hxxp://google[.]com

Analysis

max time kernel
1164s
max time network
1166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	dotnet-sdk-7.0.407-win-x64.exe

Executes dropped EXE 5 IoCs

pid	Process
5628	dotnet-sdk-7.0.407-win-x64.exe
5416	dotnet-sdk-7.0.407-win-x64.exe
920	dotnet-sdk-7.0.407-win-x64.exe
4480	Galaxy Swapper v2.exe
5036	Galaxy Swapper v2.exe

Loads dropped DLL 64 IoCs

pid	Process
5416	dotnet-sdk-7.0.407-win-x64.exe
6060	MsiExec.exe
6060	MsiExec.exe
2044	MsiExec.exe
2044	MsiExec.exe
5776	MsiExec.exe
5776	MsiExec.exe
2884	MsiExec.exe
2884	MsiExec.exe
5112	MsiExec.exe
5112	MsiExec.exe
5336	MsiExec.exe
5336	MsiExec.exe
2428	MsiExec.exe
2428	MsiExec.exe
2108	MsiExec.exe
2108	MsiExec.exe
5332	MsiExec.exe
2012	MsiExec.exe
2012	MsiExec.exe
4272	MsiExec.exe
4272	MsiExec.exe
2464	MsiExec.exe
5644	MsiExec.exe
3092	MsiExec.exe
4976	MsiExec.exe
3924	MsiExec.exe
3208	MsiExec.exe
1664	MsiExec.exe
1200	MsiExec.exe
5128	MsiExec.exe
6092	MsiExec.exe
5824	MsiExec.exe
2580	MsiExec.exe
396	MsiExec.exe
5052	MsiExec.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe
708	dotnet.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{cadaf741-75eb-48f0-b122-9d02683d185c} = "\"C:\\ProgramData\\Package Cache\\{cadaf741-75eb-48f0-b122-9d02683d185c}\\dotnet-sdk-7.0.407-win-x64.exe\" /burn.runonce"	dotnet-sdk-7.0.407-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
188	camo.githubusercontent.com
187	camo.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.17\PresentationFramework.Classic.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\zh-Hans\NuGet.Common.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\NuGet.Build.Tasks.Pack\CoreCLR\ko\NuGet.Build.Tasks.Pack.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-watch\7.0.407-servicing.24116.89\tools\net7.0\any\System.Security.Permissions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.17\Microsoft.Extensions.DependencyInjection.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Linq.Expressions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-watch\7.0.407-servicing.24116.89\tools\net7.0\any\it\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-watch\7.0.407-servicing.24116.89\tools\net7.0\any\Microsoft.Build.Locator.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\7.0.17\ref\net7.0\Microsoft.VisualBasic.Forms.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Diagnostics.DiagnosticSource.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.ThreadPool.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Collections.Concurrent.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\7.0.17\ref\net7.0\Microsoft.Extensions.Logging.Debug.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.DefaultOutputPaths.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Containers\containerize\zh-Hans\Microsoft.DotNet.Cli.Utils.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\cs\Microsoft.NET.Sdk.Publish.Tasks.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Transactions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-format\Microsoft.Extensions.Logging.Abstractions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_6_minimum.editorconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\it\Microsoft.VisualStudio.TestPlatform.ObjectModel.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.17\ru\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\datacollector.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk\codestyle\cs\pt-BR\Microsoft.CodeAnalysis.CodeStyle.Fixes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\it\Microsoft.Build.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Net.Sockets.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Microsoft\Microsoft.NET.Build.Extensions\Microsoft.NET.Build.Extensions.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\ru\Microsoft.TemplateEngine.Core.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\7.0.17\ref\net7.0\Microsoft.AspNetCore.SignalR.Core.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\7.0.17\ref\net7.0\System.Windows.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-watch\7.0.407-servicing.24116.89\tools\net7.0\any\System.CommandLine.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Microsoft\Microsoft.NET.Build.Extensions\tools\net7.0\it\Microsoft.NET.Build.Extensions.Tasks.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\zh-Hant\NuGet.Commands.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk.Web\analyzers\cs\Microsoft.AspNetCore.Components.SdkAnalyzers.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Serialization.Xml.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\FSharp\runtimes\win\lib\net6.0\Microsoft.Win32.SystemEvents.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelreliability_6_recommended.editorconfig	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.17\ja\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\eula.txt	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Containers\tasks\net472\Microsoft.Extensions.DependencyModel.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-user-jwts\7.0.17-servicing.24116.13\tools\net7.0\any\Microsoft.Extensions.Configuration.UserSecrets.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\runtimes\win\lib\net7.0\System.Drawing.Common.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Xml.XDocument.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.17\PresentationUI.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\7.0.17\analyzers\dotnet\roslyn4.4\cs\de\Microsoft.Extensions.Logging.Generators.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Security.Cryptography.X509Certificates.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\tr\Microsoft.TemplateEngine.Utils.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Containers\tasks\net472\pt-BR\Microsoft.NET.Build.Containers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Diagnostics.TextWriterTraceListener.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Containers\tasks\net472\pl\Microsoft.NET.Build.Containers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Runtime.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\7.0.17\ref\net7.0\Microsoft.Win32.Registry.AccessControl.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-watch\7.0.407-servicing.24116.89\tools\net7.0\any\zh-Hant\Microsoft.CodeAnalysis.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\TestHostNetFramework\System.Runtime.InteropServices.RuntimeInformation.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\NuGet.Protocol.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\7.0.17\analyzers\dotnet\roslyn4.4\cs\es\Microsoft.Extensions.Logging.Generators.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\DotnetTools\dotnet-format\ko\Microsoft.CodeAnalysis.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\NuGet.Build.Tasks.Pack\Desktop\de\NuGet.Build.Tasks.Pack.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_7_minimum.editorconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\7.0.407\pl\Microsoft.VisualStudio.TestPlatform.Common.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\7.0.17\Microsoft.AspNetCore.Authorization.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\analyzers\dotnet\cs\tr\Microsoft.Interop.LibraryImportGenerator.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\7.0.17\ref\net7.0\System.Net.Ping.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5c7163.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{FE768F65-89B5-40E5-9CE5-25D002197AE7}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID800.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9BCC.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AFD4B8D0-5093-481E-BBD0-68FD4BD9B109}	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8B3894C0-B5D2-4DDF-9732-75A96EE9A834}	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c719f.msi	msiexec.exe
File created	C:\Windows\Installer\e5c71a8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8425.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2C2E32E6-4927-4E82-8843-45AD896096C7}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA18B.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{44259E2E-71FC-3671-AA2B-84224586E5BD}	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6DAE2F44-C521-4219-8BE0-D72979F8C18E}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5286.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e5c7134.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AEE8A278-7464-4C32-8270-D8BF39E11609}	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F5CACC43-3ADE-4CEC-AEC0-2027B4A05C70}	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c7140.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI97A2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9978.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c7168.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIECC0.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c719f.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5D510D64-04A6-4B31-AD4D-C34D04224A68}	msiexec.exe
File created	C:\Windows\Installer\e5c7154.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA6BF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC114.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c7171.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{7C190DE4-5808-421D-9C41-89ED1FBE95CC}	msiexec.exe
File created	C:\Windows\Installer\e5c718b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE79C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7E32.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c714e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c715e.msi	msiexec.exe
File created	C:\Windows\Installer\e5c7177.msi	msiexec.exe
File created	C:\Windows\Installer\e5c717b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c717c.msi	msiexec.exe
File created	C:\Windows\Installer\e5c7180.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4EBC.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c7194.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8096.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA361.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c716d.msi	msiexec.exe
File created	C:\Windows\Installer\e5c7172.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c7186.msi	msiexec.exe
File created	C:\Windows\Installer\e5c7190.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6DE66865-2637-45E2-BB45-CDEC530EFD28}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFE96.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\e5c7158.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{57816DD5-505C-46E5-A8F5-4BC85E3A7D2C}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE1CC.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c719a.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{93812F65-BAA9-42E0-AF19-F15F39A92E3C}	msiexec.exe
File created	C:\Windows\Installer\e5c7181.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c7190.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c71a4.msi	msiexec.exe
File created	C:\Windows\Installer\e5c7135.msi	msiexec.exe
File created	C:\Windows\Installer\e5c713f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA940.tmp	msiexec.exe
File created	C:\Windows\Installer\e5c7186.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEB19.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0C506EF4-3324-3296-B27B-2538C14722FA}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 51 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E2E95244CF171763AAB2482254685EDB	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A585E3455D7892F49A4197352B1FE32F\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4FE605C0423369232BB752831C7422AF\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C2F0B9809D7807446B6E51D46D69C165\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{089B0F2C-87D9-4470-B6E6-154DD6961C56}v56.68.10360\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\46D015D56A4013B4DAD43CD44022A486\SourceList\PackageName = "dotnet-targeting-pack-7.0.17-win-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0E7AF5B712A8084FA485874CCF59159\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{B5FA7E0B-A217-4808-AF84-8547CC5F1995}v56.68.10360\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F9011EE0CE688C64F9F85C501FC081AB\PackageCode = "A845EAE55A8D43140A0EB3AAB3562A19"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F9011EE0CE688C64F9F85C501FC081AB\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,7.0.100,x64	dotnet-sdk-7.0.407-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B836D9383CF52B4309A4730A86C3F36B\56866ED673622E54BB54DCCE35E0DF82	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DF6E96C147F55154F9808451124B874A	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F218399AAB0E24FA911FF5939AE2C3\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E2E95244CF171763AAB2482254685EDB\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,7.0.100,x64\Dependents\{cadaf741-75eb-48f0-b122-9d02683d185c}	dotnet-sdk-7.0.407-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\872A8EEA464723C428078DFB931E6190\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E23E2C2729428E4883454DA9806697C\ProductName = "Microsoft .NET AppHost Pack - 7.0.17 (x64_x86)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5DD61875C5055E648A5FB48CE5A3D7C2\F_PackageContents	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0C4983B82D5BFDD47923579AE69E8A43\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4FE605C0423369232BB752831C7422AF	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\9369B28710F5EAD4089CB0CD15AD8DA1	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E23E2C2729428E4883454DA9806697C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{2C2E32E6-4927-4E82-8843-45AD896096C7}v56.68.10360\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F218399AAB0E24FA911FF5939AE2C3\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E2E95244CF171763AAB2482254685EDB\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\46D015D56A4013B4DAD43CD44022A486\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D8B4DFA3905E184BB0D86DFB49D1B90\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A585E3455D7892F49A4197352B1FE32F\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net7,7.0.100,x64	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F9011EE0CE688C64F9F85C501FC081AB\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{0EE1109F-86EC-46C8-9F8F-C505F10C18BA}v28.7.53051\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8243D4B60084B64479F1267A73F7606F\Version = "943990904"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\56F867EF5B985E04C95E520D2091A77E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\56F218399AAB0E24FA911FF5939AE2C3\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F867EF5B985E04C95E520D2091A77E\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0C4983B82D5BFDD47923579AE69E8A43\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{8B3894C0-B5D2-4DDF-9732-75A96EE9A834}v7.0.49\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D7BDF8162D15FAB6F8D7D17A868D0E24	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Version = "24.0.28113"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D6C53035C92515A461B4ABACBEF439F4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4898A420266C6A4CA5105E0BE670FCF\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E2E95244CF171763AAB2482254685EDB\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F867EF5B985E04C95E520D2091A77E\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F867EF5B985E04C95E520D2091A77E\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4ED091C78085D124C91498DEF1EB59CC\PackageCode = "4A9D6C1C88EEF3546A64957071D54D74"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8243D4B60084B64479F1267A73F7606F\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4898A420266C6A4CA5105E0BE670FCF	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,7.0.100,x64\Dependents	dotnet-sdk-7.0.407-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net7,7.0.100,x64\Dependents	dotnet-sdk-7.0.407-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DB957854FF76264408B08AA737E54DA5\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5DD61875C5055E648A5FB48CE5A3D7C2\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\44F2EAD6125C9124B80E7D92978F1CE8\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,7.0.100,x64	dotnet-sdk-7.0.407-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0E7AF5B712A8084FA485874CCF59159\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net7,7.0.100,x64\Dependents	dotnet-sdk-7.0.407-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F9011EE0CE688C64F9F85C501FC081AB	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4FE605C0423369232BB752831C7422AF\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F218399AAB0E24FA911FF5939AE2C3	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\34CCAC5FEDA3CEC4EA0C02724B0AC507\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_7.0_28.7.53051_x64\DisplayName = "Microsoft .NET 7.0 Templates 7.0.407 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\56F867EF5B985E04C95E520D2091A77E\Version = "553648132"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5DD61875C5055E648A5FB48CE5A3D7C2\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0C4983B82D5BFDD47923579AE69E8A43\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B0E7AF5B712A8084FA485874CCF59159	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E23E2C2729428E4883454DA9806697C\PackageCode = "5F296297EFE8A5749AFDE7C62B2D8386"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4898A420266C6A4CA5105E0BE670FCF\SourceList\Media\1 = ";"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 575162.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 519092.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3988	msedge.exe
3988	msedge.exe
4632	identity_helper.exe
4632	identity_helper.exe
808	msedge.exe
808	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
4196	msedge.exe
4196	msedge.exe
5464	msedge.exe
5464	msedge.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe
4180	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	5400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5400	AUDIODG.EXE
Token: SeShutdownPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeIncreaseQuotaPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeSecurityPrivilege	4180	msiexec.exe
Token: SeCreateTokenPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeLockMemoryPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeIncreaseQuotaPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeMachineAccountPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeTcbPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeSecurityPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeTakeOwnershipPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeLoadDriverPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeSystemProfilePrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeSystemtimePrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeProfSingleProcessPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeIncBasePriorityPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeCreatePagefilePrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeCreatePermanentPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeBackupPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeRestorePrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeShutdownPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeDebugPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeAuditPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeSystemEnvironmentPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeChangeNotifyPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeRemoteShutdownPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeUndockPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeSyncAgentPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeEnableDelegationPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeManageVolumePrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeImpersonatePrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeCreateGlobalPrivilege	920	dotnet-sdk-7.0.407-win-x64.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe
Token: SeRestorePrivilege	4180	msiexec.exe
Token: SeTakeOwnershipPrivilege	4180	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 3328	3988	msedge.exe	88
PID 3988 wrote to memory of 3328	3988	msedge.exe	88
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 2112	3988	msedge.exe	89
PID 3988 wrote to memory of 3120	3988	msedge.exe	90
PID 3988 wrote to memory of 3120	3988	msedge.exe	90
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91
PID 3988 wrote to memory of 4928	3988	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb44f446f8,0x7ffb44f44708,0x7ffb44f44718
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7972 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8448 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9088 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,28779943594444440,7970800315009878488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5464
- C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe
  "C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe"
  2⤵
  - Executes dropped EXE
  PID:5628
- - C:\Windows\Temp\{1D49F46A-13F2-4AC7-9F4C-63A8B459F8EF}\.cr\dotnet-sdk-7.0.407-win-x64.exe
    "C:\Windows\Temp\{1D49F46A-13F2-4AC7-9F4C-63A8B459F8EF}\.cr\dotnet-sdk-7.0.407-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=564
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5416
  - - C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\.be\dotnet-sdk-7.0.407-win-x64.exe
      "C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\.be\dotnet-sdk-7.0.407-win-x64.exe" -q -burn.elevated BurnPipe.{F1F97093-82D8-4A42-A404-B1E89A65964D} {9231B782-495C-4B76-9BF0-CB8B3AB873B4} 5416
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:920
- C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
  "C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
  2⤵
  - Executes dropped EXE
  PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5400

