95a20cb6ac
SHA512 99550ea4b026af2015064c4109bbc08b4c921bcf86d9e921b9db68659f975a1c92707440c2821ce57590fa604e671ce2255a139335062889ed0e0ed05454672a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df29993c0f80a07f8a20bec0c6535694
SHA1 49a19d5fff379175f95576bae7dcf3b6c747a5d9
SHA256 7bcd0aabe5bd47a66079307c84c424c9315ec544984db479a71a03f5742ed79b
SHA512 d1aeeda2659e25632908356e45fbdb1ac30d5b4083774570b049f9ac3aa13fc6839c66ae3e35227b04b44768a0f67145aee999b86574e23c7a0c9d2416f58d3f

C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe

MD5 515a0c8be21a5ba836e5687fc2d73333
SHA1 c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
SHA256 9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
SHA512 4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522

memory/4592-311-0x0000000000610000-0x0000000000617000-memory.dmp

memory/4592-312-0x00000000022D0000-0x00000000026D0000-memory.dmp

memory/4592-313-0x00000000022D0000-0x00000000026D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 13dac13997eaa7f1f56e10d4c0c68658
SHA1 b49b02601f366a12dc8c77bff4519dedf2a9829f
SHA256 bad90612cd2967e4d4502e0964b21e972d6f4847bc9f1bb3a00f1cf90100e8f7
SHA512 f4e435d5261219dc1d6f587ed86a702c3c96cad8904dfe0289aa507e87f9d5f5da47b0075da5c4a34f3965e8eec7eb31c57e2dfea5a12e32a693e06fa648bf46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 08739a8f80b4f6e82d7a3c8e1c7c2a9f
SHA1 ba6bb984efb0f5c6157bf1cc3b3287276a8a2526
SHA256 19be69651fae9140265d31382e53b4b314278f6beb6c1a1c684c650329287b7d
SHA512 6da2ca7b3cc2348161af1db17bdeceef927a97c77e529592af16efc6f549100c62faf4dedbd9282edf7288a56d7a5fc862ea3865cb93a7aa096db529f1a4128c

