Analysis Overview
Threat Level: Likely malicious
The file https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.203-windows-x64-installer was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Enumerates connected drives
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 23:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 23:51
Reported
2024-04-07 00:00
Platform
win10v2004-20231215-en
Max time kernel
241s
Max time network
242s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Beyond Launcher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| N/A | N/A | C:\Program Files\dotnet\dotnet.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Beyond Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Beyond Launcher.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} = "\"C:\\ProgramData\\Package Cache\\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9}\\dotnet-sdk-8.0.203-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\Microsoft.Win32.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\System.Security.Cryptography.Csp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevel_7_all_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Publish\targets\CopyTargets\Microsoft.NET.Sdk.Publish.CopyFiles.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Common\tools\net472\pt-BR\Microsoft.SourceLink.Common.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\fr\Microsoft.CodeAnalysis.Scripting.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.Extensions.Diagnostics.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\pt-BR\Microsoft.CodeAnalysis.Workspaces.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\testhost-2.1.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Web.ProjectSystem\targets\Microsoft.NET.Sdk.Web.BeforeCommon.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\NuGet.Build.Tasks.Pack\Desktop\tr\NuGet.Build.Tasks.Pack.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.3\ref\net8.0\PresentationUI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.Extensions.Localization.Abstractions.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\testhost-3.0.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\testhost-6.0.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Reflection.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.3\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\es\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelsecurity_6_default.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\tools\net472\es\Microsoft.NET.Build.Tasks.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\es\NuGet.PackageManagement.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.AspNetCore.Server.HttpSys.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-netcore\Microsoft.Extensions.Logging.Console.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.3\System.Configuration.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\testhost-3.1.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\tr\NuGet.Build.Tasks.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\FSharp\Microsoft.FSharp.Overrides.NetSdk.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\core\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\ru\NuGet.CommandLine.XPlat.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\System.Security.Cryptography.ProtectedData.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\tr\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\fr\MSBuild.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevel_7_none.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\pt-BR\System.CommandLine.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\net472\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\codestyle\cs\cs\Microsoft.CodeAnalysis.CodeStyle.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Microsoft.Extensions.FileProviders.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\codestyle\vb\ko\Microsoft.CodeAnalysis.CodeStyle.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\it\NuGet.ProjectModel.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_7_none.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\MSBuild.deps.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\es\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net8.0\pl\System.CommandLine.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-user-secrets\8.0.3-servicing.24116.15\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.DefaultItems.Shared.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\tr\NuGet.Protocol.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-arm64\8.0.3\runtimes\win-arm64\native\ijwhost.lib | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\de\Microsoft.CodeAnalysis.Workspaces.MSBuild.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\fr\Microsoft.CodeAnalysis.Features.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\net472\pt-BR\Microsoft.SourceLink.Bitbucket.Git.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.3\ref\net8.0\System.Runtime.Loader.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\System.IO.MemoryMappedFiles.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\tr\Microsoft.VisualStudio.TestPlatform.Client.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\zh-Hant\NuGet.Configuration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\testhost.net47.arm64.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.IO.Compression.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\wpfgfx_cor3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_5_minimum.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\Valleysoft.DockerCredsProvider.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\pt-BR\Microsoft.DotNet.Configurer.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.203\Roslyn\Microsoft.Build.Tasks.CodeAnalysis.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ee6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ef0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5D4A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ef4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE02A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{4D2643C0-CD98-4F2F-B4AD-FFE4EBC076EE} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585eb9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA4F7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBA41.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B6AABF89-C18E-48E3-8A82-A596F21B2DB4} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585f12.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ed7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{F3AEB036-4B8A-4C25-B4D2-850944E909C4} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI631A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6F75.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\8A22844D82CFCF24B8D1127A5897CF97 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585e9f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585eaf.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ebe.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7091.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ea0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ebe.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBB5B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585f04.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI625C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ea9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ebd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB7CD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585f08.