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4180
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 38B883966C403AE7AD2F1E72C2D56826
  2⤵
  - Loads dropped DLL
  PID:6060
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7A5512E41A8651197646E0014C3E9F8D
  2⤵
  - Loads dropped DLL
  PID:2044
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4D3D13A40BC885C90DCEC8CD69929590
  2⤵
  - Loads dropped DLL
  PID:5776
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7D31C39CE4104E333ACF0AF3FC956815
  2⤵
  - Loads dropped DLL
  PID:2884
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2C1BFD5A7709967CEC169EAD40B9EB3D
  2⤵
  - Loads dropped DLL
  PID:5112
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 77D9747EB811D436F3E0262C118E8DAA
  2⤵
  - Loads dropped DLL
  PID:5336
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8AF6B198E1FC16CF897CB53A75D6B816
  2⤵
  - Loads dropped DLL
  PID:2428
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E5FE852D62932D37E35B232AB559E816
  2⤵
  - Loads dropped DLL
  PID:2108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2FB9DDB5BA0FBD0F486C3BB507327AA2
  2⤵
  - Loads dropped DLL
  PID:5332
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 58EC9813D29CAA594ECAF5F3C4B141CF
  2⤵
  - Loads dropped DLL
  PID:2012
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 27D354B293623ADC21D36E92CEA1197B
  2⤵
  - Loads dropped DLL
  PID:4272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E625D4AB21CE10574EC6DFB7B7E3DCC6
  2⤵
  - Loads dropped DLL
  PID:2464
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 395A27FD59AC42EDCD942DEE569DA3D0
  2⤵
  - Loads dropped DLL
  PID:5644
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D4065C1B0DBB2B07951270ACEB889DB4
  2⤵
  - Loads dropped DLL
  PID:3092
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 829EB2EFA65093FAA443560972987FA8
  2⤵
  - Loads dropped DLL
  PID:4976
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CD41985F085515F143C3692FCC25D945
  2⤵
  - Loads dropped DLL
  PID:3924
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 56F51F856CBBEC227DB9A613A9BD78E5
  2⤵
  - Loads dropped DLL
  PID:3208
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 33A6F49C6E1812D29582D3EC4397C2C8
  2⤵
  - Loads dropped DLL
  PID:1664
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BC8E930B01E62B7B7A524E8706F82DD7
  2⤵
  - Loads dropped DLL
  PID:1200
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CE38E73B8697E92B48B74C3871C24035
  2⤵
  - Loads dropped DLL
  PID:5128
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EC4DC212D0AFD33CFB5610DA2EE3DBFE
  2⤵
  - Loads dropped DLL
  PID:6092
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A62191EACADFB8BAB21E6F5B150C5E2C
  2⤵
  - Loads dropped DLL
  PID:5824
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E44AC9AD5BDC0691021177CA6F980639
  2⤵
  - Loads dropped DLL
  PID:2580
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7B2FE4817F05D0D53A72C45CD9E7203B
  2⤵
  - Loads dropped DLL
  PID:396
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 69AAE5E357F1222518B42920E7962662 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:5052
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\7.0.407\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe"
    3⤵
    - Loads dropped DLL
    PID:708
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5360
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5660
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5504
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:3620
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 98E41214C9B4F091B4561C9E673FF719
  2⤵
  PID:5116