memory/3452-352-0x0000000002270000-0x0000000002670000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4d480a9060a8806c31caad61cc23630e
SHA1 744d0f52b02a84616d105b4f49fba1456b5d9e98
SHA256 534bdb500e28e17594bc8bfa06de7f92100fd431067f717a60bde99fa328469e
SHA512 019ee3471b08f3eafaeab601957b261d5a20048212b18036a3faa2808250b0af5a96158e6374acbc1ad162ed56d459c67d3ad9fff055f844ac85178409791eb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a7a25b41ccabd96a30013a97cd02719
SHA1 e95ff65ebef46b71d8b620d0222f403aded2230e
SHA256 8101336d01a643a446296fe1ba3f469a47208c7ea2e970f17cce45c55b4dcd1f
SHA512 5931034657d66893e64529781d9312c92a190fcc47c8d4c600d64f9080e7ba1d9a7d1d0d98427596753f4414c757bd324816be1e2da3992f003805363db0dbe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9854edfc72a88064d9afa9e1ad60d29a
SHA1 4e51563177afce184c50dccea6c6ee7abe868eae
SHA256 87199d6f4a833f55a6f1b2fe086c177707ada59a4b29157d5c4cc1c39366e086
SHA512 036d27870121d27ac089b4720f5d98a88d0253c6caf19fcee978c9ce6a85f5ff69556a38bc75b63430994383c631853658253f53cb5c7c2a013c8fe6259605aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd4d90c57f00000ee0b50ad6d6c1e632
SHA1 a893999b351aff22a98e2fed651399faf11c034e
SHA256 48608f5ad288402eaf1fbc1ed06e752f03c2ca492311c7f308888e70125dbacd
SHA512 715e6d17e6d1223ca22a59fdc931403104b1741703edcd8016fa7e7ee8024bc5f961450af909a061afffbdff97c415823d900ff8beeb0957fa0d0e19aa162eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1aabd4e69904c99cc5d2aeed09a09b55
SHA1 a260ee48eaff473c263f0e07e71d8f167c38d9b3
SHA256 520d438aa380dc79b6fa8c088ecd307947da52e2771f28dac95572ef8f65de9b
SHA512 e196d2c481dd3b5106bd5ac7cbd8063e2065de0af8effbb986d1139cd1eba2ba4329b01a1416bf7c93ee94a27d943722838476c6316682f8439258cd94b427a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de49a6540874148cb963da131d1ae790
SHA1 ef1911ac44e97f0f26a8b863056b78414d3287ef
SHA256 3f328965994f29333e2d75add5db72e1ea4490755b910bfd82ee0486478398b4
SHA512 65c84638237d4d54d10612a4ee4db3b211cf97ae6f53bb7247dd6700890a9a35d43e0c9a33c107ff2a22fc4fb97e53dc55c5e8713f8aded29671d5d4efbf82ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 3c2ac6ed09323fe172784cdec7f3d671
SHA1 79eb656ac99f1a2efa7fbf8e8923f84dd2b63355
SHA256 67d42a456baa3edbec1eb21c94f294c04a72bac350acfae80f4f2b65afe8bc5f
SHA512 ac95a571afa882744a42447e84c1ca5231303ba33700f63e99d58860e9635ddc861745678d5c74b137af3d50daf05ea710abe65b11ffba95e2b2f6aaafb65071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 047dbaf7429bd6fb2e31adc052b78641
SHA1 e6a965deb29062afffdd1778d12d49c51bd92910
SHA256 9057108a2b9a91d3b01e29aef1222826876f3922c704a3759ffa474b0b876132
SHA512 a4d0971c9ca2740336c02ef9e703010585ddbd977197d97f85a6e0f43d67ecb7af71db6e5b83a34c05c1e076124ff63da2cc3634108389fc55cab7026fdaacc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24385817cc260f2a6d52a90b1bea7fa0
SHA1 6d2991c42a1b05b079839ccf30467491798224fb
SHA256 f5c4416c59674c7f7a20a4f9afaf63c1e7fe1bb3a91e44242e1d5797bbf58249
SHA512 2356da46b6efb6df8a92f2e000b4b98ffd621bd6392486b6f5d9998d7ca4e6f029d5d7a7a30495618b9d628a8a0ae791851ff4dcfa3d083e8393f34542288006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff9e014bb84eaadacc81e92e11fbefe9
SHA1 6c1ebdae0992e6e22535372442dae1af3ce90335
SHA256 d9088b4ccc35993cc075e382bf7bb0931f2897b16c7b74719097df750e71fc2b
SHA512 6b20708926d4ee72a8cd05f0791a7f3f9302a4914df23a939e58abd924c044802118c27381a98a57342a3249b037f14fc9071b9826c932721d499391d27aba93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4600d9f2424f6e0ac739a5352aaf3be2
SHA1 cd0d1929ae55ee07409968a159d36056fe4d5dea
SHA256 e2fbcd62049d003c6996e77c2f1ff999c5f483d68775b3a9d1e7e1fa70f18071
SHA512 0d2ba1edc67fe5507bd8b8de927f17e8934a28e2e2fcd0d2fe619e6e4da3cbfabedb11a5b4b652541ba7c0705981e0746d9b17fdcac1a9259c86381aaae0994a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5f0a258fbb065ea742b8cf37e7b4380
SHA1 d99c84ee5c4cb329cca83e1a5ef9822a89c616f3
SHA256 538bd52d0feb5dbbb3536d8356df45e314faa8d192adf1101e8880e495e4e49b
SHA512 d773a0e992d8509ba1f5e4202de45f642cccd66b73a31a72340c833f957a0ac7541bb6c5db57c61ec26a34d70b246be659065a8e58ee118dca3f99921f2b2ed5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19e80554d82fa89805968062281615dc
SHA1 f36f99ce119b8dc1a0b0065e36bb3b5e40f0db2b
SHA256 cf8dd948a8ef652e746e118b0f04ae0184083b0ab0a44299261d862a3bba6477
SHA512 f036aba83284094cc718a98907b7ef7e0b14df09ad98a58efd41a075a6e9648997788aa88e9e51f8ddc0691b9471bf2759177b1558022b5c9e00be1a558e99fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 5ad67628093b90d7b09f19fea57ebe1d
SHA1 c983290e8692fe0d4a5a6f7354c27ad4c61a0221
SHA256 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c
SHA512 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15f90924fc927766c2c375d1970e87b8
SHA1 7e7990ef63ce4b0403fd5f52d2f18ae53536b9bd
SHA256 c41d1b680289428f6f21756da2985e08bc662df18ce719708ae8c3af802f27be
SHA512 60033246eda13a7e68b227ed673bb3a0419ce3a58eae5640ada52b81d4d518c44b526136b6904d890676b70fda85b2574b769ac88b3c732ba285c590436bfc25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6f07254e5acb784dc65f74fd15bcc658
SHA1 9e25d26cd69285b9915fdb5f9cb588b6316f9f29
SHA256 3edb2d4c83a83f454c4278a243b21a4fe04903605f11b3f5619fe6f26d9784b9
SHA512 e32952a6285a0e996021ef556ba9da3c9159f656acf44a5f77663ebce3c3c6e5e5802ed2a312eec6d22d64dfd02d51602035df0783072ea49f4a07c2af964a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 85da770c110fab50857645ee712bc8c1
SHA1 d379b8ebf52dd161c84d65bb850c396388ffa2bc
SHA256 2f57504a98f31ec6f7d91148c1a6d4991605b7b1aac50f322839e9a967bf2f3b
SHA512 ed63392d9e48f05c83fa43815f6245bda526bac1e83279f131d4907f304731cb4bae5ef75f694e77d8d3674b13d85af6063cc3a3f562bad4a351450455a08f53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37b3b4f1bb007a0971498dcb51a31103
SHA1 25afb9f44f0faf2dd7c47388129197e296947849
SHA256 35284f9f4cc8ab7e1252c5da4647ac39cca7bfabe965ec484b8dc6ff81b460f3
SHA512 c1530f7035d4328a55ca461e47fed5dbc3ca4a32b0d1cd1ab889a618248723fa377e0f4e623134f4d9228f98f315e045c1941acfe766ae65d8a7aae8d0c5042a

C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe

MD5 3e5623a5ff8d3523bf9baa47ba4be97a
SHA1 e2c83a2a7e591aadf891364f88030880f227058b
SHA256 09b93545d93cf4feaaeb5f827d91bea5581dd2f7045de4b02f77d42c9dc0f5ce
SHA512 e6fd7e4f9f9954dc91c1e3e90ed24d073960e0cbad41e15c53c4bf2660bedba0f6f8405554a98bb3b0e210856756e0ef3a79d297055c4ebe822233e6657a9f65

C:\Windows\Temp\{6C633254-460A-4E4A-BFC3-7A7C5EE6B725}\.ba\wixstdba.dll

MD5 87c8a7ea44e8ee0d9358e25b7dcd397d
SHA1 0e2021be823fee499175d2c0d68346d15c02a376
SHA256 b7de0a0ca3a94738747abd708e30ba1f9638a8c8b7d8173c76d4f39fae3d9346
SHA512 98b5bbe5bb3ec331a0025e3da209296050b2f695be5a4b90b5c939f8fbbaada6dd93483eba779c10151546c2798aab5282fa619a55ec0cf04f56a03795a0a3f5

C:\Windows\Temp\{6C633254-460A-4E4A-BFC3-7A7C5EE6B725}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Windows\Temp\{40253EFC-EA28-4C23-B1CF-E435FB7EE2E8}\.ba\1033\thm.wxl