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585e90.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB606.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ee6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585efe.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D11.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585edb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{568F99E8-9F2D-48D7-A05D-D64C512B3AFD} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD23.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585eeb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585f0d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA16B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ec3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585e90.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7061.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI73F0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ea4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8139.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585eb8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBF09.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC420.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ed6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585e8a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6C93.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\8A22844D82CFCF24B8D1127A5897CF97\CacheSize.txt | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI71AC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585eb4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ec3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585f0e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\8A22844D82CFCF24B8D1127A5897CF97\64.0.4211 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585e9b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ea5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB45E.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98FBAA6BE81C3E84A8285A692FB1D24B\PackageCode = "71503D5C5BF34CD4EAA4267671929651" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8FEE641BB3EB0F84D9B4A572E265F2C5\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.3-servicing.24116.15 | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\260E11500E7708F4BA3AF0999BFEC8B4\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D05797CA-ED7D-45C1-9F4D-9E5A090EB7CD}v64.12.10343\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64_arm64\ = "{D6F489DE-D5D6-4EF0-900E-8E04C74AC475}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98FBAA6BE81C3E84A8285A692FB1D24B\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{B6AABF89-C18E-48E3-8A82-A596F21B2DB4}v64.12.10243\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3}v34.0.43\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\ = "{98927287-8779-447A-919E-73028D53F719}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D9B147588CBA04E37812B30D4B26F9E8\FT_DepProvider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.Current,8.0.100,8.0.3,x64\Dependents | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net7,8.0.100,8.0.3,x64 | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9495FE4D36E85484D96CC4079A890CFC\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D5AE770B39A9F543B3BABA9836EE5BA\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A7D13A50480BD8334846970004A64E74\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DB9E09EB14A57123299C1CD44F7E035F\0D6FE611E8EAD6E40B8DFE1F54DC54AD | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.3,x64\Version = "64.12.10243" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D98088DE-EDA4-4E1A-BF0F-ED9A9145CC70}v64.12.10343\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C4F022D4DB8E27498945966AF8184FE\SourceList\PackageName = "dotnet-80templates-8.0.203-servicing.24155.24-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_8.2.324.15524_x64\ = "{13CC7FF7-A637-4760-A9D2-8C96BCA9EC85}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version = "64.12.10343" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64\ = "{4D2643C0-CD98-4F2F-B4AD-FFE4EBC076EE}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64_arm64 | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A94EDD4567806A74FA344BD03E540F8B\F_DependencyProvider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64 | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F3AEB036-4B8A-4C25-B4D2-850944E909C4}v64.0.5426\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0C3462D489DCF2F44BDAFF4EBE0C67EE\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\ED984F6D6D5D0FE409E0E8407CA44C57\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,8.0.100,34.0.43,x64\Dependents\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\99015796823C52932B0273D770507C7F\8CF9DF3275A638C4F9E2861A4B8A6589 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2F6090EC11C6B2A488B0FA9B42471BE3\PackageCode = "566DCCFDE025B794DA2ACAEDD7121855" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CF9DF3275A638C4F9E2861A4B8A6589\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98FBAA6BE81C3E84A8285A692FB1D24B\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A94EDD4567806A74FA344BD03E540F8B\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.Current,8.0.100,8.0.3,x64\ = "{23FD9FC8-6A57-4C83-9F2E-68A1B4A85698}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\PackageCode = "4C3E0B05906EFF945BB9406067C590D9" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57E95FB650EB96C4C98453236BEDE05C\Version = "285221150" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CF9DF3275A638C4F9E2861A4B8A6589\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F0F2ED949C5241542B8B26C99173B8C7\F_DependencyProvider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3F3BB57F0327EBA38A69B564A5CE6078\F0F2ED949C5241542B8B26C99173B8C7 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64\Dependents\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\SourceList\PackageName = "dotnet-targeting-pack-8.0.3-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.3,x64\Dependents\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} | C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D9B147588CBA04E37812B30D4B26F9E8\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\260E11500E7708F4BA3AF0999BFEC8B4\SourceList\PackageName = "dotnet-host-8.0.3-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64\Version = "17.0.8478" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\Version = "285221150" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC\Version = "1074538599" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Version = "134217731" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\DisplayName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 681194.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 286890.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.203-windows-x64-installer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963946f8,0x7ffe96394708,0x7ffe96394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe
"C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe"
C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe
"C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe" -burn.filehandle.attached=564 -burn.filehandle.self=572
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe
"C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe" -q -burn.elevated BurnPipe.{93D483E5-E9AC-4BAD-93D4-B1199F3868BE} {3AE7562E-5C72-4B50-8B38-21E09F4FBE52} 64
