Malware Analysis Report

2025-03-14 23:12

Sample ID 240406-3wd5ksef2v
Target https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.203-windows-x64-installer
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.203-windows-x64-installer was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 23:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 23:51

Reported

2024-04-07 00:00

Platform

win10v2004-20231215-en

Max time kernel

241s

Max time network

242s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.203-windows-x64-installer

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Beyond Launcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A
N/A N/A C:\Program Files\dotnet\dotnet.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} = "\"C:\\ProgramData\\Package Cache\\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9}\\dotnet-sdk-8.0.203-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\sdk\8.0.203\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\Microsoft.Win32.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\System.Security.Cryptography.Csp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevel_7_all_warnaserror.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Publish\targets\CopyTargets\Microsoft.NET.Sdk.Publish.CopyFiles.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Common\tools\net472\pt-BR\Microsoft.SourceLink.Common.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\fr\Microsoft.CodeAnalysis.Scripting.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.Extensions.Diagnostics.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\pt-BR\Microsoft.CodeAnalysis.Workspaces.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\testhost-2.1.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Web.ProjectSystem\targets\Microsoft.NET.Sdk.Web.BeforeCommon.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\NuGet.Build.Tasks.Pack\Desktop\tr\NuGet.Build.Tasks.Pack.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.3\ref\net8.0\PresentationUI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.Extensions.Localization.Abstractions.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\testhost-3.0.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\testhost-6.0.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Reflection.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.3\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\es\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelsecurity_6_default.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\tools\net472\es\Microsoft.NET.Build.Tasks.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\es\NuGet.PackageManagement.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.AspNetCore.Server.HttpSys.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-netcore\Microsoft.Extensions.Logging.Console.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.3\System.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\testhost-3.1.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\tr\NuGet.Build.Tasks.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\FSharp\Microsoft.FSharp.Overrides.NetSdk.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\core\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\ru\NuGet.CommandLine.XPlat.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\System.Security.Cryptography.ProtectedData.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\tr\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\fr\MSBuild.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevel_7_none.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\pt-BR\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\net472\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\codestyle\cs\cs\Microsoft.CodeAnalysis.CodeStyle.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.3\ref\net8.0\Microsoft.AspNetCore.Mvc.Formatters.Xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Microsoft.Extensions.FileProviders.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\codestyle\vb\ko\Microsoft.CodeAnalysis.CodeStyle.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\it\NuGet.ProjectModel.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_7_none.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\MSBuild.deps.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\es\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net8.0\pl\System.CommandLine.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-user-secrets\8.0.3-servicing.24116.15\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.DefaultItems.Shared.targets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\tr\NuGet.Protocol.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-arm64\8.0.3\runtimes\win-arm64\native\ijwhost.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\de\Microsoft.CodeAnalysis.Workspaces.MSBuild.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\fr\Microsoft.CodeAnalysis.Features.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\net472\pt-BR\Microsoft.SourceLink.Bitbucket.Git.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.3\ref\net8.0\System.Runtime.Loader.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\System.IO.MemoryMappedFiles.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\tr\Microsoft.VisualStudio.TestPlatform.Client.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\zh-Hant\NuGet.Configuration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\testhost.net47.arm64.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.IO.Compression.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Tasks.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.3\wpfgfx_cor3.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_5_minimum.globalconfig C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\Valleysoft.DockerCredsProvider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\pt-BR\Microsoft.DotNet.Configurer.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\sdk\8.0.203\Roslyn\Microsoft.Build.Tasks.CodeAnalysis.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ee6.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ef0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5D4A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ef4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE02A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{4D2643C0-CD98-4F2F-B4AD-FFE4EBC076EE} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585eb9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA4F7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBA41.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B6AABF89-C18E-48E3-8A82-A596F21B2DB4} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585f12.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ed7.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{F3AEB036-4B8A-4C25-B4D2-850944E909C4} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI631A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6F75.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8A22844D82CFCF24B8D1127A5897CF97 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585e9f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585eaf.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ebe.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7091.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ea0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ebe.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBB5B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585f04.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI625C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ea9.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ebd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB7CD.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585f08.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585e90.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB606.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ee6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585efe.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D11.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585edb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{568F99E8-9F2D-48D7-A05D-D64C512B3AFD} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD23.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585eeb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585f0d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA16B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ec3.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585e90.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7061.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI73F0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ea4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8139.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585eb8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBF09.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC420.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ed6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585e8a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6C93.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\8A22844D82CFCF24B8D1127A5897CF97\CacheSize.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI71AC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585eb4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585ec3.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585f0e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8A22844D82CFCF24B8D1127A5897CF97\64.0.4211 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585e9b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e585ea5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB45E.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98FBAA6BE81C3E84A8285A692FB1D24B\PackageCode = "71503D5C5BF34CD4EAA4267671929651" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8FEE641BB3EB0F84D9B4A572E265F2C5\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.3-servicing.24116.15 C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\260E11500E7708F4BA3AF0999BFEC8B4\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D05797CA-ED7D-45C1-9F4D-9E5A090EB7CD}v64.12.10343\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64_arm64\ = "{D6F489DE-D5D6-4EF0-900E-8E04C74AC475}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98FBAA6BE81C3E84A8285A692FB1D24B\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{B6AABF89-C18E-48E3-8A82-A596F21B2DB4}v64.12.10243\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3}v34.0.43\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\ = "{98927287-8779-447A-919E-73028D53F719}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D9B147588CBA04E37812B30D4B26F9E8\FT_DepProvider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.Current,8.0.100,8.0.3,x64\Dependents C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net7,8.0.100,8.0.3,x64 C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9495FE4D36E85484D96CC4079A890CFC\Provider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D5AE770B39A9F543B3BABA9836EE5BA\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A7D13A50480BD8334846970004A64E74\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DB9E09EB14A57123299C1CD44F7E035F\0D6FE611E8EAD6E40B8DFE1F54DC54AD C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.3,x64\Version = "64.12.10243" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D98088DE-EDA4-4E1A-BF0F-ED9A9145CC70}v64.12.10343\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1C4F022D4DB8E27498945966AF8184FE\SourceList\PackageName = "dotnet-80templates-8.0.203-servicing.24155.24-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_8.2.324.15524_x64\ = "{13CC7FF7-A637-4760-A9D2-8C96BCA9EC85}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version = "64.12.10343" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64\ = "{4D2643C0-CD98-4F2F-B4AD-FFE4EBC076EE}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.12.10343_x64_arm64 C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A94EDD4567806A74FA344BD03E540F8B\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64 C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F3AEB036-4B8A-4C25-B4D2-850944E909C4}v64.0.5426\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0C3462D489DCF2F44BDAFF4EBE0C67EE\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\ED984F6D6D5D0FE409E0E8407CA44C57\Provider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,8.0.100,34.0.43,x64\Dependents\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\99015796823C52932B0273D770507C7F\8CF9DF3275A638C4F9E2861A4B8A6589 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2F6090EC11C6B2A488B0FA9B42471BE3\PackageCode = "566DCCFDE025B794DA2ACAEDD7121855" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CF9DF3275A638C4F9E2861A4B8A6589\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\98FBAA6BE81C3E84A8285A692FB1D24B\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A94EDD4567806A74FA344BD03E540F8B\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.Current,8.0.100,8.0.3,x64\ = "{23FD9FC8-6A57-4C83-9F2E-68A1B4A85698}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\PackageCode = "4C3E0B05906EFF945BB9406067C590D9" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57E95FB650EB96C4C98453236BEDE05C\Version = "285221150" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CF9DF3275A638C4F9E2861A4B8A6589\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F0F2ED949C5241542B8B26C99173B8C7\F_DependencyProvider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3F3BB57F0327EBA38A69B564A5CE6078\F0F2ED949C5241542B8B26C99173B8C7 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64\Dependents\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ED88089D4ADEA1E4FBF0DEA91954CC07\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\SourceList\PackageName = "dotnet-targeting-pack-8.0.3-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D5AE770B39A9F543B3BABA9836EE5BA\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net6,8.0.100,8.0.3,x64\Dependents\{1b7b7e0b-adb5-40cf-af56-2586842b5ca9} C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D9B147588CBA04E37812B30D4B26F9E8\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\260E11500E7708F4BA3AF0999BFEC8B4\SourceList\PackageName = "dotnet-host-8.0.3-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64\Version = "17.0.8478" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\Version = "285221150" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC79750DD7DE1C54F9D4E9A590E07BDC\Version = "1074538599" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Version = "134217731" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\DisplayName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)" C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 681194.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 286890.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3708 wrote to memory of 5024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 5024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 2684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3708 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.203-windows-x64-installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963946f8,0x7ffe96394708,0x7ffe96394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8