MD5 4479c9aaaae17f8009392786f0910789
SHA1 216b73ba2094150424a9fb4a3d4e1d46b7a38945
SHA256 34919f9197533a6ba636941a91e33e57338fb86a821fa02bf586cb80e9eebdb2
SHA512 6a15007c0239ef1d463f688a5a5f577a8dd0bfb1ca2308b128e31efbb4fb2a2856cbbaa4695e688ec894f8e3ae75a132707d61f88591c686d410f019bc30a9bc

C:\Windows\Temp\{40253EFC-EA28-4C23-B1CF-E435FB7EE2E8}\.ba\BootstrapperApplicationData.xml

MD5 12ab63b7e3b6a19e0704d7aa36205e7f
SHA1 d8500be309484e966a9676b2389ee2343f6a1f64
SHA256 bbe5d1660e9d44878d8bb132be8b4fa21bddd1d6e823788ca5867b25b0ee4daa
SHA512 53498a111ee0e0c6419a638ff9f8e424a38f6e1986f3184b9549f75f8ba1082fed9924147124451b696448772dbb9da4c98e8280e954fb8a2552726373f26612

C:\Windows\Temp\{40253EFC-EA28-4C23-B1CF-E435FB7EE2E8}\.ba\thm.xml

MD5 bc4c1b302d6c87c4026508120e167c95
SHA1 4f33e2661eeb097e50a3fd2dd240f281353d21f9
SHA256 c9e7e37d46601196e0dda5d42fdf80c533dab4cdf09d68e5a7c9a86c05795e00
SHA512 ead68a5f2e59dcca4e428c6c0945c8dff74e9bb72ec0e7e2ba7bcc8ace7a9c756f3b1a382c99bbdaee506b583623355e9de3533961eb86a35fac4520b4792dd4

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\windowsdesktop_targeting_pack_8.0.5_win_x64.msi

MD5 ecc61fc4446eea417696e929f43fa891
SHA1 e197da3c227187b67cb2343e78e7de6955bf7217
SHA256 1b0a334e1ef3563c679fe7b6ab13b5b460c132ee52a95872e5de0d96d3a675d7
SHA512 cb772e282b7f9845f79de09e4c74f61ead830b7fcf261db101fdab6ae374c5d3bac05961fd8f0e23a884560c8e88b95fe61f84f2485c25b99d2d80795f87d99d

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\Finalizer

MD5 ded6968a51eb0e00589450da07d9ba19
SHA1 b1563065de68e8d9abafe521a2613d88139e9a48
SHA256 f7e648310f9d0c356feab0bfbc0e96c9fe44efd1fe84d69b9535333120b00220
SHA512 5347763ad5d9a2f3aba43b97e0d6e8c18b8e1c7852ff615707d7a91b663c49501de10cb13b0b173fe62c4d35a2b62576540aa5dead5b96f006fb6bedd6e65476

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_runtime_8.0.5_win_x64.msi

MD5 f515c54d4ed80fe910e9ed252111adda
SHA1 0ca07002ca35e4f01818f9aad91b9f16ea9c4f90
SHA256 23dd0b88aaf091992aadc29cf3845f09e6c6ee385395e86c6b735e7899af096d
SHA512 e93af9c67e1cdafeb29abb6df9eb7ebb30e2d300f044bf6144543c1d6983f78b1e59384e43a1a1d18a1a97e0f68872f637b1fb98ca2763738ebf5cdbc36b0f3c

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_hostfxr_8.0.5_win_x64.msi

MD5 523e0b41c264342ad9e9dfe3f86637b3
SHA1 0ed0ef1483301004c60787784f2d4a4f91c6b1a8
SHA256 1e498023a1cfe5683042a099b4568b4f75e4af965faaed1418598bb614100a08
SHA512 54805876e6de4e2ece8b9420ddd631969e3427648a06ba2c6c38a79d4a2fdb7ab71ad7e43b918c752ef362f163365af2a1fb41cbbfb81e5fad9767b6d3ebd1dc

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_host_8.0.5_win_x64.msi

MD5 11dc38bddda84ce013ebd2f64a30ba39
SHA1 cc3024b33dbefe3e5ddaf99d2ff48fa836d3acc7
SHA256 b735df85f784fd764183379b755a3678cc57fd93e022e2649495dae0f7b0eae1
SHA512 62321afa69c78565841b9ab408e7e571c5b235e54530365a856de92f9e67282c24666bc6566fa842163c4e86e37d45644232783e111fb1762437f3eaa48c8c7f

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_apphost_pack_8.0.5_win_x64.msi

MD5 5775073fa11dd045a9969669c51a5db1
SHA1 8e80aa478ce31cc22bce936d9a40e93680d077f6
SHA256 17d93947fbc71b6f5f0907a474a1616447ccb8039b49f4ccba284e40943a7669
SHA512 fff88888194675fd109a32b580b082b11cc02ea9b1d69a3becf614bcbfd40c9ef77cd948d51fcfc2ce4a3eb56a863f13ae811fd0fb8ba2c324eab16be5c900ef

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_apphost_pack_8.0.5_win_x64_x86.msi

MD5 433695d32045986230ce899b07b0b7b4
SHA1 231f9942a0d415f5db53423a8613ebdfc37d1b60
SHA256 7d117a3b36c51bd1073bd2c16ebb66ac7be1ae408c7f17d82726eef009958fdb
SHA512 c9887b9b7520d645b64d0d9d833dbcb1485a9c91b881f633aaf86e24fa7dfd99534f7241a9662e6617c702f197bad90652b36e67970b2ce1f55c5494f6cdc81b

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_targeting_pack_8.0.5_win_x64.msi