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 448778194960EA2149281B87C015E68C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AAC51B6784A70791FE7EAE9E60E38E5E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A88CB175D4F51FBD3682F71794F52052
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 63229FBC5C40884128A8C46D8C453BA2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1986F245E8C188339914B5402AC5AB27
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 42AE72573ACAEF68554C88B67D1C5247
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding CBF118ED8F1873EE7C194E7D9CAB49C1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding CCA3F2E740248BEF9CCCC593DA5B1C90
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EE1839F014BE750F19AF7E7D6814B4D6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EDC1D5D7A8DCDFA337D4F94E1AC3213B
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1728 /prefetch:8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 07520C2801D93D7C5B27C9238A9F8DE0
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E6F2F10DE45B90E08F556915898F84D8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 91D17AFAC99754B8474B8EF80271450D
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0DDAC3C52BD7B22E25828B3F6D0631B6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B65B95098D4BC658298C014334F3F367
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5984C34DDFD3EE5199BF01F9671FC7EF
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 421F693EAA83A19AC7BEB0D74EDA9A73
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 481B398CBF6FB1B8BE38E829E357A494
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 72532A3BF610E9CD2B1FA4A5925056B4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EDE27F21157C568FD8B3F1632644F316
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 55C38B966931AA5885E592ACFCE5320B
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 69DF1C953842A526672FE5C003E0BF0A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F7022B12EDC17F8BA8A840602922A8AB
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding FC0AA29B6AF5214EBCAF956A1625F176
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 526EEF8B06F9B308EC15FB4770A8CA96
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4E6B21FA7EA8B1C4664E3CC3F4AB09AD
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 /prefetch:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7349A3F1EA1B5957D569DD4F85C83513 E Global\MSI0000
C:\Program Files\dotnet\dotnet.exe
"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.203\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6D5B2AA73D57A0E4183E046E64FCF9E2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Beyond Launcher.exe
"C:\Users\Admin\Downloads\Beyond Launcher.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\Beyond Launcher.exe
"C:\Users\Admin\Downloads\Beyond Launcher.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tos.beyondfn.xyz/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963946f8,0x7ffe96394708,0x7ffe96394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| NL | 72.246.173.187:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| IE | 66.235.152.225:443 | target.microsoft.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 54.171.29.243:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.29.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| US | 13.33.50.116:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 13.33.50.116:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 13.33.50.116:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 116.50.33.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.150:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | 150.155.9.20.in-addr.arpa | udp |
| BE | 2.17.107.98:443 | www.bing.com | tcp |
| BE | 2.17.107.98:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 98.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.beyondfn.xyz | udp |
| US | 82.180.174.138:80 | download.beyondfn.xyz | tcp |
| US | 82.180.174.138:80 | download.beyondfn.xyz | tcp |
| US | 82.180.174.138:443 | download.beyondfn.xyz | tcp |
| US | 135.148.86.165:3551 | 135.148.86.165 | tcp |
| US | 8.8.8.8:53 | 138.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.86.148.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | backend.beyondfn.xyz | udp |
| US | 135.148.86.165:3551 | backend.beyondfn.xyz | tcp |
| US | 8.8.8.8:53 | fortnite-api.com | udp |
| US | 172.67.73.152:443 | fortnite-api.com | tcp |
| US | 8.8.8.8:53 | 152.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tos.beyondfn.xyz | udp |
| US | 82.180.174.138:443 | tos.beyondfn.xyz | tcp |
| US | 82.180.174.138:443 | tos.beyondfn.xyz | tcp |
| US | 82.180.174.138:443 | tos.beyondfn.xyz | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4d6e17218d9a99976d1a14c6f6944c96 |
| SHA1 | 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f |
| SHA256 | 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93 |
| SHA512 | 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47 |
\??\pipe\LOCAL\crashpad_3708_XCTBEGUHDYKUVMPC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72a2f6c7abfe494b9cbc38f67ff11729 |
| SHA1 | 8a31ddd7ed7094058b7c5528b4e9484db28adba3 |
| SHA256 | 70b3abbe47b5f8cec1d184cbbbb4dbc66376a88b5e4899883d862e577b5b6d1e |
| SHA512 | d9be8d1dd04d786cecf5c1373f0210cc8859943b61a260310ee21c7121577c693551513ef838c3201e8292455b11ca3ab59541e72676c7a7d4e6ee39e03d0c48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b902dfb88311f22d7eec1e4ef6d0319 |
| SHA1 | 763387fd7848204254d7c184dd23768df3923810 |
| SHA256 | 40e3f6562da1237d031bacbb26e4a4dbc3c40e87f0351bc9c22e35587b67b178 |
| SHA512 | ad1277bce473f449bb853beb7b3b5de25c76819dd24bb51a56254fc73da838d0e3fae8b68ef5c3b50b6e2fa7a494094c4b0ecd361e0bdadcbf856b3ea62c4593 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ad2bc134f54e1a9128bdddb74819a39 |
| SHA1 | 153e93634e69e4d31755e76f058488546acc97af |
| SHA256 | 5b3c76dd58d942f6d79bf6778131e1e67114ab6682c88b498c1acf56b6795eb1 |
| SHA512 | c418adf191a617429cbf02144b9dc2ea49164a64cef1462582bbc02980a78c920c5b54e372304748cde8c59886b67aa2e31d9ed827df295d3c28e8d04900ef2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | c2ef1d773c3f6f230cedf469f7e34059 |
| SHA1 | e410764405adcfead3338c8d0b29371fd1a3f292 |
| SHA256 | 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521 |
| SHA512 | 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 59c9ae5c49c3fe86aececd703708464a |
| SHA1 | 05a8c3052af86c20be3cc3948c897d45bd249f38 |
| SHA256 | fb9cf688f0cdbaf7f072997b121d63fc766ec5c051d42847243af77bac9652fa |
| SHA512 | a9d150b4168b8c284c326d43dcbcd2ae11d1fd5d6bf639a1d6a2038130ac07715a0f68680c812df264d3a2be416b832790799706c5944a85d232152c0174a57a |
C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe
| MD5 | 4b73d828a50d4ed1022abfbaca79da7b |
| SHA1 | 4b67470c3b4913a579e1d4a489b6befc2aea2168 |
| SHA256 | 1d691580c6639dc96a4c8908dfecf9e3ca000201a5cd9e2e56541bbd14b8f5c9 |
| SHA512 | f6f5609134d4006a16b96c2ca3be32acf7492bb7db233690204141a95952077018dc5f1503fd4dedf7ec44253a3427373fa21dab778a3b3d3d3d37df90c11228 |
C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe
| MD5 | 5161ec44df47880f6711742a13dfa8c0 |
| SHA1 | d8e4ca59a605864a248007f020a1930ba5039e46 |
| SHA256 | 7e385633ea1823d46a7becfcdacbedaa3a98bd14826e18b845c0d5f1bf0b98bf |
| SHA512 | fa19fe98401c01cc112a846dcbfbe96dd853ff81ea37d0ea7c2e5e93a4203f258d4543e5e7f03d2314a953f8d8470498df86cea77035d71477a26a42965fee28 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.ba\wixstdba.dll