C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe

"C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe"

C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe

"C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe" -burn.filehandle.attached=564 -burn.filehandle.self=572

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe

"C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.be\dotnet-sdk-8.0.203-win-x64.exe" -q -burn.elevated BurnPipe.{93D483E5-E9AC-4BAD-93D4-B1199F3868BE} {3AE7562E-5C72-4B50-8B38-21E09F4FBE52} 64

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 448778194960EA2149281B87C015E68C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AAC51B6784A70791FE7EAE9E60E38E5E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A88CB175D4F51FBD3682F71794F52052

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 63229FBC5C40884128A8C46D8C453BA2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1986F245E8C188339914B5402AC5AB27

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 42AE72573ACAEF68554C88B67D1C5247

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CBF118ED8F1873EE7C194E7D9CAB49C1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CCA3F2E740248BEF9CCCC593DA5B1C90

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EE1839F014BE750F19AF7E7D6814B4D6

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EDC1D5D7A8DCDFA337D4F94E1AC3213B

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1728 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 07520C2801D93D7C5B27C9238A9F8DE0

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E6F2F10DE45B90E08F556915898F84D8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 91D17AFAC99754B8474B8EF80271450D

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0DDAC3C52BD7B22E25828B3F6D0631B6

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B65B95098D4BC658298C014334F3F367

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5984C34DDFD3EE5199BF01F9671FC7EF

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 421F693EAA83A19AC7BEB0D74EDA9A73

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 481B398CBF6FB1B8BE38E829E357A494

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 72532A3BF610E9CD2B1FA4A5925056B4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EDE27F21157C568FD8B3F1632644F316

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 55C38B966931AA5885E592ACFCE5320B

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 69DF1C953842A526672FE5C003E0BF0A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F7022B12EDC17F8BA8A840602922A8AB

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FC0AA29B6AF5214EBCAF956A1625F176

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 526EEF8B06F9B308EC15FB4770A8CA96

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4E6B21FA7EA8B1C4664E3CC3F4AB09AD

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 /prefetch:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7349A3F1EA1B5957D569DD4F85C83513 E Global\MSI0000

C:\Program Files\dotnet\dotnet.exe

"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.203\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\system32\getmac.exe

"C:\Windows\system32\getmac.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6D5B2AA73D57A0E4183E046E64FCF9E2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Beyond Launcher.exe

"C:\Users\Admin\Downloads\Beyond Launcher.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Downloads\Beyond Launcher.exe

"C:\Users\Admin\Downloads\Beyond Launcher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tos.beyondfn.xyz/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963946f8,0x7ffe96394708,0x7ffe96394718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2190086396911826482,8875594599440776235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 72.246.173.187:443 www.microsoft.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 target.microsoft.com udp
NL 72.246.173.187:443 www.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 20.42.65.88:443 browser.events.data.microsoft.com tcp
US 20.42.65.88:443 browser.events.data.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
IE 66.235.152.225:443 target.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 54.171.29.243:443 w.usabilla.com tcp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 243.29.171.54.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 20.42.65.88:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
US 13.33.50.116:443 d6tizftlrpuof.cloudfront.net tcp
US 13.33.50.116:443 d6tizftlrpuof.cloudfront.net tcp
US 13.33.50.116:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 116.50.33.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 150.155.9.20.in-addr.arpa udp
BE 2.17.107.98:443 www.bing.com tcp
BE 2.17.107.98:443 www.bing.com tcp
US 8.8.8.8:53 98.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 download.beyondfn.xyz udp
US 82.180.174.138:80 download.beyondfn.xyz tcp
US 82.180.174.138:80 download.beyondfn.xyz tcp
US 82.180.174.138:443 download.beyondfn.xyz tcp
US 135.148.86.165:3551 135.148.86.165 tcp
US 8.8.8.8:53 138.174.180.82.in-addr.arpa udp
US 8.8.8.8:53 165.86.148.135.in-addr.arpa udp
US 8.8.8.8:53 backend.beyondfn.xyz udp
US 135.148.86.165:3551 backend.beyondfn.xyz tcp
US 8.8.8.8:53 fortnite-api.com udp
US 172.67.73.152:443 fortnite-api.com tcp
US 8.8.8.8:53 152.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 tos.beyondfn.xyz udp
US 82.180.174.138:443 tos.beyondfn.xyz tcp
US 82.180.174.138:443 tos.beyondfn.xyz tcp
US 82.180.174.138:443 tos.beyondfn.xyz udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d6e17218d9a99976d1a14c6f6944c96
SHA1 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA256 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA512 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

\??\pipe\LOCAL\crashpad_3708_XCTBEGUHDYKUVMPC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72a2f6c7abfe494b9cbc38f67ff11729
SHA1 8a31ddd7ed7094058b7c5528b4e9484db28adba3
SHA256 70b3abbe47b5f8cec1d184cbbbb4dbc66376a88b5e4899883d862e577b5b6d1e
SHA512 d9be8d1dd04d786cecf5c1373f0210cc8859943b61a260310ee21c7121577c693551513ef838c3201e8292455b11ca3ab59541e72676c7a7d4e6ee39e03d0c48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b902dfb88311f22d7eec1e4ef6d0319
SHA1 763387fd7848204254d7c184dd23768df3923810
SHA256 40e3f6562da1237d031bacbb26e4a4dbc3c40e87f0351bc9c22e35587b67b178
SHA512 ad1277bce473f449bb853beb7b3b5de25c76819dd24bb51a56254fc73da838d0e3fae8b68ef5c3b50b6e2fa7a494094c4b0ecd361e0bdadcbf856b3ea62c4593