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1132

C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
1⤵
- Executes dropped EXE
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5c7133.rbs

Filesize
48KB

MD5
35ae2c250b1936e5caa264d929faf7f1

SHA1
f75335c2ea228cf2264269822c2905450457dbb8

SHA256
b68158182d7e2664a6dc013035c9462f05855beb85bd4667de262c59742d3b51

SHA512
0785a49a8b41e823a545d6dd9c40881da373d7203cdeda5b85ce206ba6e5f90fe7c0dcada51bd5d03f938286753d01728abf895e9b2aec426a1edea47cb790b4

Download Submit
C:\Config.Msi\e5c7138.rbs

Filesize
9KB

MD5
782dacbd33ff4684463dfa420ded7e64

SHA1
2a64bf9ef9a74e20296854e6585a96c4d7ddc883

SHA256
e5dcbf59d28ac701633117de38ddbf77583ad0ad5077d23660f5fceaeba9f920

SHA512
f4c3ae222bc223561c9cb35b38864d038795163342d64a04f1f84293fa0ad3ddd36b26613a5d69c9296fcbccf869085a2d64ed5a319ed8ff14b71208a01ad7b8

Download Submit
C:\Config.Msi\e5c713d.rbs

Filesize
10KB

MD5
a1be052eca31a3325aa67c23ca84a6b5

SHA1
77dc2ac0b17f0875a762953cedfc810566c5b742

SHA256
969a46050be0b5afeda1b5efdcf9bfecb4d22299e0c6b98119c275b4056bdb25

SHA512
db8c3aa057d60146f44f9f58eb488ccd012e4ffb0ef941f5196043ffd4f879a1fddfd083696ce718baab96b603afda237a863edd7e66db207683e85ef7c23a30

Download Submit
C:\Config.Msi\e5c7143.rbs

Filesize
92KB

MD5
33f63175551d920cf07d4bf0a954dc09

SHA1
937d90c6552c8964ca5cefd64c3a7318c3a6cac3

SHA256
24ff277bd79850448b6d831f303c2efc82d565ebcd02b2fadbc184e5ab8ed498

SHA512
b457b5a93c3b739fbb9a52d4dbd616c3633a85f648073309a8d9dfe229c862c43641a2bf4f2477d3eaa7b47db5703b65d97acffa961dba6c1f18f5cda80c70d9

Download Submit
C:\Config.Msi\e5c7148.rbs

Filesize
11KB

MD5
533f7ee16e4833c7deb5691b2cfbd64b

SHA1
5dbba7519a1e3874771500c5aac0dd2810ae6699

SHA256
0a7b42f1ef9136b369c228ad07c6a3eb6e355296e15643fc2e2d1d50ad4cfba7

SHA512
ae5396761c0fc2cc945f78cc70472272e16e0c55b11d0244bd18f3b1734628f97adfdd24183140c21b1f324aa6993446fb145309454367cd7c922261e056a247

Download Submit
C:\Config.Msi\e5c714d.rbs

Filesize
11KB

MD5
2c08fb1d13df44892445428dab7c7585

SHA1
ddad3f4a72778dc65a72e118368c414e0f1f4896

SHA256
2faee9ccf2f3f4ef9bc8c03c706e7806023df820c4d52c13225a0893a118fd27

SHA512
a333cc84c4da50a139b59392782813476094c94c33df92969c2b7c3e1c9b987c7e87d6b572c49f7d20272a6aac86da458f9f8cff907d3c6e659507e4532fc105

Download Submit
C:\Config.Msi\e5c7152.rbs

Filesize
11KB

MD5
ff4c604df88e76333bf51a2af36d4e11

SHA1
b3a66c60c9ce820b65f205db4e0f19e52e554746

SHA256
4c2d588081bc966ca80656c32ecd6b4d93fff9d148e261cc97ebc02b27abad86

SHA512
b098e43ff02d0380bd28748a1bde3d8bfd1e097ef5f928534637a1ec838d95f7e6a411fa5928af5aef3a64d3ad0c70ccb7cfe6c2b18f17a1f069737a6fadece4

Download Submit
C:\Config.Msi\e5c7157.rbs

Filesize
11KB

MD5
8e2b4e650c76ca2d2681c9f56b0ef279

SHA1
27fc49adc20d02a51939f51ef90ddad8d840030d

SHA256
3c34f48539cb99a0574e43cf7bb10f7f6d5e2c3a4e1b0b17de8a7627f10e9f77

SHA512
e444aab57070347e826ef843a27b01d5ec66fa9b36af158835dc60953da2b87cbb189723495b2e6565cf776533e33a35dfe40b3cee4898c18487188f3e0ef501

Download Submit
C:\Config.Msi\e5c715c.rbs

Filesize
35KB

MD5
a8fe78ce416996e11601be66f025ce57

SHA1
14cb87b71625a7ce3b8d8134bd5c91c9b28210d2

SHA256
94733c581cba7a08b327769adcbb08dc5feed15e5e9143e88f5f010db69f5ba0

SHA512
5934ffc5006e93c90cc50172a37ebde2107936059067ec01bd0a696fb3c78567ba8d9fa859308c714d7ca2062c52bd5021e6339f9f181e8eac6591eeb67ee284

Download Submit
C:\Config.Msi\e5c7161.rbs

Filesize
87KB

MD5
ba6f6d346ad5ff0182ac9cf33b1a4a64

SHA1
c3d1e85791d824312dbabd29d6783b92e8b565d2

SHA256
b8cc48339a4ada4f5bb99ea507cbf9d6cf73d91b1899e1803cd72d5ea73a2ff9

SHA512
f8d46e595f720fb5a5bc3ecc01dccc45ea72b44023dd2fbc3a283954d0f21be6419a32c5bb6712207d777717367be0e8073c05d9cf3673eb995196b35f95fa56