| MD5 | aa531c5359ebfb8204c12e774c7ef280 |
| SHA1 | 1a35e2a5d9d9c51ff59279fa3415ad0346573438 |
| SHA256 | 44b362b78639baccd5c83f0b224a206730b1276fab849c77fd1fb17db2f07014 |
| SHA512 | 49e13931d6575655ddbc1da4e09484dfee9c0308c5d071470b1d903ac37819730c6b7c7fe452f4425aa3c5bb18b1c0b16f189618517f81c378cce75e52b46722 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b459bb95e5bd9998f43aa19bf20a2a64 |
| SHA1 | 6a8e555da0f2068f2eba4a8b8accbd63bea8fef2 |
| SHA256 | b14485cb54cab38d7aa8b06f7793c5d08a7616467820fe5d7fcb03fa5c3f68d8 |
| SHA512 | a2ae6b97d623a7e8891e141681f8a3fbf4e7d6480c305b3541419ebdc8a6c934414a1b2c1bc5781c5dbc679e7c624994751eb722d87803f0a98cef6f3f151337 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\windowsdesktop_targeting_pack_8.0.3_win_x64.msi
| MD5 | 12e07226224cef63eca90472bfb083fd |
| SHA1 | 1225069268a0862cd4a60c2e9bbe622950ad4659 |
| SHA256 | e302b391326cab221688e7d1fa6648725922760d52df80190c1fba7e7d7f1f9a |
| SHA512 | 9911b690bef6957cfa36e920babd6a755b4c8e7872b055f2e063edd914dba6dee5ae7fdde1533d4e64cfcb37373bed9053dfb52128efd66f54f6e9f965a394f4 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\Finalizer
| MD5 | 0412f8e2af21b8eeb6a5380e67624e61 |
| SHA1 | c1df8962ea1ca9d3eb80ad426d7c816237f13290 |
| SHA256 | 3d13ca2b03ec66e890456c3d472a2caec37bbd08abcc90274a87b13e4e5582bf |
| SHA512 | f5f1fb8298ca2d207a4547d9bb3b39c0e68637217d18e5182cfec8e725e501f320456c47fb234d9a79207fe4e83e5088225d23c13fc3bc2a607c41499580c18d |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_runtime_8.0.3_win_x64.msi
| MD5 | 8fc768ed20f2edca6bddc9c9740c28c7 |
| SHA1 | 876735906a852f71a13ecc20264fb11fe1bd5ce4 |
| SHA256 | 7da09c3c4670927c56e866fbe1d8e7cfe44cde76a64412b818688ff0973454ef |
| SHA512 | 99c6a915db9a7488e811e6070bbf677bda3ef70eb5ef4b90bac99651c7dba372e9f337d28df3c0814cf65fceb87a1a873af7ce774c15cf6d901d93ff7aeade82 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_hostfxr_8.0.3_win_x64.msi
| MD5 | 72abc4e1a9fb065dadb226d922644c37 |
| SHA1 | 27a25044adc7faf04d5c77cbf1fca6be4f226b7f |
| SHA256 | 72b08ff50e724d182bbc2ca86ddaf87e34a97867089765c7bcac9eeb289fe3f7 |
| SHA512 | 5b6b254e2435a7fdcd48b84380c8477f3168f35cff11162946e79b18f77e4913f16c27d5c9bcf42b99e959db311893794fac35446ace15b947c291c163056da7 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_host_8.0.3_win_x64.msi
| MD5 | 2406dd29f28440a6e50f248b3d4d4741 |
| SHA1 | 78d0d09d119d27ee6a44ecc922a526fc3c9d57a5 |
| SHA256 | f9d276be813e916da645124ba33155e35498b5780dfd83e552629bc527a67b81 |
| SHA512 | a00c7004a2d927f5f69d37f9e7e3111a44cf95652c56c9a3d5eea480b00fe7d592080fe22e1febcf5990a2aaf9cc120dce0bbb79649ba2413d84270e3cc3501d |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_targeting_pack_8.0.3_win_x64.msi
| MD5 | edac384b51bb5acdbcb319a63a97cb68 |
| SHA1 | 7408e54e23a95dd1a95de0a7bfec892664c600cd |
| SHA256 | 69ad29330d0821e48407469c56b1d7305e373549f7021edb93f0adf679f84623 |
| SHA512 | 9f7d9e8bff7465fff831f3f9ec474e0f3d1d4661f3bf0b63ce876c66af573c5fecc634acd0629a70a7c2f72fcb7acd7e268ae27ab319c8059b22bd32a615eb38 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_apphost_pack_8.0.3_win_x64.msi
| MD5 | 8ee34f224068241875685e1b7ab0a3d9 |
| SHA1 | d8836c7000e0a8c56181ba5a18e8f60b00065407 |
| SHA256 | 12b2c54876af8b23462fdc51c05845e67c26f7b2573bbff53b5299cdd2aacd39 |
| SHA512 | 5a9d1be9babeb3b0466214cce13610f339ac3e01d704d9b7bada8d1dd1592e0c79dceb85a5922c64ee05c9efd7725a102bcaffa6e6f7795e5b71c8a80f00fc8d |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.203_(x64)_20240406235707_000_dotnet_runtime_8.0.3_win_x64.msi.log
| MD5 | b00b919fc66bd15ea3946b4d0d74fe25 |
| SHA1 | 29dc9708d8570f2beea27b1a3360b8fefe4457c4 |
| SHA256 | 0513b24343c20b10bad96262f5aee2e7b4b1acfbaa042627de574963f0307fb3 |
| SHA512 | fa86e4053403aceb24213607c7f1867c227ef41f6aec52785031aae36fe77548880e7215b91314178bdb0c432a7339efc4d5e52b805103477cb35fe1da265159 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_apphost_pack_8.0.3_win_x64_arm64.msi
| MD5 | 45c6328c72fa077a556d3bb3544f9828 |
| SHA1 | ee067b0f803be36e80740dc9937ba21f4ee4f318 |
| SHA256 | d457b6983c1d6f5a5c5f418e0b8a2da2db8a6013a74e52ac1b7b10aa7082615e |
| SHA512 | de4ef399db550b2908e81df19b5fcbdbd63f4619b6badeeb6dea0b2bc6e2d1fdc730630ccf5e5a9db27b8d213c6f753d04caf48358bdadc64fd954833d83e39c |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_apphost_pack_8.0.3_win_x64_x86.msi
| MD5 | 99feca92b1707c949ea54539d6632086 |
| SHA1 | c379d6bf7ce026bb6fdb26f7f7642689b40decac |
| SHA256 | ccd3c36507cea0c96c9cd60356d2d02e1c0dbbfb50ac3e8a01ed9140f7edf58d |
| SHA512 | 8da80436e1f0993ae40bd6ef9a74631556796c5b2373216a87a6d84259aecd8c35bb110e79acbe8af6b2ea6b0e5a4401e559ab422a821c52ed28315ed1e461ae |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\windowsdesktop_runtime_8.0.3_win_x64.msi
| MD5 | bc14bcfe3cdbc3ce9dd22bfd140761ac |
| SHA1 | debd173d4ab3d0b3615e70965caa5784da7a21b1 |
| SHA256 | 5788429d45f75dda557a680d01512ec02538a420d272190a95f7d370260d5a75 |
| SHA512 | 92767d94647348f9e6f632d0237728f52293df236523063172c05570bbfc063639194614fb8aac1b364e2f27ec348431099028cbe402ee4941e23e7f143a06f7 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\netstandard_targeting_pack_2.1.0_win_x64.msi
| MD5 | 5251f52509038e5aa302509da3edb0b2 |
| SHA1 | d215a985d633004c3faa5222b9b15b36b4e02903 |
| SHA256 | 02a92b32305833b21246ba0fb99f5744127f1244cea14aeea77ac204e861e5b0 |
| SHA512 | 1b4a9142374f77b2f27046d21998174df48f87be139954007623bc36c06bd54a1861fa610824007dbd8ae21676f6264ee4ed0f0b78797dd5f8d7363e21cd04ff |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_80templates_8.0.203_servicing.24155.24_win_x64.msi
| MD5 | c0559ac893bf5d0636b23741eb8eac51 |
| SHA1 | 520799bd4b8fed759890249ed0afaa2f82958fe6 |
| SHA256 | 8d821fb5cbfb7a7fe1c3832c328fed264e17e37f181fe5802c5dd5e615d58803 |
| SHA512 | d1b2cd95010af49eb00457984e579dcca60bf0c9e9a4c492e53da29017a45c2c0c5a5290298b6441f8a17196ff187fa1174cae11e0899c9f1123ec96f4eff1c1 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_081c3e95ca7503e49231c7598630e1b2_x64.msi
| MD5 | d07caa773c5840fe649b9bdfea5c75a5 |
| SHA1 | d3746846750071d34a3a7471daefd2b6bb6d99f0 |
| SHA256 | a275fe816a9f0e8afb1321cf961d1b7dd8a08fe2453748b730aa82f791812985 |
| SHA512 | 58801d9197d24cee70968ea6abdce96ac5daf0e91b19caca5bb5f724547bf4e651e88fae5b2353ef3e35ce3b6a83c30384d18a35627c64db9c67908bebde32d9 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_57cd41090f5a4a01357eae4a8364ce6d_x64.msi
| MD5 | 856aaed4122fd3c668e80e99ee23e8d5 |
| SHA1 | 048065b638221ae1613218f373fcc4285c9b0b47 |
| SHA256 | 8cb6e22de556200fa1f42d683cd45b58619dd97d87965ef2b9e5b9ccdf244bb2 |
| SHA512 | b579b3262b8f990722620df2b6372aec4e125d87c794e7043b411b6f40be4824ef7890d9db3cd2909b77c35c33dba3b1c7d536ce6a932b48d9c29203f92556ee |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_2df116bca13a3f03520e4eb315dc39f9_x64.msi
| MD5 | c9207a1511f27a1ac5aa699f66a3cb40 |
| SHA1 | c1b7580c41cb0aaef8794a0b6220e67d339b4e0f |
| SHA256 | d0849a508c591317c5ad22a4da1b75165211e4bc33a99cd32380900ba2ff8cf4 |
| SHA512 | d41c6e6fbce7eaee4f44d5da9940aa0dc2249b417eef7267309cedc1ca97f4d5408b9b21e3f16a422545dfd38f00838f457cf72b2c8d87cb762f39af9783806f |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_sdk_internal_8.0.203_win_x64.msi
| MD5 | f818e2039bd55958e0373559ab932f13 |
| SHA1 | 60eb8a69c1dfcdbd59594e543e16286f5ddacf7b |
| SHA256 | f47937f97c5d07241d3c46264573ccfb0ead6ec63941b4dde2b053baab23592e |
| SHA512 | 0722ca05807f5593fa1980513978ff9f3e13e7558d7c67d62d36548627d86d30f5d121c9af33d897d0e202c8645aee30798f5d2bf4ad48cad2d94d88070a6f6d |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_729ebc3a4ae248c9d9e33c8304329ec3_x64.msi