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ad2bc134f54e1a9128bdddb74819a39
SHA1 153e93634e69e4d31755e76f058488546acc97af
SHA256 5b3c76dd58d942f6d79bf6778131e1e67114ab6682c88b498c1acf56b6795eb1
SHA512 c418adf191a617429cbf02144b9dc2ea49164a64cef1462582bbc02980a78c920c5b54e372304748cde8c59886b67aa2e31d9ed827df295d3c28e8d04900ef2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c2ef1d773c3f6f230cedf469f7e34059
SHA1 e410764405adcfead3338c8d0b29371fd1a3f292
SHA256 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA512 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 59c9ae5c49c3fe86aececd703708464a
SHA1 05a8c3052af86c20be3cc3948c897d45bd249f38
SHA256 fb9cf688f0cdbaf7f072997b121d63fc766ec5c051d42847243af77bac9652fa
SHA512 a9d150b4168b8c284c326d43dcbcd2ae11d1fd5d6bf639a1d6a2038130ac07715a0f68680c812df264d3a2be416b832790799706c5944a85d232152c0174a57a

C:\Users\Admin\Downloads\dotnet-sdk-8.0.203-win-x64.exe

MD5 4b73d828a50d4ed1022abfbaca79da7b
SHA1 4b67470c3b4913a579e1d4a489b6befc2aea2168
SHA256 1d691580c6639dc96a4c8908dfecf9e3ca000201a5cd9e2e56541bbd14b8f5c9
SHA512 f6f5609134d4006a16b96c2ca3be32acf7492bb7db233690204141a95952077018dc5f1503fd4dedf7ec44253a3427373fa21dab778a3b3d3d3d37df90c11228

C:\Windows\Temp\{9605956C-05D4-488C-95BA-6AA423714252}\.cr\dotnet-sdk-8.0.203-win-x64.exe

MD5 5161ec44df47880f6711742a13dfa8c0
SHA1 d8e4ca59a605864a248007f020a1930ba5039e46
SHA256 7e385633ea1823d46a7becfcdacbedaa3a98bd14826e18b845c0d5f1bf0b98bf
SHA512 fa19fe98401c01cc112a846dcbfbe96dd853ff81ea37d0ea7c2e5e93a4203f258d4543e5e7f03d2314a953f8d8470498df86cea77035d71477a26a42965fee28

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.ba\wixstdba.dll

MD5 aa531c5359ebfb8204c12e774c7ef280
SHA1 1a35e2a5d9d9c51ff59279fa3415ad0346573438
SHA256 44b362b78639baccd5c83f0b224a206730b1276fab849c77fd1fb17db2f07014
SHA512 49e13931d6575655ddbc1da4e09484dfee9c0308c5d071470b1d903ac37819730c6b7c7fe452f4425aa3c5bb18b1c0b16f189618517f81c378cce75e52b46722

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b459bb95e5bd9998f43aa19bf20a2a64
SHA1 6a8e555da0f2068f2eba4a8b8accbd63bea8fef2
SHA256 b14485cb54cab38d7aa8b06f7793c5d08a7616467820fe5d7fcb03fa5c3f68d8
SHA512 a2ae6b97d623a7e8891e141681f8a3fbf4e7d6480c305b3541419ebdc8a6c934414a1b2c1bc5781c5dbc679e7c624994751eb722d87803f0a98cef6f3f151337

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\windowsdesktop_targeting_pack_8.0.3_win_x64.msi

MD5 12e07226224cef63eca90472bfb083fd
SHA1 1225069268a0862cd4a60c2e9bbe622950ad4659
SHA256 e302b391326cab221688e7d1fa6648725922760d52df80190c1fba7e7d7f1f9a
SHA512 9911b690bef6957cfa36e920babd6a755b4c8e7872b055f2e063edd914dba6dee5ae7fdde1533d4e64cfcb37373bed9053dfb52128efd66f54f6e9f965a394f4

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\Finalizer

MD5 0412f8e2af21b8eeb6a5380e67624e61
SHA1 c1df8962ea1ca9d3eb80ad426d7c816237f13290
SHA256 3d13ca2b03ec66e890456c3d472a2caec37bbd08abcc90274a87b13e4e5582bf
SHA512 f5f1fb8298ca2d207a4547d9bb3b39c0e68637217d18e5182cfec8e725e501f320456c47fb234d9a79207fe4e83e5088225d23c13fc3bc2a607c41499580c18d

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_runtime_8.0.3_win_x64.msi

MD5 8fc768ed20f2edca6bddc9c9740c28c7
SHA1 876735906a852f71a13ecc20264fb11fe1bd5ce4
SHA256 7da09c3c4670927c56e866fbe1d8e7cfe44cde76a64412b818688ff0973454ef
SHA512 99c6a915db9a7488e811e6070bbf677bda3ef70eb5ef4b90bac99651c7dba372e9f337d28df3c0814cf65fceb87a1a873af7ce774c15cf6d901d93ff7aeade82

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_hostfxr_8.0.3_win_x64.msi

MD5 72abc4e1a9fb065dadb226d922644c37
SHA1 27a25044adc7faf04d5c77cbf1fca6be4f226b7f
SHA256 72b08ff50e724d182bbc2ca86ddaf87e34a97867089765c7bcac9eeb289fe3f7
SHA512 5b6b254e2435a7fdcd48b84380c8477f3168f35cff11162946e79b18f77e4913f16c27d5c9bcf42b99e959db311893794fac35446ace15b947c291c163056da7

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_host_8.0.3_win_x64.msi

MD5 2406dd29f28440a6e50f248b3d4d4741
SHA1 78d0d09d119d27ee6a44ecc922a526fc3c9d57a5
SHA256 f9d276be813e916da645124ba33155e35498b5780dfd83e552629bc527a67b81
SHA512 a00c7004a2d927f5f69d37f9e7e3111a44cf95652c56c9a3d5eea480b00fe7d592080fe22e1febcf5990a2aaf9cc120dce0bbb79649ba2413d84270e3cc3501d

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_targeting_pack_8.0.3_win_x64.msi

MD5 edac384b51bb5acdbcb319a63a97cb68
SHA1 7408e54e23a95dd1a95de0a7bfec892664c600cd
SHA256 69ad29330d0821e48407469c56b1d7305e373549f7021edb93f0adf679f84623
SHA512 9f7d9e8bff7465fff831f3f9ec474e0f3d1d4661f3bf0b63ce876c66af573c5fecc634acd0629a70a7c2f72fcb7acd7e268ae27ab319c8059b22bd32a615eb38

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_apphost_pack_8.0.3_win_x64.msi

MD5 8ee34f224068241875685e1b7ab0a3d9
SHA1 d8836c7000e0a8c56181ba5a18e8f60b00065407
SHA256 12b2c54876af8b23462fdc51c05845e67c26f7b2573bbff53b5299cdd2aacd39
SHA512 5a9d1be9babeb3b0466214cce13610f339ac3e01d704d9b7bada8d1dd1592e0c79dceb85a5922c64ee05c9efd7725a102bcaffa6e6f7795e5b71c8a80f00fc8d