Download Submit
C:\Config.Msi\e5c7166.rbs

Filesize
41KB

MD5
85b2aa0c4171417c90c227c30951a739

SHA1
2b3ac392891a4ee0d4c3ebe1d97ef8e8a0bae20b

SHA256
5ea12b929262814a004d4ae562fee8e4b8eccd4dd851d25c61da5e8299db2757

SHA512
82759ce55d6d69319f68ef14711c6d2862cc127e9e729e12b529daf966415290ca239dd21485bd8e52495b9c467679913edff4b9443c36a1cfcc4f610c07edbd

Download Submit
C:\Config.Msi\e5c716b.rbs

Filesize
78KB

MD5
6b37f6f43b7a6fff47f0d791e8736e58

SHA1
2780d4d8e835d1c473b766ce355305ae693a5ac3

SHA256
80524d48e6836d72f599a4f0af081ac5e076e88eb4569ed194ac4a6df78d8c4b

SHA512
f3be08421668180336996232e1015cf5b6139f2185337d1409d5d1dfd04e906f681f00272553c474548f31b1c290e60c75a6ab5f029c40d9241570a2b3a9ec5c

Download Submit
C:\Config.Msi\e5c7170.rbs

Filesize
10KB

MD5
8f2b2e6ca6dbfc456d1f760b388bdad8

SHA1
dd75a870d2c6ec91b08ee92d88d37430bb7737d6

SHA256
8cef288d2beb6c6eca033d9bfb2014448e1f2073a86c1485b125918d169a8f65

SHA512
38a77736daa044df257769f9f53d75deeb645e5c859015e1ab178a23ee7b3f28471f54146ff50a70c13b431aa82204ab7b2f156f33359452b208bfccda4d7353

Download Submit
C:\Config.Msi\e5c7175.rbs

Filesize
8KB

MD5
7111bcd9203ede30fc2c18d26df1dfd0

SHA1
ee386e71a39e899255db6ea458995490a41b82f6

SHA256
dc1820e18ef5ea4b09831653d1fc0702f2d828161e1f6ad5c68150dd87354164

SHA512
c6fd3be4d5659b2951c98adbd328abe78b10d3ae5fce6f98af2215136f2a326eab044397f79e37ec161227e3965804173426498d196a038816f6c443bc48996a

Download Submit
C:\Config.Msi\e5c717a.rbs

Filesize
8KB

MD5
e481585d2f0769d80d4b0a027298c9d3

SHA1
9546059a8941c3ada7741d51521d6074981945ba

SHA256
612a2fb285b956da7fecfae018b737758ebc039eb0be70fa62594fd064a98920

SHA512
7245f05bd9774c5f051bb8a6edd172c7c4c9645ebeb8138b814454353a94078df82fd647d3c93aafccde0fa62a861954cb178caee730b4105b49da6aaa146d6b

Download Submit
C:\Config.Msi\e5c717f.rbs

Filesize
9KB

MD5
0d59bb1734ad295556d8e5e6575f468b

SHA1
e6ab982759b10f4c203e8c55c5bd0a3325cd7722

SHA256
4acc52ee570aedda781cd3605f28ef2462338ff20a6eddce8039c1ca1450077a

SHA512
cc0e31c7150d10c61c9c76f436db0df36f3dc51ae12eb7a77ca6b668a202e35b66d4dfa84acb24b26a69e10914c3d1dc368515a260ce06819df6ef81d4aeb7df

Download Submit
C:\Config.Msi\e5c7184.rbs

Filesize
8KB

MD5
4a7d3925aaa5f8d9f5e2afddaf4eaaf5

SHA1
50ba2e856012c744abc06c4fd25a55f9a45a8c0f

SHA256
ed4025928f4e528f56cf56914af30ee218c7763b72c01ab6eb50a6c29ac97190

SHA512
208142877ce4fef5ab43c2f6168deda7893b6fa2f2d2adfd9a611bfac7197dfc75d3c9b8f2ba33bf3d26c67406c53534312bf63ae60f47d875b623c71fdaeaef

Download Submit
C:\Config.Msi\e5c7189.rbs

Filesize
8KB

MD5
9224ca5c2689550b703a49cbf015d633

SHA1
e5451581641496e6e815408e3726bed0ff357dff

SHA256
e455275d8d48dadee34bbc4b5b8dcff1c37c8ef85e62aee6a9ce4fe70348752c

SHA512
c0729e2f0330d2e00b8b698a6bd925a500ef7b4893855bbc81184407562ef62ba97afbb484ef4b7b84dd122d6cdf33c83232f7661f9e03d81098dc3d8e3779c8

Download Submit
C:\Config.Msi\e5c718e.rbs

Filesize
8KB

MD5
b5ce9e70fc46bd88cecbcc8623346171

SHA1
f7ab01e6c2ba1634c1855663bee761719262ad2f

SHA256
c0d7723272810bf87327f04c11d75f9a027d08897da508f4e34ac8eb642cb467

SHA512
51fc8df1649c0f3844c325a2da4cb5fa21241c39596577b850ceeb854ee516781922b4bf962966f95c6d39b473e0251b4db3b8de82a4e4f7ab65598eb26ec560

Download Submit
C:\Config.Msi\e5c7193.rbs

Filesize
12KB

MD5
63d298e458668c3e79378b1be637ecda

SHA1
99d93537ad29fb8cc5a5f79bd33ad7943b9bd7b4

SHA256
3b54f9dd25ffa24b9580eb85a78b6d37187ef3c07dd967ec88bec3b40c4abb0a

SHA512
853587fc6b3c1c25019aaa163bcca168af21af5345ad74be0f8f3baf3bb59f10bb26ef10b8843b36ae5181556bb8d1e2a66c14e7e0c77fe54933c36ab7ff9e17

Download Submit
C:\Config.Msi\e5c7198.rbs

Filesize
12KB

MD5
3e01cb24916d9b16e4b6be1d10aa7127

SHA1
e12ffa0aadf9c9c9f6b084966a61cbd520dc83c3

SHA256
a1aff8b90ad47880df8af1aef370225bdee0cccfb8b2c7ba0ebbed6faba541f1

SHA512
8f61903510889aa5bf5678a183d58e21e638be6c7d239f58c0639f1db2bd3a7509902863179f8bcff726080a1b8a40c304baea4b69fc7fa0776f72aa941cccb7

Download Submit
C:\Config.Msi\e5c719d.rbs

Filesize
9KB

MD5
fdb60d27d7683adbf1e72e8a276f6f37

SHA1
af40171348f6f5ccb8df19982dcd475d670b27ce

SHA256
5eb715f8a70b59d81337db5433a2d67dc51745cf26408e32c0f3114a837587f6

SHA512
c2c37fe445a6ed133a0e9211d06c51aad9868d8ead1bcb651b1b4839fc81092e21597c83fd13c16b2e76f00a1d4c34bc391ff3b0789917e93b74beb439425b37

Download Submit
C:\Config.Msi\e5c71a2.rbs

Filesize
9KB

MD5
dbd7478a0bdc1ad4e29c54c1186396aa

SHA1
d9792b9609befff8dd239a8c852e7745cc0612d3

SHA256
77e51dc43a2f62f65f8a11486a3e8c6583114775e839c88db1d914d394a10b36

SHA512
0da96e19c56aa5eaac984cc4cc4e04111a8dd17ac9d13391a6b1eaee31466c687a24f82956dd0378b8d2ddcd404d7ad8db09a82f26f5ef784e2bd2d97a73cec0

Download Submit
C:\Config.Msi\e5c71a7.rbs

Filesize
804KB

MD5
f42eec1b2c2a08d22b05a1216e9adccd

SHA1
4a43e32af080e8134c17301c9ce24789333da6bf

SHA256
8272d580e2f80f8a6b1f5d8a78ac35a2e4ec93d1ea8db3109b6a204635dc90d8

SHA512
e8744dfd0abe55f82ab292e113099baba1885888132a49eb71e3d39c128a6cc60a63a980edabaf01e4425d10bad908ca6f5aaa626972181d471c39d14003bc23