| MD5 | bada270789aaa00624cc6a15c6d53eac |
| SHA1 | 226fd5a55ceb6e6e17421d0c277fede4e868d283 |
| SHA256 | 08e387b8c219006a29fb6b4d72ac95a086ca22ddfc1c674c5a7a0d8624b7e09c |
| SHA512 | 9a7b9246e74c15352e662620b8db3700d9a89e2b0df348a667cea941a50856dd8227083e123f862b8c635cc95edf8c6146e71fd041d5e63f7786f76bdbd371b8 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_214735e684df50d51cd5ee3dd47188af_x64.msi
| MD5 | 5a3df0a493ed6dc11e83a507e09bb252 |
| SHA1 | 3b91b2fdefd136d5767771fc9429c9dea4052faa |
| SHA256 | 3d33f0b6203082ffb9ae313d6dfd5d470038ac53ec13deacd8a27b6b7d16c2f4 |
| SHA512 | 6ace3db9eee5ad26e9d9236ad1fda154d0d1bc07b1cbf63c10eed413548909cca0b93f0f7f57c2f8cbdf8b402a1f35ad9cc18e029d94f27848b37c6076a7b1da |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_58992e18915e0513e68e54cc16d11ff6_x64.msi
| MD5 | 21906607aea671be689cf829e5c4879b |
| SHA1 | 14602f4e6ede8beb6500b46dae82dbfae25da451 |
| SHA256 | 43e543d6f850f2a7d648b2b2ed6acb97e5b027311f64e658bf71b98f19b1d568 |
| SHA512 | 4f37fa4fcb09f0818a537a6098ae491dc8c98e5b4a37ac3b439b095cc51fc5c634a35cf80c430490c08ce6e6fe9e1deb78da161a2464dbcc6a639bb1bed057dd |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_3ac17b62ffcae661d0d1414f4c3e9f26_x64.msi
| MD5 | 29a640cd13a1a4ff5aec966db2531086 |
| SHA1 | 39561cc21e156e589667e5f5854f39fbd459a442 |
| SHA256 | 1515c8e6cace68670d771c1bb1fdc649bf15851048549afd24af2ca68ba7e75c |
| SHA512 | fb2428f1372e79527b083c190a2f4d5f9d848136399e5ca5f24612b7d2570601af80dc449008441a57eec3650386e1a2dc559e02d4f60ef386d9ed0fba35bd4f |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\fbafa6938113eb2095e12092037bd5fe_x64.msi
| MD5 | 862e8aa499d1301d365b51b426f50b70 |
| SHA1 | cc4cda13be1f7a380327a21ed802ff8ec9bac6f2 |
| SHA256 | edf7d67e5aee7c4b36b75cc123018e04679da2e8be1d852434a891cf8292dcf0 |
| SHA512 | 20dce2221c4f0c65ab8def0b26d6a57f1ff6c8563af4cb0e3f6792fb2e53a7d55c90e85b4713885e1df32be7203c1e3b32c432f5098af7aade27ccb94b823abe |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_24bb901c0e890ef24f6b95928cd093a1_x64.msi
| MD5 | 08576684dc0d9c3fea36b258bbc87b34 |
| SHA1 | 27865402e7afbef88bac8130cf13f4451afb6319 |
| SHA256 | 2316d799c63e5c0b9c019bd01dd83f54c50c372f6557a8f6773f04b1b5046f61 |
| SHA512 | 29e4b63c2eaed28c0693faee945cf29a64841c84062208de7641aa08b841648d674298aad7464956893116e0329f54616b3dae231864e9331b438d5b90f9baf4 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_4ab27be2a7a2a677d46caf9075f2248d_x64.msi
| MD5 | c8a8f2d5cabda4ba878b4bf9d65e54cd |
| SHA1 | 16a047d5523aa5dd4460687bd77302b056728a58 |
| SHA256 | 02ea8e2e2f95ae1d5876713ad700b87c02b889730708b7839c2bbc5969f5fa84 |
| SHA512 | f04a5a84290798957b2f1fc147a0b4c00ce8455c7f61b10f1b114e289ab767ad9416297d2e8d8895b0bb599f3e6fab6eaf69d35332ad0a4821e7da0ccf013f87 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\AspNetCoreSharedFramework_x64
| MD5 | f4cbc878ab357030ac561722ae72dea8 |
| SHA1 | 75c4b7e38a0c97a917e03269f7f4831daae4f70f |
| SHA256 | 268a00a02da81fcc60b7234004e387eb31a79a214b8e8ff7d5455d87171fce84 |
| SHA512 | a4827e48782fb86cfd06e09777dc4b839683a69ffc82900b405c86684e76c4d3b10b58884a8df1a892684bb993e62d2cb8d2729e4be6554e95ac285b1a7acdbd |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_28c86dc0e8d71959057ea0317b3698a3_x64.msi
| MD5 | 5985e25e0ea09278e4e73b528c90e941 |
| SHA1 | 654c6cf6961e20127a193e4574b80b34f6af4b77 |
| SHA256 | 15db6e2d742eaff97251a10d62edbcf04df6366e745e8ec744c621057b359895 |
| SHA512 | 377d2c36d052a4516f0e7a401ed9080626095f23dfe272f7c41c2da7d6665f66ebaf69961c253b0aefcb29b6dbc76446c000f102ee8b108364036a58faffbf02 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\ef05a2a0a7cab4628b9a106ebdf303e5_x64.msi
| MD5 | c5887b5842ab7f8cf4961eb024bb275d |
| SHA1 | ee5e89e233530a6a05e8064dea8dd599eb9e322f |
| SHA256 | 783b695c6ab25e80d6e719a16138ef18b66f9259ea88085cb0db8872450d08f2 |
| SHA512 | 7adc41c0e3ad6af8119cb8474d865c5830be18595287537058e371778d661c9a7701ed92eee80bdfa7d9d2f9d12754b1cd3b29cadd71939bb02ace9ceccdbfdd |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\f0a38d69b91da2c9cf4812140d614380_x64.msi
| MD5 | 6030482d8d1da9de88e38a2760d0ce3d |
| SHA1 | c41e40329a31cad8d1e38f8067b4a89b3b2920de |
| SHA256 | ddd17d732ffe0794425f884b99b8d3c39f9eb5651ce8f1b788b708819942e9c5 |
| SHA512 | 7d0bb296b052c661ee74644792a68725bf9263eafbf587e4a99ec98191b1c6a5cd27095d6969357894715d39d1ff7ac09b7c9b94cbb1de0aae2e85354f624770 |
C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\aspnetcore_targeting_pack_8.0.3_servicing.24116.15_win_x64.msi
| MD5 | 10b8fa5d2043b64480ec66c7d9e8396d |
| SHA1 | 243d952d80b0af3331e2b08063c91d93aa06d5b4 |
| SHA256 | 1c5e525d953858139527d0f3f833028ab9997b75d30d9d1ac9342646a9789d0e |
| SHA512 | 32b3ab8dacb130bb9149373b5031876066d7d7d72738fbfe82a3d6984ac2a0d12e54a9bdd56cdc5caf079d7d4d1bcebac87596818c9c97901b90c19eaa24a7d3 |
C:\Windows\Installer\MSI631A.tmp
| MD5 | c0777f5c9995b8c0b08ed33cee7e1008 |
| SHA1 | 12f08bb8febedb3f16b22bf94bc47c5c3910a477 |
| SHA256 | cf531f10cb410f4825bab4fd4b15df8e02cb9a18505a3a3b05c4c2f4ccaf90d3 |
| SHA512 | a3478bc42730169abcb7635f1f73bc8b1a639fe2094c7e3866d8321b6efdf0740f8867dccdd5fb1b12f73b8e89a51758280ab9c3d184d36a7b86f3f91ac9dc0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c42da3a2ea3c89758a3c60d01e882edd |
| SHA1 | 90997025a3386e500e32bf83c150b64bf5eb4ba6 |
| SHA256 | 0b52266323b12fac56da7ff6ad12f710e78c7733e2022a00c6d6e88353a57a5f |
| SHA512 | beca17ae667a2473a55960408916669d2253923ac0f98134f1c7ffe3728c7fa28c9af830db2570bac082a1f1ab3996eeb64c24d546301061ec3fac6d87143607 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24e37744334d66b35ced9e9aeeef5954 |
| SHA1 | a378bfd0de867c51594b42e172613c151ba1b1fc |
| SHA256 | a8472c8761b2520a1dcc82b6aab3b641cdf70545b95547e411b1f99f72e4158a |
| SHA512 | a6eb769e567e6218ff9043bf2487f55d0287163de41bf936b25ac05c3294bebb2475c8b53a6963ba092c18a9f5531440761d7e3a0a6e1acad4cda394deb9e28a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586935.TMP
| MD5 | 614ff0468c5b2a4411863ab7372972fb |
| SHA1 | 97fdcc4cfd46e0e7209ffa89d598eb59d9abfa89 |
| SHA256 | 65dce7f57b4feb71a0dfbc88eccb36d442c70ddcc491d76d31d5364d52b9a243 |
| SHA512 | c3482308dcac7cf2ec7b88b72e276b8b2d32d9073bb423a36adf531da6bd2d449c7803c2f754d3a1b10b85863813b4b08dcf55008254352058ba81522d013ba1 |
C:\Config.Msi\e585e89.rbs
| MD5 | a11e6316a3d6fe70517343c4d8576b48 |
| SHA1 | 814204d2871c58206f93a2c2965a8e6af544affb |
| SHA256 | 00cc2be750d6aed745caab40f0256e95fbf0a4d3aedee379f7a37c63ce2c04b1 |
| SHA512 | ccce0708677a4234d5b6087251f565c3375340c96bbefda919294c81d85a3bcb0029af27047c011f7a03bfd835d4b2c9372607e438d763069f621b7e2610d06f |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.203_(x64)_20240406235707_001_dotnet_hostfxr_8.0.3_win_x64.msi.log
| MD5 | fec8776ce16bd3deadaac882f219e981 |
| SHA1 | 58b1946fad439219e6edc34ed5f03b289d8e6cb6 |
| SHA256 | 099a676c0f7ed09ca1dc493b9b1a7dfe08f5c53570db76a8affe306cef30e9a6 |
| SHA512 | d90badbf115c20d89a50e766fe8b533e88cda89c327931197464adb73bcab4f717eb7a9d2c2fe04299397679a2b9edc21d15a3e32d1eaed8f32c0fc4062bab2f |
C:\Config.Msi\e585e8e.rbs
| MD5 | d6668b4ee2fac740e24e8701bd2558e1 |
| SHA1 | bc1d21a785e742e98b82bb6b2005c58cad3c91a9 |
| SHA256 | 6e0a5caf972902f714567b65641341539c141f39b3b9fff2e63ad129f8324b79 |
| SHA512 | 1cf7f0572d98368f5ec4c12c45ebd5a903683e1fee53621efb76186a7ebe7809ee19cc85a2e9f8bc0022d5e0dd1cb894b17f7cba76ad38e90f12be8c12aff850 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.203_(x64)_20240406235707_002_dotnet_host_8.0.3_win_x64.msi.log
| MD5 | c8ffc04af1de19651ded8bcae3a6e789 |
| SHA1 | 42a4aab5a5a112d8ebc5a52c8829c46d2503bfd8 |