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.203_(x64)_20240406235707_000_dotnet_runtime_8.0.3_win_x64.msi.log

MD5 b00b919fc66bd15ea3946b4d0d74fe25
SHA1 29dc9708d8570f2beea27b1a3360b8fefe4457c4
SHA256 0513b24343c20b10bad96262f5aee2e7b4b1acfbaa042627de574963f0307fb3
SHA512 fa86e4053403aceb24213607c7f1867c227ef41f6aec52785031aae36fe77548880e7215b91314178bdb0c432a7339efc4d5e52b805103477cb35fe1da265159

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_apphost_pack_8.0.3_win_x64_arm64.msi

MD5 45c6328c72fa077a556d3bb3544f9828
SHA1 ee067b0f803be36e80740dc9937ba21f4ee4f318
SHA256 d457b6983c1d6f5a5c5f418e0b8a2da2db8a6013a74e52ac1b7b10aa7082615e
SHA512 de4ef399db550b2908e81df19b5fcbdbd63f4619b6badeeb6dea0b2bc6e2d1fdc730630ccf5e5a9db27b8d213c6f753d04caf48358bdadc64fd954833d83e39c

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_apphost_pack_8.0.3_win_x64_x86.msi

MD5 99feca92b1707c949ea54539d6632086
SHA1 c379d6bf7ce026bb6fdb26f7f7642689b40decac
SHA256 ccd3c36507cea0c96c9cd60356d2d02e1c0dbbfb50ac3e8a01ed9140f7edf58d
SHA512 8da80436e1f0993ae40bd6ef9a74631556796c5b2373216a87a6d84259aecd8c35bb110e79acbe8af6b2ea6b0e5a4401e559ab422a821c52ed28315ed1e461ae

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\windowsdesktop_runtime_8.0.3_win_x64.msi

MD5 bc14bcfe3cdbc3ce9dd22bfd140761ac
SHA1 debd173d4ab3d0b3615e70965caa5784da7a21b1
SHA256 5788429d45f75dda557a680d01512ec02538a420d272190a95f7d370260d5a75
SHA512 92767d94647348f9e6f632d0237728f52293df236523063172c05570bbfc063639194614fb8aac1b364e2f27ec348431099028cbe402ee4941e23e7f143a06f7

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\netstandard_targeting_pack_2.1.0_win_x64.msi

MD5 5251f52509038e5aa302509da3edb0b2
SHA1 d215a985d633004c3faa5222b9b15b36b4e02903
SHA256 02a92b32305833b21246ba0fb99f5744127f1244cea14aeea77ac204e861e5b0
SHA512 1b4a9142374f77b2f27046d21998174df48f87be139954007623bc36c06bd54a1861fa610824007dbd8ae21676f6264ee4ed0f0b78797dd5f8d7363e21cd04ff

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_80templates_8.0.203_servicing.24155.24_win_x64.msi

MD5 c0559ac893bf5d0636b23741eb8eac51
SHA1 520799bd4b8fed759890249ed0afaa2f82958fe6
SHA256 8d821fb5cbfb7a7fe1c3832c328fed264e17e37f181fe5802c5dd5e615d58803
SHA512 d1b2cd95010af49eb00457984e579dcca60bf0c9e9a4c492e53da29017a45c2c0c5a5290298b6441f8a17196ff187fa1174cae11e0899c9f1123ec96f4eff1c1

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_081c3e95ca7503e49231c7598630e1b2_x64.msi

MD5 d07caa773c5840fe649b9bdfea5c75a5
SHA1 d3746846750071d34a3a7471daefd2b6bb6d99f0
SHA256 a275fe816a9f0e8afb1321cf961d1b7dd8a08fe2453748b730aa82f791812985
SHA512 58801d9197d24cee70968ea6abdce96ac5daf0e91b19caca5bb5f724547bf4e651e88fae5b2353ef3e35ce3b6a83c30384d18a35627c64db9c67908bebde32d9

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_57cd41090f5a4a01357eae4a8364ce6d_x64.msi

MD5 856aaed4122fd3c668e80e99ee23e8d5
SHA1 048065b638221ae1613218f373fcc4285c9b0b47
SHA256 8cb6e22de556200fa1f42d683cd45b58619dd97d87965ef2b9e5b9ccdf244bb2
SHA512 b579b3262b8f990722620df2b6372aec4e125d87c794e7043b411b6f40be4824ef7890d9db3cd2909b77c35c33dba3b1c7d536ce6a932b48d9c29203f92556ee

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_2df116bca13a3f03520e4eb315dc39f9_x64.msi

MD5 c9207a1511f27a1ac5aa699f66a3cb40
SHA1 c1b7580c41cb0aaef8794a0b6220e67d339b4e0f
SHA256 d0849a508c591317c5ad22a4da1b75165211e4bc33a99cd32380900ba2ff8cf4
SHA512 d41c6e6fbce7eaee4f44d5da9940aa0dc2249b417eef7267309cedc1ca97f4d5408b9b21e3f16a422545dfd38f00838f457cf72b2c8d87cb762f39af9783806f

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\dotnet_sdk_internal_8.0.203_win_x64.msi

MD5 f818e2039bd55958e0373559ab932f13
SHA1 60eb8a69c1dfcdbd59594e543e16286f5ddacf7b
SHA256 f47937f97c5d07241d3c46264573ccfb0ead6ec63941b4dde2b053baab23592e
SHA512 0722ca05807f5593fa1980513978ff9f3e13e7558d7c67d62d36548627d86d30f5d121c9af33d897d0e202c8645aee30798f5d2bf4ad48cad2d94d88070a6f6d

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_729ebc3a4ae248c9d9e33c8304329ec3_x64.msi

MD5 bada270789aaa00624cc6a15c6d53eac
SHA1 226fd5a55ceb6e6e17421d0c277fede4e868d283
SHA256 08e387b8c219006a29fb6b4d72ac95a086ca22ddfc1c674c5a7a0d8624b7e09c
SHA512 9a7b9246e74c15352e662620b8db3700d9a89e2b0df348a667cea941a50856dd8227083e123f862b8c635cc95edf8c6146e71fd041d5e63f7786f76bdbd371b8

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_214735e684df50d51cd5ee3dd47188af_x64.msi

MD5 5a3df0a493ed6dc11e83a507e09bb252
SHA1 3b91b2fdefd136d5767771fc9429c9dea4052faa
SHA256 3d33f0b6203082ffb9ae313d6dfd5d470038ac53ec13deacd8a27b6b7d16c2f4
SHA512 6ace3db9eee5ad26e9d9236ad1fda154d0d1bc07b1cbf63c10eed413548909cca0b93f0f7f57c2f8cbdf8b402a1f35ad9cc18e029d94f27848b37c6076a7b1da

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_58992e18915e0513e68e54cc16d11ff6_x64.msi

MD5 21906607aea671be689cf829e5c4879b
SHA1 14602f4e6ede8beb6500b46dae82dbfae25da451
SHA256 43e543d6f850f2a7d648b2b2ed6acb97e5b027311f64e658bf71b98f19b1d568
SHA512 4f37fa4fcb09f0818a537a6098ae491dc8c98e5b4a37ac3b439b095cc51fc5c634a35cf80c430490c08ce6e6fe9e1deb78da161a2464dbcc6a639bb1bed057dd