Download Submit
C:\Config.Msi\e5c71ac.rbs

Filesize
39KB

MD5
5f1f765fa3a33af4e4c80fe8f308f781

SHA1
6e282bce5e7d095c43235b2c802bc8959c355ca7

SHA256
29eaf5dd837b71b124a084e8b236f436719ab39b63714f968357d4b8ebe593c6

SHA512
529cc6d3a3962b908ee45fb50fab560a961c9839316bf8acf74e94c7aa1a8023c58348706a4bdfbf22beb63429d80ce21baa448aa06fe3fb21d58ae997de20a8

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
85KB

MD5
5c13a5ea8c8cc3474240981d0ffa88ff

SHA1
1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80

SHA256
4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da

SHA512
32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

Download Submit
C:\Program Files\dotnet\sdk\7.0.407\Containers\tasks\net472\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\dotnet\sdk\7.0.407\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Program Files\dotnet\sdk\7.0.407\NuGet.CommandLine.XPlat.runtimeconfig.json

Filesize
254B

MD5
9d2507b2219e60a5375ddb1dc2a1cc94

SHA1
19fb75c2b7b35ced5b1565a20861ce9a6aafbaf1

SHA256
5dbc76aff7a828f429de74955cdfc3637bc3b12d84faf4228e15956600ab7d7a

SHA512
4ef3df73e38105005af7192d8bec5a5b7ffd3f273441a24634b871406d95e9e7790a95f101a29d082ed69272329bf0ea7331c73c01ba0ece12be10f2ddb811c7

Download Submit
C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Program Files\dotnet\sdk\7.0.407\Sdks\Microsoft.NET.Sdk\tools\net472\System.Numerics.Vectors.dll

Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Program Files\dotnet\sdk\7.0.407\TestHostNetFramework\testhost.net47.arm64.exe.config

Filesize
4KB

MD5
a22cdd3374234d3a50c2ace2dc33a63f

SHA1
d71bb2417cb805c3da21ebcc0e1ae5a102823c9b

SHA256
b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874

SHA512
71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
198KB

MD5
06d38d9bf028710762491328778f9db6

SHA1
83e1b6cbaad5ca5f6dc63453da324f8df28de193

SHA256
91558d69c027808e375e11c80166dc6ba245fbcfce715c9588decc55b4a33dad

SHA512
b197e5f92add72688396a07246ee9842a3b0de36508aa57f0254531cb109c77d0392e00ea28e006f9fbab1b8fee9b333998946de47ca7526b631e8c810780781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
73cc95363c4ac77aaf958cf241d93b9a

SHA1
5bbca293d97ccf461e98d8002a04912c50eff329

SHA256
adbb4f54e6d9073a052fd328bd7356828ce8c007ab3521c35181fbf0f9913f3a

SHA512
c41662928ddf018019e99108ae580367a834e1b9db2f9290df841dee263cadfd763724cfc48c035a867278c8d243d1c9f6725b90f6184dfe03631401c4677362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
24a16440d5b663d0d87263e812e3fd90

SHA1
0ffec5a540218892b440703dfbf04bf1252def68

SHA256
c3af8b6de514fe12fef4987e8a1a9c6294ea0ebf46d0537bf02d18595abbe799

SHA512
9845ca0adcbdf6e77a021073f5f01c6b0ecc0593d2c7e13d58b7717368d466d69f74c51934c77f21aaaf0704815fdefdf285748aa3e17441b700ba092a6df9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
1024KB

MD5
1de2a1140e43a91f60765595c5727427

SHA1
07bd8455d3d476ed9c5c1d457802c9fe91c6561d

SHA256
7b12efac81dc59df0ec046f82480cef66b12b13c772afb3fb03502fa7045d581

SHA512
e1955f5c9e16011dc88f0cbfd3765e9314988783507bb55c7fd5b48864c0255a45e0086b62f66558f737fc9f8d98c1330665270164ffc10ac63ab244c0780420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
238KB

MD5
a633609937a738fc691ed7668d2503a1

SHA1
805db341d1fff3b88e0a366b73c536898667a48d

SHA256
0622fb50e04ae04252ec97b2f78e25019e948046b3ae724f9ad7c39291fc114a

SHA512
ffb8497e5223b02280be0a6bf6c7ececec77466273316e206007eb586a6e73484a8ea7d6ed30ec3a5347db5ad5d26bd84751bc9240808c6b65c834820adcae0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1024KB

MD5
9927c9f03f688a4c600941b4475ecd09

SHA1
1ced96bf828167d9b324e520186ed3fbab70eea8

SHA256
9852105cb8608d1af83cdcbbf84c318cf6844a062024a644d50d590bb7bc41a1

SHA512
3345cf4fde6c32340db0a33fa297effa06413ad759592cb64909cf1b415983f8c71cc4afe1977a79a7f6e51347189a42375cc7751c249d8c8d3d6faeba922e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7da3d5432b4cec826c3c6ebef31afd30

SHA1
2f2d45e95fd6fe7c555580002b910b7807cb5521

SHA256
9888653404454f99c52b5f4c6771517bb238783b1cca7386d99f9b54f553675f

SHA512
ba38f26a3f23ca629005da3937d967e501d7102e76df91b75b28f3e37a1198faf62a6ab2538d03198e4e50c5b50a3f20b2e04598434f58d938a6aa8a7060de59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d1a396f28068ba362c2a0a94c89ef90a

SHA1
cf1ebae5f5b2bde0cd89d8b65ea203a5878ab559

SHA256
1dc4f72a57746653dada15f1fc615f737a73c11a0ca3be84748b8e3fde2468b1

SHA512
d324967d556055538641198a701353d411c0f7720387140616657efbc9a0e32c4286ae21d6ff00392a771a0f5bc35845de700f7877f4559c73ef742d5e83d9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
256fde18054c94532535d7a5a1e3ee31

SHA1
1b455775d23065c17c9aa0e2f9f9eab30cbd04ee

SHA256
4a32a14663fa348e2b80f95d0940345542340760ff7ccbcc608fc241ba5c4354

SHA512
453c87f1b8aefdc7afe8e0a3d586b7d27d946313de02b3638fa50315269f1c27eb773172805601993773f0325b0cc7f3153da2a405b86cfd624d2b05fc724846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
45d05c8b2644e6ba874f08c301223be4

SHA1
08dc8e433c16d8808f017e4a7516b60bc5bb812a

SHA256
2d7a3edbdd3fa80e93d801d56482ac7567dfe423db1aece837dc80b263aea0d4

SHA512
fa6b727759f60f0e73903f6819445e1b010dd0667a56757100be30de8c9d0490a83886f5685a3be749f36c9353025bf252256aede033a5c6d51df0114b1c8bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
cbb3649822cda3455893d6c715d2a3c6

SHA1
c894c201a6bb22ed42f6fe7c9777fe9d90851cb8

SHA256
658e773248e39e116d4806875392164efdf253652f5f262f893d411747b4a44b

SHA512
ba87188f2da2230e1797ef39c60ea48e55f8537a55f3e2f1a8f7cc974f9ee4ce0992a48f10100a6253503ddd19fc209b21987c7c81e3f1f6ee6fc806bf108fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
837399282d4fb9306e410ccf6d24a04d

SHA1
d89f109ee46b1d63e24ed1e33e99083f0589ee31

SHA256
38c2454aef93ccc60c42fdd618df70249031b3e25c2371aed72f9cef7989c4dd

SHA512
342dd35b2ac101421e8f00af7065c4d01b09fd14ae4049dec0e200e37d10e9c1cda9b9eee0ed08475e2774d0570f94d64cb79e9ef1597ad15bbf9e183ea8d332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2c798a1bb57b4b41ff2631ad4fce4474

SHA1
830405b62b9e7023896057e5c4bc588e69606480

SHA256
2b793bdc56f4389f9db0af61f936a4e0c67aebc2fc19d23911040355bc21697c

SHA512
0cbb3fb65622670d2a90cb08c33ee662b2e1facb2ca89d0f52ea55cc02863e99b44398bfdb0d261fe962c13ec511b2fb7f0cd0768402e6e46abc7dd4751f417b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
573cb31c9c7f89490d5e7a74a86785d0