| SHA256 | b44b6eb3f8512b1393cb1591470d493040d56bf81c34fbb76d0c68ca94765400 |
| SHA512 | 72b67ff73c7dc97953db6254195653b1ac4f96af7e3b21c1585c433ebdb2aa8c18185aa60336750d3cbaba686312d583f7000fc7a7b20ffbe448c769b9441b94 |
C:\Config.Msi\e585e99.rbf
| MD5 | b51fb63223915f23c60adc580c9a0531 |
| SHA1 | a22bf33ac2769c31c922c45f314b4d6e42ed77db |
| SHA256 | b9eace03c8471717e3f98873527005dbd9a92367b954f8c48484d2b7b78efbac |
| SHA512 | cd72aac2128c48c34568db1ac7b33e6934f31f473278426ef2acf9cd4df545dea8424bedf79340eb74a966ce39a3a7d9910fcbe456047d83330c62761644194d |
C:\Config.Msi\e585e9a.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Config.Msi\e585e93.rbs
| MD5 | e3e44cb8645516028a8d4828aad9aa80 |
| SHA1 | 67677a5dca697646cb847e00280c05a074016d26 |
| SHA256 | 6ae35c8cdf517d9277f51b6999d839052e3c76f4102093cfdb8a3ec0d499b721 |
| SHA512 | c7aada12a11a2e5947d05976d02f80f334e6488644ff60c7e66d3b17427ec2bc0c89d7a65f5bf47b7b12fdcdf8e562f0d41bc2d00a0ef33446d6813d04a273bc |
C:\Config.Msi\e585e98.rbs
| MD5 | 57d15381378d3375a5301b270e8b6f4b |
| SHA1 | 58479658c251025709552da0af01bda758a2db33 |
| SHA256 | e1a8f78df501e52e61e45ae5e97c212ec11ccbb65608e493278165928499977f |
| SHA512 | 504a7ae79fadc080a2f951f438e2123397c29f00d7ef16f0ec37df09f632d3a306c8929b5c344d9db5a48b91bc0e2611e47e02cd9ab8aa517be243b187e70e98 |
C:\Config.Msi\e585e9e.rbs
| MD5 | 6427661c7d184eb773d518473be52a80 |
| SHA1 | 21519de346c2de8be0b63f341833d92826691d6b |
| SHA256 | 56e9c38ee3890e6db333b2193c07f751cdd90b6aa2a5a0bed01f749969334a38 |
| SHA512 | 0cc8a4701cb6fba4dba4ace832c5d54d84b688bb3e486f98e9c7e2e6eb3ef686d4cbc1a45f0a6db94a29387be429770e9a4afe0aa54845b973d4d4ece4664945 |
C:\Config.Msi\e585ea3.rbs
| MD5 | 34fc7dc0c690e807ec8f592528a01427 |
| SHA1 | 15a92e9d729f63bc791a56d2949c5a6468b321eb |
| SHA256 | 96b2e4a5fb0f622ecf6978b2d5896e5f40711cb713e19c7d89b7eb4ecd824c44 |
| SHA512 | 2bc4c76444b9fdc1e5cdc72e9028d41bcac95fb40f432cc71ccf94a26ee718bf50d7d60901b259e78255da6b1d9caff135439914c54ce99ae7794c75e1665a5c |
C:\Config.Msi\e585ea8.rbs
| MD5 | 03524715d8d8a5042af43a459bea7890 |
| SHA1 | bb424b55bc8e1fe476afbfe0419ef0f09fe12dad |
| SHA256 | 2ec5315ac689d3fedb57bf2489b39c572eabd86a31e9d2fa4f898d911950c4f7 |
| SHA512 | eba93072d429e1444bb352eb615731f69e920a44a5ada8c9cbf2ac2c25a05fb66fe8ea9e2dbcec57fbbb82d70fd4784ed0815722971463f732f62b2ccdf694dc |
C:\Config.Msi\e585ead.rbs
| MD5 | 3c716693c22784b198bf6121c22bedd1 |
| SHA1 | e5e6b18f68ff114004835d224d9acc567526a5dd |
| SHA256 | ba4cfa1d6b173ed3b46e9300ffea56982b325425a969f02436837d88d4b0f388 |
| SHA512 | dcf9db598822ddf0bdb0eeee353b89b212275d2b25340205aba67cc1d5c4ee544ca9bd78f2cb1d315749019f9f24f598815a61d3f4ad041cd5234e6723cb2f38 |
C:\Config.Msi\e585eb2.rbs
| MD5 | aee2eca07c335cc6a6f0fa8b994c68cb |
| SHA1 | a80bfbcf0bc18bd109468fe9d27322c075ede100 |
| SHA256 | fca5c4eb93eedefdacfea97be552dcf28771302f3e225149f2672e3ef036b3b1 |
| SHA512 | e42b7a14dbec7394fd5b73d2d986fc47c696ce0e482939120a92f08b9a48a7d8be5e5e0b8649788989f89ec33a129d8c960251c3fdec04a74bf1296a2b2948be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e112d6b42a47824f4d19d738933ea02 |
| SHA1 | a0fb5b71931e719b52ac30d51defe52229426f44 |
| SHA256 | 6809ae0189a7390a48456df26fe71fe0e323e503249adf3890a6598f1fdee34f |
| SHA512 | 538e2e49290dd2f139de20e4934bcbc989e14527b808f490885a0ac6e25748e5f373fe5efd32bb3d970110a51a5533ec395c3562a733742db2cd0bc89eb5ec14 |
C:\Config.Msi\e585eb7.rbs
| MD5 | 818b99e3356931a899892731cfa97265 |
| SHA1 | 19579d2cb14be32f018e3b55eae86749d44c5b04 |
| SHA256 | 03f028c4117de848b2d2f6440b5f93f0d93e4dce6c6338e53fecb48f4df2720d |
| SHA512 | cfb0cc13e0b9800e0ac241658530e0b3787a3728b9995665c13157784230305a9275339b8ba348faf21149e607a6ee15d55dd2cc22c1854562d422abd8fb4eea |
C:\Config.Msi\e585ebc.rbs
| MD5 | 2d68037d3d33aa52f8fc5e95d3fb6996 |
| SHA1 | dec7afe86d0b2331c333a23cb6f3827586787a7f |
| SHA256 | 8f4d97cd3c5788c526c4f438bff00045cb188276f3ae42deda938bc81e285fb2 |
| SHA512 | a8c48ad07d2f77f5cea9d49a1124b227bcca02048b36109285527a4442d9f9b59443d7a04f696b346ac7297033ea77adc453a9f18638b9d68880547eaec016fe |
C:\Config.Msi\e585ec1.rbs
| MD5 | 0bb9a73e9931a95418851d22173c409e |
| SHA1 | 7e50401d0d0d3341281fe1da8f47ccd7877d153e |
| SHA256 | 4d07aa92ed5cebcd44db1e8983d65943122ea8d2e8034c5415bb3130aa90197f |
| SHA512 | eeff60150ff9654f9bdb23cb645f849c525f0da7290a6715f2ca3dc83cd110077cdc0a36a8d946d3b8dd78be152c114175828687c0430007a4947ed48d5f152b |
C:\Config.Msi\e585ec6.rbs
| MD5 | c1af77ad9daba52050b1428e514f1eeb |
| SHA1 | 5c9171d54e9fb9d475fbfe7e768e88524a38e0f9 |
| SHA256 | 4df3cddbfbada59c3af533a502b2a9e7741adf151bbc1285ba7b72534f7192b0 |
| SHA512 | 910b31b3e10a0c848727009c3d564c9657cb1b81bc274536dfd2b0061c9bf4ebe4e8a486b618d27c021eb2b0df6dbc052309b2bb54dd1f85c2fe32fbb5910137 |
C:\Windows\Installer\MSIB258.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Config.Msi\e585ecb.rbs
| MD5 | 9b20888a18ab7524083cc621d80fc30b |
| SHA1 | 9f9e3c3f70d3f58a2818d4a07871bb18ccbc63c8 |
| SHA256 | 19a5a81c2b8bea0408eed299f684ca3312873619e8366b6fc34fdf685a012280 |
| SHA512 | d7114e1679344de31181813986b795f34c955f8f7d1778f2566b82991399cfc7c9e061f50be580699c9dae2dd6c6b3e37153316d0c997a31e2049a2bf2df5e44 |
C:\Config.Msi\e585ed0.rbs
| MD5 | 090dfd99ac7f5bbbc5d8b8b8fea2d947 |
| SHA1 | 5178c6ba9e04b37944d2480d3ade497da0186d1a |
| SHA256 | 593eed8cca788f24954d9edae1672b0d254eebec3fcd6c9693e6574c8bc374ea |
| SHA512 | 0428b87de0e2f4205d2c9db97d6109b794bf58cb6a2836016fd70a0a6713537e286094ceeee43124f2f8ff4aea6321bba59d8663eee916954f57e9c866292282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09f1efc0c97dd99ef2f31ea5d1f4a780 |
| SHA1 | d7e6243b0bdef540f01a015707b30fdee0262f60 |
| SHA256 | 0bc06c02ba479765d06ddfe5057a5d7736155f60cc05b7b094ae410129d3b1f1 |
| SHA512 | fbcd6e6ca105479a12f6742f9c5b4d05ccf4e4d2af29cce753abfd00839eb87fcc247be568fc5d754152fe906964598e208cf6c7f20467792d9e36f3beb75ae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1891c48ca1fa11d2251d03bd1681756e |
| SHA1 | 508bc1fedf2432d4fcbbcb22243978dbeddfd2c0 |
| SHA256 | dba952f696cf909c19b96447ad2bb8f5368a566145d0a1926c5860889242fc64 |
| SHA512 | 904b3e9bbcd74dba2448781346352a5cf4ccce8be15d9c152f6580a4fa9b3ba738a58c2cdaa2a28d76ee006f842cf9b1af82df90d95bade297a0f06de934c298 |
C:\Config.Msi\e585ed5.rbs
| MD5 | 28f5f4718174cad32cb48f1eeab464f7 |
| SHA1 | d7b3a50dc06b3e750ab1e71091f55ea3b36a943d |
| SHA256 | 16c8926f92e3f739fdf5be435bc96f334f88c67ec17101a07822c4c6ad95374f |
| SHA512 | 0a6956aee285c6f1777e207424d5c9ac5ef10e59aace2a3ead5a01cb5d0144f577c351552be40e7b6921e4811044201572e45b31c17928cc3083a4e19c671d5d |
C:\Config.Msi\e585eda.rbs
| MD5 | aadb9ee3eadaacd79ef3babb471ee769 |
| SHA1 | 1ed09f884425c3628ae6f40537dfa5495e8043eb |
| SHA256 | 4341f69add16b235949d450f9b0415f7238444b2cd3fb8d26917aa76d723b588 |
| SHA512 | 88701e975c12a3213ee7f324ca72c686b7d0ea093a154ebbcbdaac969c1e361ade4a5ea2a0267acb086a7bfc58755f3218e4488f20a3245fee703df4f2758490 |
C:\Config.Msi\e585edf.rbs
| MD5 | 964f86b63586f92461b9696e3463420b |
| SHA1 | 84422bd15407462859dd9c0ff170cc037160bda0 |
| SHA256 | c248d7a0e7499cadba4abdb331b1e2859d8f6d7d2af38c691cde83ae5e5697b4 |
| SHA512 | c3d0899882d640d322b781cf0525222a6a9c0160a443f05605a253c81a445653e042937390459267c89617a2eea71e59071070ff06631da1260a76846bc3057b |
C:\Config.Msi\e585ee4.rbs
| MD5 | 6d5ab874359c1001ff2eb73fc3cbe2c1 |
| SHA1 | 1c851f8f924433e53789662346042c3d3f44c568 |
| SHA256 | 0391e131701bcc875556b740619b74904c40d22306e3bf6913c6b1032dea418f |
| SHA512 | ad9bc28012050c48157ff2620884b4b6d75b18c7689e11eb705ca04f00ca17ed13a350dce324631e4fa2c8d6fe85a8e3904fb1acd838f8618d1c22d723692a84 |
C:\Config.Msi\e585ee9.rbs