MD5 e88a6f08d2bbe974b89979f71676c1b7
SHA1 a00841527ed694c9314f686d379a3979164d2808
SHA256 ceeb7d052b2bd39fc15ffa3b578b7dcfbcb5b5a182a693afcdd6646433a3482b
SHA512 7f2b4f2402a60384d1054f9311c7a02bf4c3455f979269a8c708644d74774c15100c767b062f965c2e6711c8351699b1ed4ce22894585f99e3c64956a2e6cee6

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_apphost_pack_8.0.5_win_x64_arm64.msi

MD5 c09d4f94aaf83b8056e95ae607e0aec6
SHA1 e10da8d4733aafd18b2f643667d5e40ba39cc0e9
SHA256 c8e7e38c5189a37a2530d9360ae8a5ec12bfd4584e8fbad676416de76a9732e3
SHA512 e818a870628b0a1c743ab7baa7cc1cc65ea9684ad0fea8985ee7bcf215808a76e28d76d7fdf5cb1d674100639bda91c02dce31370a4f82f84a74c5a00dfd5cb5

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.300_(x64)_20240527145653_000_dotnet_runtime_8.0.5_win_x64.msi.log

MD5 ae456b2132f0d3ca13db66a29f8c838f
SHA1 138b4d9aae6039405dc121b8b263972a151ae01f
SHA256 28dddfabbb5acdeb37827ea3e4e71757aa2af92a9f7796a85b3befe8738f321e
SHA512 97e8d799b845bcdfc840ce8cb9f1cb868768d745f2def4241d93b54bd0d473b90a6761a324084c8ec2f08c57235bfe988ba52219cd09795da9dad28c76e10c30

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\windowsdesktop_runtime_8.0.5_win_x64.msi

MD5 2d8a9f00fb0887ffd890b622aecb2da5
SHA1 16c6686b4c44abd01ed814d218528fae411fd87e
SHA256 2edde9257410ad2303baf9395016558e398674e2c18e9774e46c9f8cab1506b7
SHA512 3c2236f4ebe388fc6276d555058d4cfb72c67612ccc947570155d10297076d748d6b1f8fd8b18ae477951c2a20d74c0994de2ff0b19ba247a84a63de8eb24eea

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\netstandard_targeting_pack_2.1.0_win_x64.msi

MD5 44c7e9bc360848980b4378d65f9f34f5
SHA1 f7a63dd8c002a0bc6b7052916d86f3b45c090dc1
SHA256 6c17746b7be6bc679a62a919783eac7161ecc63866bafdac02081c75f3be40b4
SHA512 ada7fa6d0b3a1687755728c7085add9016be73d2ef59a65bf1065eb82824e0067910b74795888b050bb7cb359d667b65d3e1ad82781d5f90db744dd643991db9

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\aspnetcore_targeting_pack_8.0.5_servicing.24224.4_win_x64.msi

MD5 bd0f9be689bd9206127bc7a06ea3577f
SHA1 e67685c8fa16f8422a7319a445dbccd4880addff
SHA256 ef93fc6f7d997bbdafc0ba3271ebb9909eabd75bacbaf2d44802c946e157e678
SHA512 ead04ee79c9c20d5a17b1a441b9eb4c44ab6142334e7632ccf23acda44c77272b6fadd0f8c62b8ffac14f877939b78a56af4c455ec458fc9a3b2eab7e6c9e915

C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_80templates_8.0.300_rtm.24224.15_win_x64.msi

MD5 fe1dae231d859bb8873a1cfb4d10a780
SHA1 cd11a4fc943785281145e7d94817be6e3147faa4
SHA256 0a971de7da8d04d1cc0491f9d16bfdaec605dc7eec0d7e7df9844645e58f75fb
SHA512 76608d7eca7df522d23636bd29439280db828d1e0ad1fdba7e22e12a5cd740ae9d7b3c90c2840085686279ce0e015f477f4d4270c944c1ab9203f138aa14b486

C:\Config.Msi\e664706.rbs

MD5 cab2b93a2675bfe27f4018e5920e025a
SHA1 c228785bd10b50e9d06f9915b6c8512c0e3dab09
SHA256 89974b74a2ae281e15ded6be975e75eb533d01d1df9a361e1cbdb9bbaab91930
SHA512 b772565d8c374fd7a88909a9be94dfe3956669de540d1b1804c779d2beb1dd28fbe5a9055c54705376423dd834eb07bea1654537ba95d250ca8f8d448cec1f6b

C:\Windows\Installer\MSI6358.tmp

MD5 8edc1557e9fc7f25f89ad384d01bcec4
SHA1 98e64d7f92b8254fe3f258e3238b9e0f033b5a9c
SHA256 78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5
SHA512 d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

C:\Config.Msi\e66470b.rbs

MD5 00fc7ba1fbe7e6036bb756e8d868d1f0
SHA1 b33565a4880f9da396c8d0397c4e4720689d3058
SHA256 9f54bcf9f8b9d7fd838e562f63f515d181869da2a9a2c0185a097dfc0b7c82ea
SHA512 74b736209f6fa624fc1a3982844274335d98bbae01b254dcc5f9da85580b47ac6c15ffcad52db655b376be705c844ff5d97088e68a6fc2f4820bba4a0bb3cbf2

C:\Config.Msi\e664717.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e664716.rbf

MD5 33b4c87f18b4c49114d7a8980241657a
SHA1 254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA512 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

C:\Config.Msi\e664710.rbs

MD5 ed7b01b37a23f466908298a47740de27
SHA1 1ef88ff192d6afe4250e70288c64fa15ce447fa4
SHA256 472570cd3baf92c06dd9fcbfd43e5368da36593783ed6709eacc934d26c29352
SHA512 42982c990a90343f1608dd3f17734bb0de9e1f41fc0439411ee127c0baf9f30ae730cd02233f946a160da11f4243b1488ae67e662d64c30b9c61453068c27bbb