SHA1
e21f142980791a8446037c670d95503180be6fc1

SHA256
1ba5b30a9a6db74a24e318dae3eb2019f824e9a7c9c12f426d22c1709405e6b9

SHA512
187bc6e07930ce78a34f88701f4566a9e3bc78008051e7dc5dd59a39faa38a7e324f4bf8bea39022ec8f94eed4aeb54f6d4c54ad01e3b2960bcd7c994d80f849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
5a8b66084408e81029f5bfac62225712

SHA1
a528ed46010eb2dbb555a9543da3f3b3e87074a4

SHA256
338736e607874fbf934628078379fccd804f687d92e3e14a7bb7dd4b34419d80

SHA512
465c7e9c7a41a8c0fdc7d0bfe15bf4b595af6d17462db899d693751294bfee3b29bcf9cda65e7d100d3353433fbe26ccffe11cb55d0e28dd6d4f340f30f5096b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a5fdfd484d4a17864aa6aef92080af1

SHA1
fb7840dad4969bbfe93a6f2cd4d9347ef1f2ad17

SHA256
8bfb779c5284592e235ec2fc4cfe50fa846a33ed36397c7f354e3fa61badc430

SHA512
55b2d0a9f95ae556c34796440d6122051747f6e2449ee5e763ae1dcd0edee310b29d6199adbac25d8358e7a893ece36296e067f5a55b55682839f062f001b09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fef51c3a4846c278db9b48ca41c9952

SHA1
ec3f161f3027c6b0b7926ad546774a13faa6cb73

SHA256
96fa359fbd8bad507a7ec611c855092618ec6e1ed4f3d589b564f847d2072862

SHA512
16d27362d2a05d5fb822beed4c1127703ce6c83b2618863184209b4676bbb548a012f2a2bc7f157035292f002a9150d6ab1dd49392b81baadc5dfe6a5f6e113d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b3a448dbabf600bf064d53da5ef9230f

SHA1
d7085ffa13cf20d4e310f7225f552f5cde03a5a4

SHA256
689ffe131513f34b48f6d5f63a8dc226dc92ddfe161513cacbc23b2efe449bb7

SHA512
5e8d75b6c428af618021ff59c87f6e06753ac75181e078bbcad4020ed015d086749b34b963a769463a4ff982711166ff689f1e159480a5208738d122c082ace3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb4efb2247c5698917bf9a32881cc120

SHA1
caaf23b913b227e05bf92745ba248e631a7a2445

SHA256
8e4c20c3a53f68dd09c9b6426a0c59dcdd62cfbefceea83a02a41c5af04e1350

SHA512
fb011a7ed6abd14ca1b9132344e693dab454af9a45f5a095270c945a009d1229d981780152567a25c1835155d00678ef3324fad1d1cbb0181d1cf1ff9bdfb840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6795435791d5b8903597bbf9d066ec11

SHA1
d75d535488cd32137602512d34aaae3502c39ae3

SHA256
c46e1759fa0a0fd3efd08522611597f3452f16e9fbd90753d292f373b598c0bd

SHA512
87d7726eb8959caefc0390fea67a11e4df4cf7d1e876df2de707bf0e8b6ca94f0eb06c2d6e91812bc1df8f01df83d7d304ccc99eaaa2aaecb63d66ba62663776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f3a1a4931dba4648771289ef6b26206

SHA1
c64c2a6935e55e102cb99161cef141a28ab0ea5d

SHA256
d7b9cd6135c32b868fff244c83af4aad5c58b06a8e6536846aaa622d288ed695

SHA512
20bb1b8f1fff867e3da75498c3a9cc52c534ed54806ebbbe3dc2a099c814240ff0f1d5977933567493c213ea10319db6974250e29d46647d79ca7c24239a1f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c72a57d5238b1b7376917851cb15acd9

SHA1
d26032e424e541b246b8950e9f9312645e781ae3

SHA256
38f00c407ab17587a68408397552175f3a07d3571edcc1988711eda2e97e7795

SHA512
741448268421069a2114dd3b32fa2d2ba69e20f5c12818d5bf0fc80de50ed482388ab05d8fb167d0789cb43b385e1ce076d99b5ba9b4974cd862c67c0f1889de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
1d80c065b06a89396e2ac375d332e4c1

SHA1
6b6f841942296524af9c14bb4a2032b0f96ec529

SHA256
700c6fbf1fc9da222582a805038d7e3a05d8041540eeef7f0c707bc434ff12b2

SHA512
0c180db00c3d22b25b47968a6a7be763aeeba5a23d174a45edc6c463bc6920d60e06e3e15fc85ecfe1e55f9800121a0f49de41a0a5e99d5f47c6f40a9166fae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ba551523e71dadc1eafa9f4a5da68ea2

SHA1
73699bf168339363167c30a6902fc37e17520171

SHA256
61cdb2dfeb701f8622c0b60aca5368090a0c1bc2730fb7b2b4cd8a58f0f0cf6c

SHA512
500f97cb02a9eb4be888579d3df8550b91db2bc8eb0d540d043ec2135f5352bf071a951e382524f3df53c6c7fe34bb9b523486e5caa224cc63fc3974227602cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
289d5596f97506e6e364066ccc6fbbc8

SHA1
17c1da498579787e72ca7f2f34e012742e75bb04

SHA256
cb7a3bed2eff998629d4ef0cef4a0a55964d9ab0aada71c74888e66afbefdba4

SHA512
35da9fcf07ace1a038222d7b23c5cc734c6db7107a7d56a2af718f405385d7c3ddc919d4f1502a2401a0669dc96cb55c795dc9a3fc42959198988b090a614c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e800f7ba52d5ee34ea85fd7b1af147d6

SHA1
c7510ba908875c81ba34c5535abb7c6d78069eab

SHA256
352716170eac62bccfaf5d004984a11dc7ed455757c56df43b7d8fc5f06b9658

SHA512
83a88b4e156b9cde6c961913ec7edc9e63c17645b5440b357f8473d791f01b89be5ab7e0f82581cc0a072ee84e9148958920f87d7779f78b14bf0b9bfc013b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
01ab9700a4e813520658d37034d0dfdb

SHA1
3b66b307af86cea04fb294aed7b3c905f2c40c91

SHA256
25ec66e324f43b96625138188b83a62f5cf73e8f1a2d5639ebdfe90131372d79

SHA512
5459755fea27b83fca6cd9c6cf732949d04a765ac9bc3ed49fba18171e5eeb357c8e9506bba090a4088c289afc0a0f02b89a594f17491c20621fa4bd20d8c45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
539b3cd5cdfe8a390deb28ae7dc79c9f

SHA1
459a23ac0aab2a0fea752405912052a7d28ba999

SHA256
b0e509ce3d2cf551272246098f82f6d6b5bfc673d1f24cc4291f5e708ba97db1

SHA512
915c4a0d382d6fb2e5a2f24db73924388da2b82e34970b1c3ed21715c896f9a0303f868b08c490edb4e8f58e75d2422e086432ce3b5fb5ffc0a226be123582ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5de84fd88a17cb032dfe219a71a4ada6

SHA1
65c9e5db47f7a2ad36755d3f940954348aab4052

SHA256
6d927527bf96adce48e27c9727d9cbb674b73c7494731e280a49c349a88626d0

SHA512
88219aa2efa30bb1f24b7034c391c8c0672ed2e0350a605dc6deda48426cb97fec21a972231584c6cdf19a36a08206cc0df9c17bbc3411b5c23ae2bd2eeaeb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
61ce467e94a3c1961e88a74be45721a8

SHA1
dda1324c52d5d0eb14cfbecace6161924bb39fd4

SHA256
0c04581b3f30e3d956e8a3e506b7022469fd3fcf93500ea265a5a41630f5a1c9

SHA512
793b11b9e3ebef94ccdeb1eb4fe8e8b8eb2c2231a9f3420e909e3e374f96d0b268a4a03a3c3bd2a7dfe52012296f641aac550ed903075ca7f5741e4f3dd3eb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
af1eff619179177cd544722730ada2ef