| MD5 | 1eaca1754b3140db7fc40e5afea1d2c2 |
| SHA1 | 9d0eacd626d4ea61785124e0a2857c6b32c03131 |
| SHA256 | 1472a1fca5a70ec9c0a4fd5ee4d62203ddb720cbafff6ddd4c48305b91f699e1 |
| SHA512 | 8e980b069c49e873a2063e49d47f74d79658ee649655ca912f5b2597343a254d88a76dc23be381f10e7dd917e8cf04a4f2c918ce8c44ea2d14aa613146dcab7f |
C:\Config.Msi\e585eee.rbs
| MD5 | d28e302e4893f1273c0b030b05b98dbc |
| SHA1 | 4b47c324c385909839a8f7ccd17a3a920c0168ec |
| SHA256 | a428627ca7f858016fbc800010016ddeaed73bfbece1b4f6b5978dd52c7a51c1 |
| SHA512 | 774a3af49a73ea11fb9b9c3ed4ca306b1eeecafcfff48dff4c71ab9f5645f1bf6a2544de2a4b6412d52574cbd890a9c972ed292c9b17789dbf36dd30b600ce49 |
C:\Config.Msi\e585ef3.rbs
| MD5 | a140e9c8fb6d3d9b7d8136738418f117 |
| SHA1 | ca516b834640176d998b2149c939eab72a02b806 |
| SHA256 | a0bf536f7ea5d2428296366713bc188703db44c000733451ba1a678773e54597 |
| SHA512 | 215e74dbcb22f253b6d3456609ed4b44e624999b8166de9254ee8c19e53c088fd88aef5e7b6b4b8e71ce9c677fa8027bdc83511a9862097a048e25485aef8134 |
C:\Config.Msi\e585ef8.rbs
| MD5 | 698d4d027a2482fdc7fb7ca3af02a45a |
| SHA1 | 6a64a47c65bd60290307dd1100609d8a8dac05e5 |
| SHA256 | 05675eae8a0ffaf3b7032b19e292282857b0cb8d878333bbc48ee31a57ff1d76 |
| SHA512 | b4d9822ea110130b11f2a8f8e4a9d2b96c64bf1516bab6a44cdb08553b9cabfc60bc8bdd768ffc8f45ecd1d56fefeed89fb49c40b1f234d55264c5f2903ce5e9 |
C:\Config.Msi\e585efd.rbs
| MD5 | 558ed3f078050243dcf273a790afb2f5 |
| SHA1 | 13b9dea976402b0957eacdcd59d8d863526e32b6 |
| SHA256 | 91180b889a00b9ebe5f50e015993986835a1085387eb49983696fea4ed9c136e |
| SHA512 | 93571288cb68917fc84946da7c02bbf5008ee15899d227dfc8b5bedea2e45aceff2541c60e8437490b3dc9b45c80fa708fa155d551b7547edd7f964bd385832f |
C:\Config.Msi\e585f02.rbs
| MD5 | 379ae4905f1c1912e9fdd99d43401d87 |
| SHA1 | aabd58f728482b59a142577dc62a91eec13ce7d2 |
| SHA256 | a9cfef1ec05820ffd5ad86e0676e738018d2e5f1efd2022a1412fad36b1a2ba5 |
| SHA512 | f69907a522b1e90d09a857e31b3191166818c331a486bb0f25fb24e692b583c0106ecd6c6e931a2739a56206cf02e9e6a1a23fbc66be254db0a263b8497e31ea |
C:\Config.Msi\e585f07.rbs
| MD5 | 23070b7943054d5abf80b302660d9d86 |
| SHA1 | 5ec147c42d2be67dca1378623aa9fd50dbeb6d61 |
| SHA256 | 3a575d959637e785ef9360d3ce19a8678a9aac158b791107b02b4276b722a966 |
| SHA512 | 9808ea21de18b2848b20bb0ce4c3687849fa87cf61f6ddd5d155e3081d19bf0c443cf7406d69e5af315b557fa9dea4810ab3d9f8fd230145ceb10802ab3a1df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fca3aadf800b3935f30c5564f6f91d0f |
| SHA1 | 99ab7a9ecf25366ccd0b8a2a4b5dcadbc613c9df |
| SHA256 | 247a2e90e4ef27d22b437cb42889a4f1f128fb919c01c8eaf751e5a8cfc5c6a9 |
| SHA512 | ca9e0ed0dabc0f81974c21dc2a9560830869994b53f1676d87ad9b20ed13dcd3f12e2d741e14ca522097ec718ec585324c9dca31adec13ac39994c18a9c52690 |
C:\Users\Admin\Downloads\Unconfirmed 286890.crdownload
| MD5 | 78101b2c958f24ecdefec50653864bb0 |
| SHA1 | bb9b54f9cf8bda48354ecafc84dc40e366924042 |
| SHA256 | f8fcbbe27f334d922f40322a1d94a849faac25127b77541345cc76b26b558896 |
| SHA512 | 21f4c9450edbe7b959035b331c59696b3b559da666a57470cb8886278b5fb34470b3c32182dd367ae4f24c78e9af200d6f8b94c67ee4cd3e17e41e9983e56a37 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
C:\Program Files\dotnet\sdk\8.0.203\zh-Hant\System.CommandLine.resources.dll
| MD5 | 9101e8227a7ab83cafd27e4ec222ba10 |
| SHA1 | 3a80807f7cd695bd9258eaaadf8b2d7dccefc125 |
| SHA256 | 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e |
| SHA512 | e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412 |
C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\testhost.x86.exe.config
| MD5 | a22cdd3374234d3a50c2ace2dc33a63f |
| SHA1 | d71bb2417cb805c3da21ebcc0e1ae5a102823c9b |
| SHA256 | b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874 |
| SHA512 | 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-format\fr\System.CommandLine.resources.dll
| MD5 | aa8eeb801d74a4e562fd8c044e03fa8c |
| SHA1 | 8653841bd62dc74f605f608ed8f354dd692faaa2 |
| SHA256 | 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b |
| SHA512 | 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3 |
C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\cs\System.CommandLine.resources.dll
| MD5 | 2f679e46823cf54660405eda0dbf0842 |
| SHA1 | 29fdcbd753e36022b6308425dad9323e5f3472fb |
| SHA256 | 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf |
| SHA512 | f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-user-jwts\8.0.3-servicing.24116.15\tools\net8.0\any\dotnet-user-jwts.runtimeconfig.json
| MD5 | e67113eba3a0c72376bbf165cec70c8b |
| SHA1 | 76951f96b896223057842f9924c61ba19cc34f9e |
| SHA256 | 2cfb0a4361d576912ab89b3abcd4fdfdbc1db4375d59d50d8b7ce4adec72a391 |
| SHA512 | 0bdc6a3831a2280706fa3098c976e53558ad9a2ad61cd63f2dfd868e3e72b7bcf0c6467902738b1b6bdf0d61b21a500fba21cb12fcff8b1c463034e4a8cf643a |
C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Program Files\dotnet\sdk\8.0.203\ru\System.CommandLine.resources.dll
| MD5 | 7717b3eae55b3ec74f40699c1b9896c0 |
| SHA1 | 1483166af6059633de2e20545bc3f3cb6f035304 |
| SHA256 | 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02 |
| SHA512 | c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll
| MD5 | 3f14df8e4be6100673090c43eb3c3476 |
| SHA1 | 61c1e35aeb6cb477077416f050c344fb18f5f87b |
| SHA256 | 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2 |
| SHA512 | 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c |
C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Text.Encodings.Web.dll
| MD5 | fa9d0d182c63c49a4c567f7c1652b6e6 |
| SHA1 | 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc |
| SHA256 | e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84 |
| SHA512 | 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7 |
C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.props
| MD5 | a5dcc9e5bf323d748b26652e11956905 |
| SHA1 | 7f8c7a2523d1f4600e0f8bf347d10564cef36780 |
| SHA256 | 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c |
| SHA512 | 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4c2d88e2ee8c1209d45ef7464d50af88 |
| SHA1 | 501b08b175882b68b48a8288e791206796cd06b6 |
| SHA256 | f35996b756a5a5f56afae0deac49714de0409ac1e53519862239cb668a314df7 |
| SHA512 | 47806eb9c21971390ea0b335dbd80053c425741209d6205f7eb3b85d98272df76db93a70bf193df0e121523f575067c2a6ef0e62eed08776f8b68b5356e15bbf |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | ff34978b62d5e0be84a895d9c30f99ae |
| SHA1 | 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85 |
| SHA256 | 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc |
| SHA512 | 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28 |
C:\Program Files\dotnet\sdk\8.0.203\Containers\containerize\tr\System.CommandLine.resources.dll
| MD5 | c9c8df325a05d227bc32a5d854713c4a |
| SHA1 | cf9ea69ccebd1ef0bd46beff01254a02c5fb0131 |
| SHA256 | 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf |
| SHA512 | fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97 |
C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\tools\net472\System.Text.Json.dll
| MD5 | 63f1d0b53ce47b0ac3216281c8bcaf24 |
| SHA1 | 090cb7392ed07a94d237b5aa2175689faaf49b7b |
| SHA256 | de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb |
| SHA512 | 386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521 |
C:\Program Files\dotnet\sdk\8.0.203\es\System.CommandLine.resources.dll
| MD5 | 79e57433e70b5a0a300303dfc5d759b4 |
| SHA1 | cfe5862964f3b389cbac01e157e9ade0031e45ef |
| SHA256 | b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8 |
| SHA512 | 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\zh-Hans\System.CommandLine.resources.dll
| MD5 | c182eebde556be386ca5b656974993fa |
| SHA1 | 864aab5c6e71bc3537612c2541e7737d02e6f4c0 |