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_3ac17b62ffcae661d0d1414f4c3e9f26_x64.msi

MD5 29a640cd13a1a4ff5aec966db2531086
SHA1 39561cc21e156e589667e5f5854f39fbd459a442
SHA256 1515c8e6cace68670d771c1bb1fdc649bf15851048549afd24af2ca68ba7e75c
SHA512 fb2428f1372e79527b083c190a2f4d5f9d848136399e5ca5f24612b7d2570601af80dc449008441a57eec3650386e1a2dc559e02d4f60ef386d9ed0fba35bd4f

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\fbafa6938113eb2095e12092037bd5fe_x64.msi

MD5 862e8aa499d1301d365b51b426f50b70
SHA1 cc4cda13be1f7a380327a21ed802ff8ec9bac6f2
SHA256 edf7d67e5aee7c4b36b75cc123018e04679da2e8be1d852434a891cf8292dcf0
SHA512 20dce2221c4f0c65ab8def0b26d6a57f1ff6c8563af4cb0e3f6792fb2e53a7d55c90e85b4713885e1df32be7203c1e3b32c432f5098af7aade27ccb94b823abe

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_24bb901c0e890ef24f6b95928cd093a1_x64.msi

MD5 08576684dc0d9c3fea36b258bbc87b34
SHA1 27865402e7afbef88bac8130cf13f4451afb6319
SHA256 2316d799c63e5c0b9c019bd01dd83f54c50c372f6557a8f6773f04b1b5046f61
SHA512 29e4b63c2eaed28c0693faee945cf29a64841c84062208de7641aa08b841648d674298aad7464956893116e0329f54616b3dae231864e9331b438d5b90f9baf4

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_4ab27be2a7a2a677d46caf9075f2248d_x64.msi

MD5 c8a8f2d5cabda4ba878b4bf9d65e54cd
SHA1 16a047d5523aa5dd4460687bd77302b056728a58
SHA256 02ea8e2e2f95ae1d5876713ad700b87c02b889730708b7839c2bbc5969f5fa84
SHA512 f04a5a84290798957b2f1fc147a0b4c00ce8455c7f61b10f1b114e289ab767ad9416297d2e8d8895b0bb599f3e6fab6eaf69d35332ad0a4821e7da0ccf013f87

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\AspNetCoreSharedFramework_x64

MD5 f4cbc878ab357030ac561722ae72dea8
SHA1 75c4b7e38a0c97a917e03269f7f4831daae4f70f
SHA256 268a00a02da81fcc60b7234004e387eb31a79a214b8e8ff7d5455d87171fce84
SHA512 a4827e48782fb86cfd06e09777dc4b839683a69ffc82900b405c86684e76c4d3b10b58884a8df1a892684bb993e62d2cb8d2729e4be6554e95ac285b1a7acdbd

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\_28c86dc0e8d71959057ea0317b3698a3_x64.msi

MD5 5985e25e0ea09278e4e73b528c90e941
SHA1 654c6cf6961e20127a193e4574b80b34f6af4b77
SHA256 15db6e2d742eaff97251a10d62edbcf04df6366e745e8ec744c621057b359895
SHA512 377d2c36d052a4516f0e7a401ed9080626095f23dfe272f7c41c2da7d6665f66ebaf69961c253b0aefcb29b6dbc76446c000f102ee8b108364036a58faffbf02

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\ef05a2a0a7cab4628b9a106ebdf303e5_x64.msi

MD5 c5887b5842ab7f8cf4961eb024bb275d
SHA1 ee5e89e233530a6a05e8064dea8dd599eb9e322f
SHA256 783b695c6ab25e80d6e719a16138ef18b66f9259ea88085cb0db8872450d08f2
SHA512 7adc41c0e3ad6af8119cb8474d865c5830be18595287537058e371778d661c9a7701ed92eee80bdfa7d9d2f9d12754b1cd3b29cadd71939bb02ace9ceccdbfdd

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\f0a38d69b91da2c9cf4812140d614380_x64.msi

MD5 6030482d8d1da9de88e38a2760d0ce3d
SHA1 c41e40329a31cad8d1e38f8067b4a89b3b2920de
SHA256 ddd17d732ffe0794425f884b99b8d3c39f9eb5651ce8f1b788b708819942e9c5
SHA512 7d0bb296b052c661ee74644792a68725bf9263eafbf587e4a99ec98191b1c6a5cd27095d6969357894715d39d1ff7ac09b7c9b94cbb1de0aae2e85354f624770

C:\Windows\Temp\{2155BFF9-0F3D-415F-B063-BB5D86823EFE}\aspnetcore_targeting_pack_8.0.3_servicing.24116.15_win_x64.msi

MD5 10b8fa5d2043b64480ec66c7d9e8396d
SHA1 243d952d80b0af3331e2b08063c91d93aa06d5b4
SHA256 1c5e525d953858139527d0f3f833028ab9997b75d30d9d1ac9342646a9789d0e
SHA512 32b3ab8dacb130bb9149373b5031876066d7d7d72738fbfe82a3d6984ac2a0d12e54a9bdd56cdc5caf079d7d4d1bcebac87596818c9c97901b90c19eaa24a7d3

C:\Windows\Installer\MSI631A.tmp

MD5 c0777f5c9995b8c0b08ed33cee7e1008
SHA1 12f08bb8febedb3f16b22bf94bc47c5c3910a477
SHA256 cf531f10cb410f4825bab4fd4b15df8e02cb9a18505a3a3b05c4c2f4ccaf90d3
SHA512 a3478bc42730169abcb7635f1f73bc8b1a639fe2094c7e3866d8321b6efdf0740f8867dccdd5fb1b12f73b8e89a51758280ab9c3d184d36a7b86f3f91ac9dc0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c42da3a2ea3c89758a3c60d01e882edd
SHA1 90997025a3386e500e32bf83c150b64bf5eb4ba6
SHA256 0b52266323b12fac56da7ff6ad12f710e78c7733e2022a00c6d6e88353a57a5f
SHA512 beca17ae667a2473a55960408916669d2253923ac0f98134f1c7ffe3728c7fa28c9af830db2570bac082a1f1ab3996eeb64c24d546301061ec3fac6d87143607

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24e37744334d66b35ced9e9aeeef5954
SHA1 a378bfd0de867c51594b42e172613c151ba1b1fc
SHA256 a8472c8761b2520a1dcc82b6aab3b641cdf70545b95547e411b1f99f72e4158a
SHA512 a6eb769e567e6218ff9043bf2487f55d0287163de41bf936b25ac05c3294bebb2475c8b53a6963ba092c18a9f5531440761d7e3a0a6e1acad4cda394deb9e28a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586935.TMP