SHA1
eb131a27766b45476a8980df4ed91c409de5605c

SHA256
44c67d053ecaf6bb69fd4c64bf2d5f4e7e33a03193289cf2956db1122828d91d

SHA512
ae9316c6cefde8fc652d446469c732a77a6199bb4856b9166389f8e76b37276d639ec4ebf6ce61cfbab6d1cfd57747c8d8211155e22e84fc5ce445b2e4fae67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f980c80a6791b5968c92b6ab29546027

SHA1
0e39a361fa82747bf724eb726fe60ee7715924d6

SHA256
fa094dc68731e38d9709c815da812d31306b3e58f3eb042ec60cd5889b9e4ce2

SHA512
ae6fe151e095367cb62730968abdef40e561271d5ebed88dc56bdb59e0282c5a0705f05c364b7332365a53b40f4346cb49e8ca08f95e3786159b903df2013ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3b791e27fd2a8e4d43ea4a5329c4c279

SHA1
33f5a7a1382e468398b7b109881b6d3ca9a464f9

SHA256
5b514e2a9c2fe9bc96514c28adee61169029e0f7146da69b234202896b670623

SHA512
048499fb3c1085b46600f3e5ec9ed2fc7665d7e513bd2c47ae640303c3a48fd74d42b764052b6aada768c5d17cc7a50fa3b5c081b57a9608d6f83dbff256b5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
39042660a13693f1755040156729fa20

SHA1
5be9a7f9dfeb4315c980a45127ff20c7d916154f

SHA256
f30876d21c488936943bcebb00b1c5e76c52507126aa5dedecf9b236beba0917

SHA512
80fcc80d7a3f3703536e61d0ab29279321bc784d06538dd99e785d156854bb14c0dcc1e016ec22bb1827f7645d9d59861ec6f7fc3520572f7436f2b1ee8da77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
05c0851c3ad8ceaec6a38fbc3e24097d

SHA1
5b80694d4dcc11c67db3abec9c7048c498c2260d

SHA256
24f37722c6a561af3d0c904bb2e549b0fcbbc3c96a8d2fa5154a00ed6971b9a2

SHA512
b08bb1e33a118aab566e91be038f8dcb263200f3cbfa377d9c82f1434111876d3167e10403ccc40d00d9c62c94450c428145239d8b9c3714edaa78b43d0177ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
593885b87ca478f61d150403e770bce8

SHA1
b7bfcccd8e586fa6656cde4f60467da77556ddb1

SHA256
897646a23468cb8c821bd33b32aeca3a3da64db9d06aae802d9960d21b27bdc5

SHA512
7f5c66e91552cfceed11f3da3fb319390f099074ac2c4b1766c8159ac60b5dc00f8ffd491e1dde56949912b4aa42febe6d0603958115c11035025aaf429dc3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3a030aadd27daeb24346a0a34ab8f05a

SHA1
bb71a80d0220bef344201c63f21478c87f8d1632

SHA256
7b07d5e7bcaea3d7f226f149bfd58fe0daa7d9b663caadbf6091178647215b27

SHA512
94e868af58039397a53ae288e5d8157d8d04bcb1dc9b6594d7f05d7939bc23866fe9b34e0882199dc8baf3a7765d3ac18c71cef5ee9ade2f92c5537659f1beff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588a88.TMP

Filesize
1KB

MD5
71072c0bfd9e96fb709f9baaadb4b797

SHA1
dfb27c2edcac8ec4d93c7445ca4048bab8ad71fb

SHA256
1ae66fe910d3160229101a89c2328eec7a5992f929e66617d32b3ef3ddc7baa3

SHA512
896826e22862fff91abb3afa249bfbfff292cc8e5a384d0c60b677f131fd145d1ba128f636c44a1f6a15e32a4ff799f2fb6f3e9439f3c6daa2209122dadaf217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ede9fb3ab4c8791422f7dd8b7ad4a240

SHA1
74208a00cc379a90a0715ab9e19677abc45bdc74

SHA256
86221973ea7151c7c9f6113cabc1b64f75737154d0971bb8c9fe9d12db0888e1

SHA512
bb6ba3b4529e551bc0630bbf7f5f89e4d3e291a744ba6910133b0c5f95c45a80956d0e61d2c9e396627061031f171292cf2878aa40eaf515a20d55101b86177c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5189e8563ce58de6583c844df83bad3

SHA1
6aea72c038a4824afdfc01de0ecb9e1abbfd580d

SHA256
210ed65db6412c0606421bb48eb4e7aafa62280ffd03d4b3349a585127ffcc34

SHA512
f924066855dbb44857580660a4d87dc30704a473733eda06b6df3e431fa06ec3acd0606506b25b64b7ed824e4fb42786cc331747ce4235fae41a97530534adad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c7c6a33d90035bde6e5af265adec9318

SHA1
85996479de46d48a5e3d8119e986a74b8039068f

SHA256
85ce6fa0f79d2f8394a5a8c97f077a9cd13506b734a3e0107937ab8534c8f54b

SHA512
3d688f119560680be9923e9760fd6021e2a7eda12870546c0263fd49d2d2760fa89d19ef247cc2c0ef68feebbf2afb041a30f3b4c0f49278af469ed01df40358

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 575162.crdownload

Filesize
4.7MB

MD5
bc2ed062a5119cbfd1d78510229ff0b5

SHA1
9a4b81718513c862ea8c5141d938aa088f6f90f9

SHA256
30d7fc5f3128318c957c19b543e2a7e622edb6001cf5f7e621221f975e40fd8a

SHA512
e63cee53f47a8b0b2a6c628a6197acc6bd1726889a872512b92bde11a2b1e6c7849620b38f3b102bb4ec8a06c5a79c2e31e28def3525f8d1a4ceeb8bf5dfd7bf

Download Submit
C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe

Filesize
21.5MB

MD5
4a442b42a15b1386bf6b70916c7ca995

SHA1
f9efc0d3ca78195bb44acc864190ae4acdab24b6

SHA256
596ee79c9933a8d53fb3d04dd6853313fe1803132d80e04a3443c6188461ff48

SHA512
70cdc0b20aaf69a9ea072d168144d2be399927b1158a4834e41045320c76a2feb308a5fea68edf51bbfe09f9750d5704ff1dfc906e36b9c9e1123c5c4662f40b

Download Submit
C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe

Filesize
13.6MB

MD5
c29eafcb99e1199e7f1baebdd81a02cf

SHA1
102cb8c9ed586b1d056d23c5c1091f261f2710c0

SHA256
92ed540f29c20a4618fb4b875ea11e8922e55d1f37c3c1dd3ff22d4090136f99

SHA512
7ded3c9abc06190f7e9e2060465d547254ba4466bebe9849e2a504248a0826e5ec1a3dbccff5c92475bc95a39e05a68082e13b2197b1ad14ac9e952ab29a83cc

Download Submit
C:\Users\Admin\Downloads\dotnet-sdk-7.0.407-win-x64.exe

Filesize
15.2MB

MD5
52738a32ccfc99758505f90063cd8429

SHA1
e9a06016f0e0edcdd76d2e68e54c59eed6d73c3c

SHA256
3db47dff59e96712fd4574c1f713f019c364271fd5716b430ca089134b121566

SHA512
3020ceea91523f647994a860424866fbcb11c44ac7769f02eda377584ae7caf4e77e5572dbd4dd636f1a85081b10729fc21f4b9ba3fe8d95a2815272852dad45

Download Submit
C:\Windows\Installer\MSI7F1E.tmp

Filesize
244KB

MD5
c0777f5c9995b8c0b08ed33cee7e1008

SHA1
12f08bb8febedb3f16b22bf94bc47c5c3910a477

SHA256
cf531f10cb410f4825bab4fd4b15df8e02cb9a18505a3a3b05c4c2f4ccaf90d3

SHA512
a3478bc42730169abcb7635f1f73bc8b1a639fe2094c7e3866d8321b6efdf0740f8867dccdd5fb1b12f73b8e89a51758280ab9c3d184d36a7b86f3f91ac9dc0a

Download Submit
C:\Windows\Installer\MSID969.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\e5c7134.msi