C:\Config.Msi\e664715.rbs

MD5 a3a56b6286816fda101dfebce0c9081b
SHA1 eeb9ed30340deddf6166333c8e0cf6dac40625ac
SHA256 3d248cd88ed5b9a501883581fee1321d31982834091ed702e01caa99167690c1
SHA512 7e4b5354d00d7f8e4dcd6d7aa5a94d0950323f085d2e5b7aa8cff311dcd70548c966bcde4763dce4d336a48272ed360c40b76cf7c034eb8a1eea2dd32803e6ef

C:\Config.Msi\e66471b.rbs

MD5 ad18e0782e52d99a5c2e88167de35eec
SHA1 d51177831cebaa51e30b5ffcd9960958b89d911d
SHA256 b88d387e0ed843c90e0b8510c97189ba4d05ff9988331374bc0763e88b72f991
SHA512 28e7f4db8ac334bd9a67ae209e58b993d7a6c575104cd2b8bf7eb33eb8a77cc7a575b1870362e03d8cab243c616ad7f6f9495e7d2574e608a548b3408516dde2

C:\Config.Msi\e664720.rbs

MD5 8eed15e4e58ccc513bb2c5ecad519c69
SHA1 d28bf1ecef40f71de6c2bfc85389f0a8f05ba5eb
SHA256 b8bb1914617a0d6e37bd2d3707521959470d580114dc59b867834337a1f8fc13
SHA512 cca9c5bc9fbe6332f062ea9da711305b0dc33bcf83b194d2afc44afd33938de6a927ac0106bdb8aa9eb3653d03ab165659f126a0b321ad4879ce62fbdfe2835d

C:\Config.Msi\e664725.rbs

MD5 7e725afb5d092ae5ceafddb76109be31
SHA1 b95b1ed9abbe4de7527779a8d49848a81c4f33ea
SHA256 abe66584850b86401af3471ef9b1cbbd1b9bf48054ccc51bd87a942868f34789
SHA512 a1c5139ea6f48572f6789fc29a99b39e00bc480bb25502a5ec5f200e7b12fc1eb139ee81264afc20cf21993fe8b0f99a8609acc82992463a0d5635b7f8b77c6f

C:\Config.Msi\e66472a.rbs

MD5 7d588f11fc84e515c0bc87cbf94c2c5c
SHA1 2ef593ebf3ee904840a8cb9fead3b4a3cf58b522
SHA256 0ab9b3107a950a4335891757b3793f9fa07a6a3874dd45522488f7eed1653e0d
SHA512 8fb6043c478c9a3c8563fe2878cd33380df25e2afb10bdfd745eebb762ea1742ba09384909a938057fbade14d43f30bcf98785f3e19e84c2b851a9454215a58b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4077d018589baf8bc3ff02a0e560f9d4
SHA1 95184f191a2f93c2548f21cbe08ced6713182d6c
SHA256 1ba61645cc57a78fbe111e6838a22139c35b186a1a0705849043d518a5af8876
SHA512 4c8f135db0cf8176c06c9c39839931691a58914a3244941a1d21302913d7bcc5865b676d932a31ff13fca09bbf76665b5495a40cc5f40ea4544b93681df1fc97

C:\Config.Msi\e66472f.rbs

MD5 9520f27521858670cdc89c479e8bb593
SHA1 a4f135303a81e725d8d36b288329538a2ffeaf58
SHA256 028d3a584bbb31da80fcbe2e59e9716939f982d6d3b2e394a237f3b9f643376c
SHA512 24d7be0424b4769a50acab424a6bf43a536884b8d7442e28c3081a45320f765697cf20c7ab7bb8308840dca8c9952346749261e8b2e2a5c2b6bdaf35c7199a5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90acd44f900fe5566c12305edb721883
SHA1 14617be28c51bbe9cc0be9cfbfce001524bd3e20
SHA256 c8dbf0d1ca13d7272eb5ca717671e5b66eeeb1bcf7a3b7aefd4868bbbe157031
SHA512 48b3a0b203669232de3ea1f203f34557733b93cbcccebc4286805f871d9bc907ed2c743e6077d31c5d4125657bd1be039bb0aff6f4da38d6cb00952c26a2c385

C:\Config.Msi\e664734.rbs

MD5 0d32702f5ecc15a30e0168cbe6bf1bb1
SHA1 ea2515cf9eae1216c573fe5b0965d84c6dcda137
SHA256 d9e198247c947a6af0078e985b3f9f620568b244dca4e145f985b9e32eef4d60
SHA512 1d94c2e6cc1f53573bcf05593d2ae5cc758e669afb1267b4f1daa96dc0f4dd0de0e0bc58698eba30f3812e7e95167d7bdb978d2521f8d226fe836537c9278e16

C:\Config.Msi\e664739.rbs

MD5 352a715c9ad5bd05bcb00e8170a8467a
SHA1 de31167714cc3906a55585666846a00c2ac07028
SHA256 8605a7bf56d1247c6f23fba0a2e6d442b7f3d1c4caaa72a61616a26bc08ad91a
SHA512 5af4a31d9bfb8fcfb38a68fd9aa3fd4e2dcf40413975dcde92e85da9cd7a8194da0a2a789b75010b89ce3c176de48cf34c19c0f71f9ac601eb3ddebeba8af452

C:\Windows\Installer\MSIAA61.tmp

MD5 60e8c139e673b9eb49dc83718278bc88
SHA1 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256 b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512 ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

C:\Config.Msi\e66473e.rbs

MD5 075eb58f412f9bd3db941d947489ca1b
SHA1 eed5e14336fa4c98d40aa999d885192d494317aa
SHA256 0cc4623cd8322c2d1f77325864775bb257be6859ca26743a0c9ef64f42ae0c6f
SHA512 7352011ea486d6c2c736989809066e241cab5bbeb869fcfea9871f2fb77b139a6c774fb121eed68138de7e872b2bdee1fbb54d2f35afb7ff92ea3e6613a14e01