MD5 614ff0468c5b2a4411863ab7372972fb
SHA1 97fdcc4cfd46e0e7209ffa89d598eb59d9abfa89
SHA256 65dce7f57b4feb71a0dfbc88eccb36d442c70ddcc491d76d31d5364d52b9a243
SHA512 c3482308dcac7cf2ec7b88b72e276b8b2d32d9073bb423a36adf531da6bd2d449c7803c2f754d3a1b10b85863813b4b08dcf55008254352058ba81522d013ba1

C:\Config.Msi\e585e89.rbs

MD5 a11e6316a3d6fe70517343c4d8576b48
SHA1 814204d2871c58206f93a2c2965a8e6af544affb
SHA256 00cc2be750d6aed745caab40f0256e95fbf0a4d3aedee379f7a37c63ce2c04b1
SHA512 ccce0708677a4234d5b6087251f565c3375340c96bbefda919294c81d85a3bcb0029af27047c011f7a03bfd835d4b2c9372607e438d763069f621b7e2610d06f

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.203_(x64)_20240406235707_001_dotnet_hostfxr_8.0.3_win_x64.msi.log

MD5 fec8776ce16bd3deadaac882f219e981
SHA1 58b1946fad439219e6edc34ed5f03b289d8e6cb6
SHA256 099a676c0f7ed09ca1dc493b9b1a7dfe08f5c53570db76a8affe306cef30e9a6
SHA512 d90badbf115c20d89a50e766fe8b533e88cda89c327931197464adb73bcab4f717eb7a9d2c2fe04299397679a2b9edc21d15a3e32d1eaed8f32c0fc4062bab2f

C:\Config.Msi\e585e8e.rbs

MD5 d6668b4ee2fac740e24e8701bd2558e1
SHA1 bc1d21a785e742e98b82bb6b2005c58cad3c91a9
SHA256 6e0a5caf972902f714567b65641341539c141f39b3b9fff2e63ad129f8324b79
SHA512 1cf7f0572d98368f5ec4c12c45ebd5a903683e1fee53621efb76186a7ebe7809ee19cc85a2e9f8bc0022d5e0dd1cb894b17f7cba76ad38e90f12be8c12aff850

C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.203_(x64)_20240406235707_002_dotnet_host_8.0.3_win_x64.msi.log

MD5 c8ffc04af1de19651ded8bcae3a6e789
SHA1 42a4aab5a5a112d8ebc5a52c8829c46d2503bfd8
SHA256 b44b6eb3f8512b1393cb1591470d493040d56bf81c34fbb76d0c68ca94765400
SHA512 72b67ff73c7dc97953db6254195653b1ac4f96af7e3b21c1585c433ebdb2aa8c18185aa60336750d3cbaba686312d583f7000fc7a7b20ffbe448c769b9441b94

C:\Config.Msi\e585e99.rbf

MD5 b51fb63223915f23c60adc580c9a0531
SHA1 a22bf33ac2769c31c922c45f314b4d6e42ed77db
SHA256 b9eace03c8471717e3f98873527005dbd9a92367b954f8c48484d2b7b78efbac
SHA512 cd72aac2128c48c34568db1ac7b33e6934f31f473278426ef2acf9cd4df545dea8424bedf79340eb74a966ce39a3a7d9910fcbe456047d83330c62761644194d

C:\Config.Msi\e585e9a.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e585e93.rbs

MD5 e3e44cb8645516028a8d4828aad9aa80
SHA1 67677a5dca697646cb847e00280c05a074016d26
SHA256 6ae35c8cdf517d9277f51b6999d839052e3c76f4102093cfdb8a3ec0d499b721
SHA512 c7aada12a11a2e5947d05976d02f80f334e6488644ff60c7e66d3b17427ec2bc0c89d7a65f5bf47b7b12fdcdf8e562f0d41bc2d00a0ef33446d6813d04a273bc

C:\Config.Msi\e585e98.rbs

MD5 57d15381378d3375a5301b270e8b6f4b
SHA1 58479658c251025709552da0af01bda758a2db33
SHA256 e1a8f78df501e52e61e45ae5e97c212ec11ccbb65608e493278165928499977f
SHA512 504a7ae79fadc080a2f951f438e2123397c29f00d7ef16f0ec37df09f632d3a306c8929b5c344d9db5a48b91bc0e2611e47e02cd9ab8aa517be243b187e70e98

C:\Config.Msi\e585e9e.rbs

MD5 6427661c7d184eb773d518473be52a80
SHA1 21519de346c2de8be0b63f341833d92826691d6b
SHA256 56e9c38ee3890e6db333b2193c07f751cdd90b6aa2a5a0bed01f749969334a38
SHA512 0cc8a4701cb6fba4dba4ace832c5d54d84b688bb3e486f98e9c7e2e6eb3ef686d4cbc1a45f0a6db94a29387be429770e9a4afe0aa54845b973d4d4ece4664945

C:\Config.Msi\e585ea3.rbs

MD5 34fc7dc0c690e807ec8f592528a01427
SHA1 15a92e9d729f63bc791a56d2949c5a6468b321eb
SHA256 96b2e4a5fb0f622ecf6978b2d5896e5f40711cb713e19c7d89b7eb4ecd824c44
SHA512 2bc4c76444b9fdc1e5cdc72e9028d41bcac95fb40f432cc71ccf94a26ee718bf50d7d60901b259e78255da6b1d9caff135439914c54ce99ae7794c75e1665a5c

C:\Config.Msi\e585ea8.rbs

MD5 03524715d8d8a5042af43a459bea7890
SHA1 bb424b55bc8e1fe476afbfe0419ef0f09fe12dad
SHA256 2ec5315ac689d3fedb57bf2489b39c572eabd86a31e9d2fa4f898d911950c4f7
SHA512 eba93072d429e1444bb352eb615731f69e920a44a5ada8c9cbf2ac2c25a05fb66fe8ea9e2dbcec57fbbb82d70fd4784ed0815722971463f732f62b2ccdf694dc

C:\Config.Msi\e585ead.rbs

MD5 3c716693c22784b198bf6121c22bedd1
SHA1 e5e6b18f68ff114004835d224d9acc567526a5dd
SHA256 ba4cfa1d6b173ed3b46e9300ffea56982b325425a969f02436837d88d4b0f388
SHA512 dcf9db598822ddf0bdb0eeee353b89b212275d2b25340205aba67cc1d5c4ee544ca9bd78f2cb1d315749019f9f24f598815a61d3f4ad041cd5234e6723cb2f38

C:\Config.Msi\e585eb2.rbs

MD5 aee2eca07c335cc6a6f0fa8b994c68cb
SHA1 a80bfbcf0bc18bd109468fe9d27322c075ede100
SHA256 fca5c4eb93eedefdacfea97be552dcf28771302f3e225149f2672e3ef036b3b1
SHA512 e42b7a14dbec7394fd5b73d2d986fc47c696ce0e482939120a92f08b9a48a7d8be5e5e0b8649788989f89ec33a129d8c960251c3fdec04a74bf1296a2b2948be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e112d6b42a47824f4d19d738933ea02
SHA1 a0fb5b71931e719b52ac30d51defe52229426f44
SHA256 6809ae0189a7390a48456df26fe71fe0e323e503249adf3890a6598f1fdee34f
SHA512 538e2e49290dd2f139de20e4934bcbc989e14527b808f490885a0ac6e25748e5f373fe5efd32bb3d970110a51a5533ec395c3562a733742db2cd0bc89eb5ec14