Filesize
9.4MB

MD5
922af242c8c90e640f8ab64a1ab68338

SHA1
ad8e23fc305746d2e0caa66fd64836abc782b945

SHA256
1e884cc9cccb8f3486c3cbababfe9c47981873d8fa9b01c862b74c56c8c81da2

SHA512
31f01ff7dbaf4668cbc71685f5cd9e7c309536638f87cb4e450830eb918d39cd23c800c92e606c95c09c46c69abfe531b1b83887aa269aa60a8bf1b431cc4175

Download Submit
C:\Windows\Installer\e5c7162.msi

Filesize
28.8MB

MD5
5783d0b143091b222292bb0dc983f04a

SHA1
6f35c3202a162d14ec62fca94613553ec120ca8e

SHA256
49a7758ffd434befeace7137d907afab0ad891e54a320641b5e2c09e7af0f91a

SHA512
56bf629eead8facdf6c21f5b4c667daeaf8ab569ead4b3482d68748588b8fc71760c1169be04c85da8dc44bf5ae5f92efcd81e8578f24bea048a654c64527765

Download Submit
C:\Windows\Installer\e5c716d.msi

Filesize
3.5MB

MD5
af9cd60587c4ce80cb7ade783a7ff866

SHA1
19c2b799ab44df913b148c4470e3818b25133c24

SHA256
a466259fa6bc0198bfd599a7b96cb3b39aa57ce1d558d54ca8523b9f33cfb018

SHA512
b3d95eea7e612d740232ee1a29d389fc1ed00fef72e6474e40d64b5956dfa0eabffcccc312af8e5c295a33793ba6b420957af2e48007ec1e8fbd8487e08648bc

Download Submit
C:\Windows\Installer\e5c71a8.msi

Filesize
33.1MB

MD5
c378afafd75a53462cf189cb6564f01d

SHA1
0403d3e8224b1b0efc6594cf31a191c2811f338f

SHA256
08a7006c247b057dbc324743721cf5dd752eedc9641036b9156b7c613be09fa2

SHA512
59861cee00f5e04daf0c85db2aeb9c1694efcdf18a4f7094ecbde05bf80cd2df6c791526e96512e84b65d8dffd3f5d8d875782fbb164a55a8fa1e3d6887f2d93

Download Submit
C:\Windows\Installer\e5c71ad.msi

Filesize
9.0MB

MD5
4a6d8b2ebcf4b3ff1ae8a38fe574e3a3

SHA1
cd1e0f62cf63fb461587bcaa918c414b2030ac68

SHA256
000aa27428cd128a53f5266483d9baab9693bdeec51406561b8ae076bf96e6a7

SHA512
ef135bebbeef19a633c9260edca4ca0a0f88dc1adb8db17e55c9895c1a899db5c6e575a8b40c61ea9a8b82aabf820acf7559296141ea1aff638b7936a71fd2e1

Download Submit
C:\Windows\Temp\{1D49F46A-13F2-4AC7-9F4C-63A8B459F8EF}\.cr\dotnet-sdk-7.0.407-win-x64.exe

Filesize
635KB

MD5
124bed784f65cfa2c8400aaab528a76d

SHA1
dc048657e6712efba5ba599d84b3cb2ed1714833

SHA256
0604c611008a2daf908f21231bd251d08cd465b176a9384f25dd7bbe3c6e5da4

SHA512
541c762f29cf2d01f200917db7a429c71bbf99e95f1ac52ce35299323f28cb1f763c6cd84f1068e8ef581d3c76d192d2df5c70f5d2589f181e1f90891787aa8b

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\.ba\wixstdba.dll

Filesize
215KB

MD5
aa531c5359ebfb8204c12e774c7ef280

SHA1
1a35e2a5d9d9c51ff59279fa3415ad0346573438

SHA256
44b362b78639baccd5c83f0b224a206730b1276fab849c77fd1fb17db2f07014

SHA512
49e13931d6575655ddbc1da4e09484dfee9c0308c5d071470b1d903ac37819730c6b7c7fe452f4425aa3c5bb18b1c0b16f189618517f81c378cce75e52b46722

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\.be\dotnet-sdk-7.0.407-win-x64.exe

Filesize
226KB

MD5
46781ee9030fe91d4d010a3c33457a98

SHA1
8e131b2b9bba16f8caa447c68073f1d2487a1e27

SHA256
ff784970feecd9c3f3fd65b9c22d68cc7123b7c779bf1473527053bd432d8d60

SHA512
e7adc81e3d14683490dfa4365af22bec63e99c375b8fe74de4910a37fc930c195436b46f9802569159388958da27c858ede71e722ec19c6275ed08d6999e1e93

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\.be\dotnet-sdk-7.0.407-win-x64.exe

Filesize
443KB

MD5
eca799fcbdf1f4ae5804bae3f76207c7

SHA1
edee7cdcddf79309be924c1a34d9f325def58bdf

SHA256
4c9877f1aa68707eede104d57e2ae5534a110e49865facc1589e2ddbbb1e6172

SHA512
797b657169b3642b3bfaa23fece0fa100c9ce7ce9d64c71e85abcfa4e174c365c09246c4de9b50e226c8ae70aed2a60e462d0f8bd79506cd1eaa596b9a5872da

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\Finalizer

Filesize
153KB

MD5
e0ea5dd837ae3a202a821057e4772288

SHA1
ace0561c3e2947058d0ef408446562ee8c2c7441

SHA256
5f80b93591d98f21ba9d18af7caf3d103d7d04aa2fcf24d82fc42f3f3f116cb2

SHA512
e4d1c1a950318cc158b47352dfb8510f37a377538fab628436d424244d50c764dc561d2bfbc69fdd5bf2e15308a2440365b1e9c15bcde2a15835ffbc06c340e0

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\aspnetcore_targeting_pack_7.0.17_servicing.24116.13_win_x64.msi

Filesize
2.6MB

MD5
06e06f0c29f0d2d304be07a33b7fc694

SHA1
39f6cc28b2c1fda6861feca16ebe222442fb079e

SHA256
c9e468d60a5e5ae6c74b17386d64aaba401d326fafb71e4aaa77e78bc323c1e5

SHA512
233c15c2fdbfb9813dea1f9f2dc4b336880929ef4196f0ffed6af8e7e0752e5e56ca309e9a2d3c4487f0b068849b9e69c1ce72163c57ff9567feedecc18eb35a

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\dotnet_apphost_pack_7.0.17_win_x64_arm64.msi

Filesize
4.4MB

MD5
fdf1d1032e6b4f2ad52b9d814be75fda

SHA1
0e3456124bcfe3e98e68d508265aecda6e9daebb

SHA256
c0e15219635b968f419501752440a7a86bb2e652f518e61455fd84b382f127a3

SHA512
cbdc22dc2998ccdb52929846cc3cbb02a0970918e9f125cad65b6dd299bab870413612606a8623a83919a85398b817bc86b588163ad8df15fb043f7d20f877e9

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\dotnet_hostfxr_7.0.17_win_x64.msi

Filesize
856KB

MD5
11a825cc2f5527b9dca7467b5650d01f

SHA1
b2d7978a1c1c3d769926b794036d2ae5fc173fac

SHA256
af62031d31f0c5d1ced8ed3437d292bcdae409fe9c1092a6f057dd0618fbeaf8

SHA512
6c86827a72e1188cd0fa6eadbd1829d8b8373b1b7182696ed8586d79d3bb94f8c4dadb4239401eccba20f1ec49f8c786e914354f00300a5ab9fdab461edb6591

Download Submit
C:\Windows\Temp\{54D9F798-567A-4D6B-875D-FF99208F6BC7}\dotnet_runtime_7.0.17_win_x64.msi

Filesize
3.4MB

MD5
a193ee8e5d326b712bb0c5b65c5c35a9

SHA1
360cde265348e54b4b87ea65ce94eec2719a01b6

SHA256
8352424e48589124a02c70693649930b30f08423caff298c4103d1e1033162cd

SHA512
a82da8363b68fb77169fbccc11684821051edd6728ebf2c6870852839042e5504b4b99f885ea9823dec609d22dbdb48966e68c8e4958f3a5f21d2df4df4675ef

Download Submit