C:\Config.Msi\e664743.rbs

MD5 12b3faabbe176c6435c7323fc890b379
SHA1 8cc7bf3fbc8e108d90de324bd1a415470f5f0760
SHA256 39bc7c6d46222ce5f0a8bd7f4ee2f902d8c51107ecf9f936b2c5787e18db7d73
SHA512 4dfe6bb842a5091ccd671c145b6dd5009c815b8801d1aeb016f5d283375f690003417a95d62ffc1bfd79bb749a110a2f5c29f38870f545cf0b4d8056ed41cd59

C:\Windows\Installer\MSIBA91.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Config.Msi\e664748.rbs

MD5 4369ef4ba05c4a37355e8294c3e533a3
SHA1 d226b01f12bf66d61e21ab38371a55d994389a73
SHA256 1f4934278017294d7a27777107ca33f2ee082037465a4d227ed93efcb04f281b
SHA512 282d0674afb7f113b6d29797444e8323036af00bd93b44c5a44eba175460e45c4ead03797077f3a0b01f5f585ce519b782fd948461614fdaf9674cce304b1e1b

C:\Config.Msi\e66474d.rbs

MD5 97bc3ffa43e40494c162fad75b9b9e07
SHA1 27820acab87290ee9eb5db6c73fd8b55006bc5b3
SHA256 0d127bb5b632756d039b3030c95a6d9a5215d3b35ddc4a5c5a60135f7671d795
SHA512 e574de8668250120f1f01a543f9266c9e9a1e01230c8da3f60e8af76cf2d7b42f32f400bc269a4cb1b454f96b7dfca894e464e90c813aba5ebea4fbcef42b5b5

C:\Config.Msi\e664752.rbs

MD5 31b27d3467d5e3095862b35714b8b56b
SHA1 c8256584db655f1dfa026a2f58b9d603197989ab
SHA256 38c78a27e3feff9e64ad4e79fa805fa01a4e2a4f4444e8fd4d40e59ec5ff8993
SHA512 9a391eaa9879a1a265f8276730ec74e1e77df19868b31f1d89bd90f8b6b25fa7903a4ca6202c37ae951e9e45608edeac656c088b6ba58385083b0fe62c99dbf0

C:\Config.Msi\e664757.rbs

MD5 cbdc127951438242e6009e4ce8edc1b9
SHA1 b62d0e0aea15ee5986bceda57a3e924839fd903f
SHA256 af9043958d10404ccec09e05ab436ff338cc6fc7bdac9492c7027ece033ee92f
SHA512 f9ce35f04ec2cb24f04d533815ce8b8f8160bc348ccba478938cdf04380a74f9ee9e0a77d80ccf8fcc9d417326d2fd1adae6c1786a16bea019dcb6ac304d5784

C:\Config.Msi\e66475c.rbs

MD5 5649d3b3769185c0b21c334c0b2affdc
SHA1 1ef9ab280a700efa49f0d87abeece94891d41010
SHA256 79064559312258d0d94b05179d243a910b7301a5f24461c77a03721ddd6390ae
SHA512 df3f5d30b21859093d0d0bc140d3b0f312cd4b6ee81e8981c986acdbab718ee0b7745987c9c82266272a540f38405e13e2282dba0421083657c539458ce63f85

C:\Config.Msi\e664761.rbs

MD5 f95af0e8955244572c7246c52791606d
SHA1 e612d4f1c8509c5bf7d0f8305fdc0b6f0d092242
SHA256 c56202f76a10df29ee79aff42ac13837d14f51c88723e6be2a466dc2ee46485c
SHA512 6380a98cf859aa8bbee8a7cf6ae1f29d10a51d2070818081eb4c1777979820bab83958e3790c050fbf85c86cb79a7bca5ac08d5f186e87344e0d8a50ae9f3997

C:\Config.Msi\e664766.rbs

MD5 2855b06737c18d355fc16a880afdb129
SHA1 620e74c5333201a3193a9e711ae6404f4ec4de27
SHA256 9f042b11a1ecdea8cd9872cc3c977f184a58aa37e4cbac663000c57095bd20e9
SHA512 eae1972adb5f8765c731fd4e7bb6158518474ffeed8d4bc4fd38e8eb9a261a014cf8fbfea8d8a1dd8f8ff32a8bab646aaa9eaa816ff25b7d72e9f5b85750dae7

C:\Config.Msi\e66476b.rbs

MD5 311207e08aa98e22cbf0e85ce5f0e3b4
SHA1 8eadfa6f68b0a2a0b0dc396a3f3e62a071974a5a
SHA256 1a2607fe7847505d1433cb7b7aa09f81643f8d3c22e442616465de141e4219d8
SHA512 ee25ab5a8e7332866ce2d26e50157d820219fce02808bba8d690580415057f0193065eb9e397fb659bac069d7c5ba4846ef0f5b2a8482db9796aab4cd1061187

C:\Config.Msi\e664770.rbs

MD5 9fdf4b67845ece5efd89c1c135325223
SHA1 914d3c81770f819596b93d31b65833207177fb47
SHA256 671296dbfca612bcf2190199dc318433e005dfcfc58049c70ad86234ea55f2a9
SHA512 e69c0f9bfaa76c69b007adb53f14a58a66bdcf0284b3e84f2b48c93a543573f3bc5447e99764366ea5044100a17aa261938d991459fd25f6e8fa580e0523f04d