C:\Config.Msi\e585eb7.rbs

MD5 818b99e3356931a899892731cfa97265
SHA1 19579d2cb14be32f018e3b55eae86749d44c5b04
SHA256 03f028c4117de848b2d2f6440b5f93f0d93e4dce6c6338e53fecb48f4df2720d
SHA512 cfb0cc13e0b9800e0ac241658530e0b3787a3728b9995665c13157784230305a9275339b8ba348faf21149e607a6ee15d55dd2cc22c1854562d422abd8fb4eea

C:\Config.Msi\e585ebc.rbs

MD5 2d68037d3d33aa52f8fc5e95d3fb6996
SHA1 dec7afe86d0b2331c333a23cb6f3827586787a7f
SHA256 8f4d97cd3c5788c526c4f438bff00045cb188276f3ae42deda938bc81e285fb2
SHA512 a8c48ad07d2f77f5cea9d49a1124b227bcca02048b36109285527a4442d9f9b59443d7a04f696b346ac7297033ea77adc453a9f18638b9d68880547eaec016fe

C:\Config.Msi\e585ec1.rbs

MD5 0bb9a73e9931a95418851d22173c409e
SHA1 7e50401d0d0d3341281fe1da8f47ccd7877d153e
SHA256 4d07aa92ed5cebcd44db1e8983d65943122ea8d2e8034c5415bb3130aa90197f
SHA512 eeff60150ff9654f9bdb23cb645f849c525f0da7290a6715f2ca3dc83cd110077cdc0a36a8d946d3b8dd78be152c114175828687c0430007a4947ed48d5f152b

C:\Config.Msi\e585ec6.rbs

MD5 c1af77ad9daba52050b1428e514f1eeb
SHA1 5c9171d54e9fb9d475fbfe7e768e88524a38e0f9
SHA256 4df3cddbfbada59c3af533a502b2a9e7741adf151bbc1285ba7b72534f7192b0
SHA512 910b31b3e10a0c848727009c3d564c9657cb1b81bc274536dfd2b0061c9bf4ebe4e8a486b618d27c021eb2b0df6dbc052309b2bb54dd1f85c2fe32fbb5910137

C:\Windows\Installer\MSIB258.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Config.Msi\e585ecb.rbs

MD5 9b20888a18ab7524083cc621d80fc30b
SHA1 9f9e3c3f70d3f58a2818d4a07871bb18ccbc63c8
SHA256 19a5a81c2b8bea0408eed299f684ca3312873619e8366b6fc34fdf685a012280
SHA512 d7114e1679344de31181813986b795f34c955f8f7d1778f2566b82991399cfc7c9e061f50be580699c9dae2dd6c6b3e37153316d0c997a31e2049a2bf2df5e44

C:\Config.Msi\e585ed0.rbs

MD5 090dfd99ac7f5bbbc5d8b8b8fea2d947
SHA1 5178c6ba9e04b37944d2480d3ade497da0186d1a
SHA256 593eed8cca788f24954d9edae1672b0d254eebec3fcd6c9693e6574c8bc374ea
SHA512 0428b87de0e2f4205d2c9db97d6109b794bf58cb6a2836016fd70a0a6713537e286094ceeee43124f2f8ff4aea6321bba59d8663eee916954f57e9c866292282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09f1efc0c97dd99ef2f31ea5d1f4a780
SHA1 d7e6243b0bdef540f01a015707b30fdee0262f60
SHA256 0bc06c02ba479765d06ddfe5057a5d7736155f60cc05b7b094ae410129d3b1f1
SHA512 fbcd6e6ca105479a12f6742f9c5b4d05ccf4e4d2af29cce753abfd00839eb87fcc247be568fc5d754152fe906964598e208cf6c7f20467792d9e36f3beb75ae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1891c48ca1fa11d2251d03bd1681756e
SHA1 508bc1fedf2432d4fcbbcb22243978dbeddfd2c0
SHA256 dba952f696cf909c19b96447ad2bb8f5368a566145d0a1926c5860889242fc64
SHA512 904b3e9bbcd74dba2448781346352a5cf4ccce8be15d9c152f6580a4fa9b3ba738a58c2cdaa2a28d76ee006f842cf9b1af82df90d95bade297a0f06de934c298

C:\Config.Msi\e585ed5.rbs

MD5 28f5f4718174cad32cb48f1eeab464f7
SHA1 d7b3a50dc06b3e750ab1e71091f55ea3b36a943d
SHA256 16c8926f92e3f739fdf5be435bc96f334f88c67ec17101a07822c4c6ad95374f
SHA512 0a6956aee285c6f1777e207424d5c9ac5ef10e59aace2a3ead5a01cb5d0144f577c351552be40e7b6921e4811044201572e45b31c17928cc3083a4e19c671d5d

C:\Config.Msi\e585eda.rbs

MD5 aadb9ee3eadaacd79ef3babb471ee769
SHA1 1ed09f884425c3628ae6f40537dfa5495e8043eb
SHA256 4341f69add16b235949d450f9b0415f7238444b2cd3fb8d26917aa76d723b588
SHA512 88701e975c12a3213ee7f324ca72c686b7d0ea093a154ebbcbdaac969c1e361ade4a5ea2a0267acb086a7bfc58755f3218e4488f20a3245fee703df4f2758490

C:\Config.Msi\e585edf.rbs

MD5 964f86b63586f92461b9696e3463420b
SHA1 84422bd15407462859dd9c0ff170cc037160bda0
SHA256 c248d7a0e7499cadba4abdb331b1e2859d8f6d7d2af38c691cde83ae5e5697b4
SHA512 c3d0899882d640d322b781cf0525222a6a9c0160a443f05605a253c81a445653e042937390459267c89617a2eea71e59071070ff06631da1260a76846bc3057b

C:\Config.Msi\e585ee4.rbs

MD5 6d5ab874359c1001ff2eb73fc3cbe2c1
SHA1 1c851f8f924433e53789662346042c3d3f44c568
SHA256 0391e131701bcc875556b740619b74904c40d22306e3bf6913c6b1032dea418f
SHA512 ad9bc28012050c48157ff2620884b4b6d75b18c7689e11eb705ca04f00ca17ed13a350dce324631e4fa2c8d6fe85a8e3904fb1acd838f8618d1c22d723692a84

C:\Config.Msi\e585ee9.rbs

MD5 1eaca1754b3140db7fc40e5afea1d2c2
SHA1 9d0eacd626d4ea61785124e0a2857c6b32c03131
SHA256 1472a1fca5a70ec9c0a4fd5ee4d62203ddb720cbafff6ddd4c48305b91f699e1
SHA512 8e980b069c49e873a2063e49d47f74d79658ee649655ca912f5b2597343a254d88a76dc23be381f10e7dd917e8cf04a4f2c918ce8c44ea2d14aa613146dcab7f