| SHA256 | d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd |
| SHA512 | 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52 |
C:\Program Files\dotnet\sdk\8.0.203\ko\System.CommandLine.resources.dll
| MD5 | ea1fc85ccabec5aa1ae22452afbafac1 |
| SHA1 | 8ea9da27d9335f80c76867837688218b78311148 |
| SHA256 | f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483 |
| SHA512 | 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479 |
C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net8.0\de\System.CommandLine.resources.dll
| MD5 | e771e643a2f47b5d527aa4dd1e857aed |
| SHA1 | ddb6ebbdc354122989c67ed9cc2555da640b16e5 |
| SHA256 | 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15 |
| SHA512 | 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-format\ja\System.CommandLine.resources.dll
| MD5 | 5d26652b0f420ca6ba2bfa00b84eea38 |
| SHA1 | 8dc1d2a7cb6b857344c120544f842fccdaa97e79 |
| SHA256 | 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c |
| SHA512 | 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\pt-BR\System.CommandLine.resources.dll
| MD5 | c7f0f7e0a7562225d7b60b88459bde92 |
| SHA1 | 96c432044ecf7d346e09c6c46f5ca163396d97f8 |
| SHA256 | 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353 |
| SHA512 | 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999 |
C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Memory.dll
| MD5 | f09441a1ee47fb3e6571a3a448e05baf |
| SHA1 | 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde |
| SHA256 | bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f |
| SHA512 | 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6 |
C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets
| MD5 | 5725a6d47308db618d015c3e55dd499c |
| SHA1 | 9b3e1ac8d62d522505f57fee89a249ac33325edd |
| SHA256 | 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1 |
| SHA512 | ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798 |
C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\it\System.CommandLine.resources.dll
| MD5 | 4e92ced559ff6f26d238fc5393dab39f |
| SHA1 | 400983302371c5a7ba38e3dba8fbc4c5f8192018 |
| SHA256 | 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471 |
| SHA512 | 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 9d47d73cba3278bfd203fda8da5c4e75 |
| SHA1 | 5ef2fce6f6461baa9630019caad12c38abdb5a93 |
| SHA256 | 8108ca4dffefbc2f75ae260efcda1d1eff9ddc7bf49a78de81333e61f88850ad |
| SHA512 | 2768217db76a199338991c6c88bde0d197c45fa147becf2b05482d3eeade7a3eceead472026f81ca4e1848f8506982c466f24cbe9c95c59406bb76135c96ca33 |
C:\Users\Admin\.dotnet\TelemetryStorageService\20240406235818_5f5649a48dc043498cbda7e5627e3e92.trn
| MD5 | 9b09be5082bdad2a9046aadcfd97ef56 |
| SHA1 | dd7a69330cb2268fe8c7910ee90def6afebaa5ff |
| SHA256 | 051c39d5669e39f136ab3796eb9b3918b41d83ef5e801e74ed6ee41abfe6f514 |
| SHA512 | e5e83c6882893a8db5b6942beb7f465b98273edd6fc8fe31b37501a1b6c62bd6426227756391656c5b4b17b5af22dda0074b035cbd6add676861c9618f7674cc |
C:\Config.Msi\e585f0c.rbs
| MD5 | 1aa4ad798bf710b7080755669561c49a |
| SHA1 | 34fe9c75026571c7fcae0fad642d62af446e5a1e |
| SHA256 | eb43e86057687726825c366646a1815bf5efc09a128e252430b6017d462ae939 |
| SHA512 | 40f0611dd38e443cd1aa08b9fba08e0afe98c4291e690650ecac6bb2a505bb5f7c24558f0ae4973da77def9685e6cdd66ca3dcc834126b5b80ccecdb3554cff9 |
C:\Config.Msi\e585f11.rbs
| MD5 | 0c8110bfc882ce199febb07e25a2dfdb |
| SHA1 | a314eb180ba81774fab5e96f4cbce51d24cc1ccd |
| SHA256 | 4008bb827b6f0161d3aa62205f65eb32c01c08168548c76d9e3ba7d6762a0e4b |
| SHA512 | 8c62e60663d049ac7fc3008df0c625b587892061ef27a777d19dc260e4d718755b987bf6d7316c6a6c238ef9fa47469983fafca1a13750ebddfe94c6445266e8 |
memory/3052-6406-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6410-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6411-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6409-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6412-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6413-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6415-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6416-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6414-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6417-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6418-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6419-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6420-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6421-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6422-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6423-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6424-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6426-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6425-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6427-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6428-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6429-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6430-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6431-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6432-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6433-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6434-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6435-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6436-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6438-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6437-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6439-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6440-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6441-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6442-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6443-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6444-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6445-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6446-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6447-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6449-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6448-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6450-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6451-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6452-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6453-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6454-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6455-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6457-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6458-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6459-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6456-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6460-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6461-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6462-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6463-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6464-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6465-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6466-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6467-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6468-0x0000023618090000-0x0000023618A10000-memory.dmp
memory/3052-6469-0x0000023618090000-0x0000023618A10000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5a4ba76f202b4615223f7cca87c23c1 |
| SHA1 | 1a303573c8ce875cbe575f2f3aee8ea819873c17 |
| SHA256 | c1087a33cbf106225cc3bde7d9f027e9ccd04012d029b087b911bdbc68c2c055 |
| SHA512 | 12a14e6f90070123301c2b1e6604b0c2419b9028021a157a8076926ccca45dcdef9874f526d1a1d9eab7fb1a6f77d241377fb2833b82d9e08156c5aede7c79d6 |