C:\Config.Msi\e664775.rbs

MD5 2f1e6455bb545a0a4f7c40a1761d1915
SHA1 04e96adc69543044792447bda6dda70927371ee4
SHA256 349e057dcecfee93853d623f98fbab40eb9342a768214805084e1ca6fbe5ac7b
SHA512 0f12a8474b593c4f58e4ebd81404fa291f681b9392dc3667d535d3d745680d4d9ebcc934c82e7035f52b5aa4e1a4da608b808cb904dc174db4359fed3ca3846f

C:\Config.Msi\e66477a.rbs

MD5 2d65ef3850b333bd51b30f8d2ceea123
SHA1 76c1244c96d9272b5adeba4f5bbce61080bc1aff
SHA256 251efb4d7e3a1d1be88518e05f2db035c83a9c844aa5313db83db4f4e2f5a2fc
SHA512 5d7e463500365e987719598c5a53a31f853ef61506a4ba480d298418a6a50fe56c1a5dd52a74d2a447cc398579e2bc44f98d599d92d26598b7afe2046b15a4cc

C:\Config.Msi\e66477f.rbs

MD5 7f6ba83975562b2b75b8cf8d2d8f1201
SHA1 e887fb00bc403643d8ff48ecf0a7160294b92ad1
SHA256 eb0e94c06e5965e8529ae34e90e1b2d4f30f32f0be02367ff1ad8e1b8a818c73
SHA512 e23010b6d792668bcec5b506a51307116c92d487bef0bf858a6a456f60fb5c868259bb4f185ac54c4338c627328d87c2690579f9b8db8a5b21588860a83e15f9

C:\Config.Msi\e664784.rbs

MD5 1ef8b90d09283db74eb7a767761cf67a
SHA1 27912f46c1319e055719947c374edc53ea506047
SHA256 d879be65c7134509cb5d7bd7bb9ec2bd00773712aa2b8ec48a3c2938994e2b32
SHA512 bb14d0ad4cd1ae401a2da1de08fb1013bb495ba9068e98601fc74d56e53754070f73bde2d0b365744b2e49ef396b1e33ea0c2f8f45d83b4a25e86ec6fca99396

memory/5000-3501-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3502-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3500-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3512-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3511-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3510-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3509-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3508-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3507-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

memory/5000-3506-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp

C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\testhost.net472.x86.exe.config

MD5 a22cdd3374234d3a50c2ace2dc33a63f
SHA1 d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256 b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA512 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Text.Encodings.Web.dll

MD5 fa9d0d182c63c49a4c567f7c1652b6e6
SHA1 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc
SHA256 e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84
SHA512 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Program Files\dotnet\sdk\8.0.300\zh-Hans\System.CommandLine.resources.dll

MD5 c182eebde556be386ca5b656974993fa
SHA1 864aab5c6e71bc3537612c2541e7737d02e6f4c0
SHA256 d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd
SHA512 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

MD5 ea1fc85ccabec5aa1ae22452afbafac1
SHA1 8ea9da27d9335f80c76867837688218b78311148
SHA256 f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483
SHA512 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

MD5 3f14df8e4be6100673090c43eb3c3476
SHA1 61c1e35aeb6cb477077416f050c344fb18f5f87b
SHA256 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2
SHA512 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Buffers.dll

MD5 ecdfe8ede869d2ccc6bf99981ea96400
SHA1 2f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256 accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA512 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.targets

MD5 5725a6d47308db618d015c3e55dd499c
SHA1 9b3e1ac8d62d522505f57fee89a249ac33325edd
SHA256 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512 ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ru\System.CommandLine.resources.dll

MD5 7717b3eae55b3ec74f40699c1b9896c0
SHA1 1483166af6059633de2e20545bc3f3cb6f035304
SHA256 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02
SHA512 c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Text.Json.dll

MD5 63f1d0b53ce47b0ac3216281c8bcaf24
SHA1 090cb7392ed07a94d237b5aa2175689faaf49b7b
SHA256 de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb
SHA512 386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

C:\Program Files\dotnet\sdk\8.0.300\MSBuild.runtimeconfig.json

MD5 29b1d428243138af5176ef6b2c1b2c99
SHA1 e056c83aa5dbbef653ce26a02eb05eb7e54cdc75
SHA256 6359ce84d5ca840557e9b26b85499f2ac90dad7784cce1071b3fbdfcb3aeb7ad
SHA512 063d2d52f6bef27945a31949c1cbeffa23ecee8d6b225d7f64189ab1b2fcbd4387cd4cea17e5a0c3bb32d14fc80417f7a4a714742c03035e933fb888fee9def6

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\zh-Hant\System.CommandLine.resources.dll

MD5 9101e8227a7ab83cafd27e4ec222ba10
SHA1 3a80807f7cd695bd9258eaaadf8b2d7dccefc125
SHA256 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e
SHA512 e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\pt-BR\System.CommandLine.resources.dll

MD5 c7f0f7e0a7562225d7b60b88459bde92
SHA1 96c432044ecf7d346e09c6c46f5ca163396d97f8
SHA256 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353
SHA512 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

C:\Program Files\dotnet\sdk\8.0.300\de\System.CommandLine.resources.dll

MD5 e771e643a2f47b5d527aa4dd1e857aed
SHA1 ddb6ebbdc354122989c67ed9cc2555da640b16e5
SHA256 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15
SHA512 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll

MD5 ff34978b62d5e0be84a895d9c30f99ae
SHA1 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA256 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA512 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\fr\System.CommandLine.resources.dll

MD5 aa8eeb801d74a4e562fd8c044e03fa8c
SHA1 8653841bd62dc74f605f608ed8f354dd692faaa2
SHA256 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b
SHA512 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\it\System.CommandLine.resources.dll

MD5 4e92ced559ff6f26d238fc5393dab39f
SHA1 400983302371c5a7ba38e3dba8fbc4c5f8192018
SHA256 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471
SHA512 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ja\System.CommandLine.resources.dll

MD5 5d26652b0f420ca6ba2bfa00b84eea38
SHA1 8dc1d2a7cb6b857344c120544f842fccdaa97e79
SHA256 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c
SHA512 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

C:\Program Files\dotnet\sdk\8.0.300\es\System.CommandLine.resources.dll

MD5 79e57433e70b5a0a300303dfc5d759b4
SHA1 cfe5862964f3b389cbac01e157e9ade0031e45ef
SHA256 b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8
SHA512 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\cs\System.CommandLine.resources.dll

MD5 2f679e46823cf54660405eda0dbf0842
SHA1 29fdcbd753e36022b6308425dad9323e5f3472fb
SHA256 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf
SHA512 f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Common\buildMultiTargeting\Microsoft.SourceLink.Common.props

MD5 a5dcc9e5bf323d748b26652e11956905
SHA1 7f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA256 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA512 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\tr\System.CommandLine.resources.dll

MD5 c9c8df325a05d227bc32a5d854713c4a
SHA1 cf9ea69ccebd1ef0bd46beff01254a02c5fb0131
SHA256 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf
SHA512 fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

C:\Program Files\dotnet\dotnet.exe

MD5 91dba54eca40d3cfaa3ac78a883363f9
SHA1 61743c077f10a80b42597a3a968e1b40b52203b6
SHA256 8bed1f80f0f88ae90728d3ba3e13b49c408b7642667a2550c5724638d1252cb7
SHA512 72993a8a886fa740801b3a9c8d7a7f4fa7ca1db898039728971f1c7c2e212007f374f1123b527dc3c75d3cd454943639435a0b29194fad990cf16202bbce4e68

C:\Config.Msi\e664789.rbs

MD5 c3e4b0b3e800ed1751c0100570864eb7
SHA1 f797f60d99dfe18765f1c23bd203fcc0fe1e27e8
SHA256 928e998b872017187689695c1057c18036e5982d00deb0bf37925f7e4aa80bb1
SHA512 4f5cfa1fcb3b3f20637f1a670c1cf6992df5e15296f604c904a622474659a1a4080546c092cb52fbcf6de1728cb14403be93bd8d5c234e269312534df31ec5f4

C:\Windows\Installer\e66478f.msi

MD5 f8247cb4681460bacaa8c44719257952
SHA1 3a41a903ae164b823215b195b618c8c3dc159b9e
SHA256 94b57e7393198f0fe80ccb0ce070a2fa6f719134d7f976899f710aefcbacac0d
SHA512 aeb476c9ea76d3ee8529c3074125833eddfa4cf331d8ac5cd4ff3b7ed48d5c09510e4923593a880851f45804926ee40795273ebfa6cedb8c54812145f11ccf92

C:\Config.Msi\e66478e.rbs

MD5 4b191656e5902e10a648243b7b0cd4b4
SHA1 cf297b4cd5218214049d74ab8e1d7165b2d08460
SHA256 27c9000368cac49c1fa0f1213f2f77077aedad987a9f171de443407526171baf
SHA512 0a7b5e2787e0b01c1d580583c51c441823768b770f848afde7b8d71463e5d4cb10bd4c6bc97426d91c0e641521073431bbcd60114626cf47799cfb14a6f7be17

memory/4844-7339-0x0000000002340000-0x0000000002740000-memory.dmp

memory/1920-7342-0x0000000002350000-0x0000000002750000-memory.dmp

C:\Windows\Temp\SDIAG_34b4ecc6-c58e-4ef2-aac7-650edb32c659\en-US\DiagPackage.dll.mui

MD5 d7309f9b759ccb83b676420b4bde0182
SHA1 641ad24a420e2774a75168aaf1e990fca240e348
SHA256 51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f
SHA512 7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d

C:\Windows\Temp\SDIAG_34b4ecc6-c58e-4ef2-aac7-650edb32c659\DiagPackage.dll

MD5 79134a74dd0f019af67d9498192f5652
SHA1 90235b521e92e600d189d75f7f733c4bda02c027
SHA256 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e
SHA512 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nsnykoev.qo2.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3708-7484-0x000001B82F3A0000-0x000001B82F3C2000-memory.dmp

memory/3708-7492-0x000001B82F3E0000-0x000001B82F3E8000-memory.dmp

memory/3708-7501-0x000001B82F3F0000-0x000001B82F3F8000-memory.dmp

memory/3708-7510-0x000001B82F660000-0x000001B82F668000-memory.dmp

memory/4064-7514-0x0000000002550000-0x0000000002950000-memory.dmp

memory/4080-7517-0x0000000002470000-0x0000000002870000-memory.dmp

memory/1100-7520-0x00000000024E0000-0x00000000028E0000-memory.dmp

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024052714.000\PCW.debugreport.xml

MD5 ce4ec43186fe5bbd6ff7736f70cbf5ea
SHA1 500c374b4c0ea157c2c0f621e76c24ef6be17823
SHA256 d6933ee6e658da1204c84c87f3966dcb6c03320e4cf9ceb6da807a833631a481
SHA512 c80f62f261996031f8bb8ac872c9709a51ac62ba4831179dacea7d044e975da20d32158bee1d8a6a316e58274ef6f2974c87721110ae76bd3831f265e5549b5b

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024052714.000\results.xsl

MD5 310e1da2344ba6ca96666fb639840ea9
SHA1 e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA256 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA512 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

memory/2756-7578-0x00000000023C0000-0x00000000027C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c37a52a1c545fdd08e6cc086db652fd3
SHA1 46b3e2bd6dbbe13ec1e58a26c5bfb6aa2aee5367
SHA256 4becab38c669eaf92f22ecd635fd53595999a845f417277bded669061f5075bc
SHA512 2996ae64e6a7ab356ad6f71885b3acd11bec3afcd44a34d07fa8a6c3c634b92618ad7e8ecae6b03017916aa70e588e8628e599e8c5ce5c4b8a6e58d46074f887