C:\Config.Msi\e585eee.rbs

MD5 d28e302e4893f1273c0b030b05b98dbc
SHA1 4b47c324c385909839a8f7ccd17a3a920c0168ec
SHA256 a428627ca7f858016fbc800010016ddeaed73bfbece1b4f6b5978dd52c7a51c1
SHA512 774a3af49a73ea11fb9b9c3ed4ca306b1eeecafcfff48dff4c71ab9f5645f1bf6a2544de2a4b6412d52574cbd890a9c972ed292c9b17789dbf36dd30b600ce49

C:\Config.Msi\e585ef3.rbs

MD5 a140e9c8fb6d3d9b7d8136738418f117
SHA1 ca516b834640176d998b2149c939eab72a02b806
SHA256 a0bf536f7ea5d2428296366713bc188703db44c000733451ba1a678773e54597
SHA512 215e74dbcb22f253b6d3456609ed4b44e624999b8166de9254ee8c19e53c088fd88aef5e7b6b4b8e71ce9c677fa8027bdc83511a9862097a048e25485aef8134

C:\Config.Msi\e585ef8.rbs

MD5 698d4d027a2482fdc7fb7ca3af02a45a
SHA1 6a64a47c65bd60290307dd1100609d8a8dac05e5
SHA256 05675eae8a0ffaf3b7032b19e292282857b0cb8d878333bbc48ee31a57ff1d76
SHA512 b4d9822ea110130b11f2a8f8e4a9d2b96c64bf1516bab6a44cdb08553b9cabfc60bc8bdd768ffc8f45ecd1d56fefeed89fb49c40b1f234d55264c5f2903ce5e9

C:\Config.Msi\e585efd.rbs

MD5 558ed3f078050243dcf273a790afb2f5
SHA1 13b9dea976402b0957eacdcd59d8d863526e32b6
SHA256 91180b889a00b9ebe5f50e015993986835a1085387eb49983696fea4ed9c136e
SHA512 93571288cb68917fc84946da7c02bbf5008ee15899d227dfc8b5bedea2e45aceff2541c60e8437490b3dc9b45c80fa708fa155d551b7547edd7f964bd385832f

C:\Config.Msi\e585f02.rbs

MD5 379ae4905f1c1912e9fdd99d43401d87
SHA1 aabd58f728482b59a142577dc62a91eec13ce7d2
SHA256 a9cfef1ec05820ffd5ad86e0676e738018d2e5f1efd2022a1412fad36b1a2ba5
SHA512 f69907a522b1e90d09a857e31b3191166818c331a486bb0f25fb24e692b583c0106ecd6c6e931a2739a56206cf02e9e6a1a23fbc66be254db0a263b8497e31ea

C:\Config.Msi\e585f07.rbs

MD5 23070b7943054d5abf80b302660d9d86
SHA1 5ec147c42d2be67dca1378623aa9fd50dbeb6d61
SHA256 3a575d959637e785ef9360d3ce19a8678a9aac158b791107b02b4276b722a966
SHA512 9808ea21de18b2848b20bb0ce4c3687849fa87cf61f6ddd5d155e3081d19bf0c443cf7406d69e5af315b557fa9dea4810ab3d9f8fd230145ceb10802ab3a1df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fca3aadf800b3935f30c5564f6f91d0f
SHA1 99ab7a9ecf25366ccd0b8a2a4b5dcadbc613c9df
SHA256 247a2e90e4ef27d22b437cb42889a4f1f128fb919c01c8eaf751e5a8cfc5c6a9
SHA512 ca9e0ed0dabc0f81974c21dc2a9560830869994b53f1676d87ad9b20ed13dcd3f12e2d741e14ca522097ec718ec585324c9dca31adec13ac39994c18a9c52690

C:\Users\Admin\Downloads\Unconfirmed 286890.crdownload

MD5 78101b2c958f24ecdefec50653864bb0
SHA1 bb9b54f9cf8bda48354ecafc84dc40e366924042
SHA256 f8fcbbe27f334d922f40322a1d94a849faac25127b77541345cc76b26b558896
SHA512 21f4c9450edbe7b959035b331c59696b3b559da666a57470cb8886278b5fb34470b3c32182dd367ae4f24c78e9af200d6f8b94c67ee4cd3e17e41e9983e56a37

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

C:\Program Files\dotnet\sdk\8.0.203\zh-Hant\System.CommandLine.resources.dll

MD5 9101e8227a7ab83cafd27e4ec222ba10
SHA1 3a80807f7cd695bd9258eaaadf8b2d7dccefc125
SHA256 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e
SHA512 e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

C:\Program Files\dotnet\sdk\8.0.203\TestHostNetFramework\testhost.x86.exe.config

MD5 a22cdd3374234d3a50c2ace2dc33a63f
SHA1 d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256 b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA512 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-format\fr\System.CommandLine.resources.dll

MD5 aa8eeb801d74a4e562fd8c044e03fa8c
SHA1 8653841bd62dc74f605f608ed8f354dd692faaa2
SHA256 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b
SHA512 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\System.Buffers.dll

MD5 ecdfe8ede869d2ccc6bf99981ea96400
SHA1 2f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256 accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA512 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\cs\System.CommandLine.resources.dll

MD5 2f679e46823cf54660405eda0dbf0842
SHA1 29fdcbd753e36022b6308425dad9323e5f3472fb
SHA256 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf
SHA512 f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-user-jwts\8.0.3-servicing.24116.15\tools\net8.0\any\dotnet-user-jwts.runtimeconfig.json

MD5 e67113eba3a0c72376bbf165cec70c8b
SHA1 76951f96b896223057842f9924c61ba19cc34f9e
SHA256 2cfb0a4361d576912ab89b3abcd4fdfdbc1db4375d59d50d8b7ce4adec72a391
SHA512 0bdc6a3831a2280706fa3098c976e53558ad9a2ad61cd63f2dfd868e3e72b7bcf0c6467902738b1b6bdf0d61b21a500fba21cb12fcff8b1c463034e4a8cf643a

C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Program Files\dotnet\sdk\8.0.203\ru\System.CommandLine.resources.dll

MD5 7717b3eae55b3ec74f40699c1b9896c0
SHA1 1483166af6059633de2e20545bc3f3cb6f035304
SHA256 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02
SHA512 c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

MD5 3f14df8e4be6100673090c43eb3c3476
SHA1 61c1e35aeb6cb477077416f050c344fb18f5f87b
SHA256 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2
SHA512 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Text.Encodings.Web.dll

MD5 fa9d0d182c63c49a4c567f7c1652b6e6
SHA1 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc
SHA256 e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84
SHA512 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.props

MD5 a5dcc9e5bf323d748b26652e11956905
SHA1 7f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA256 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA512 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4c2d88e2ee8c1209d45ef7464d50af88
SHA1 501b08b175882b68b48a8288e791206796cd06b6
SHA256 f35996b756a5a5f56afae0deac49714de0409ac1e53519862239cb668a314df7
SHA512 47806eb9c21971390ea0b335dbd80053c425741209d6205f7eb3b85d98272df76db93a70bf193df0e121523f575067c2a6ef0e62eed08776f8b68b5356e15bbf

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\Microsoft.Bcl.AsyncInterfaces.dll

MD5 ff34978b62d5e0be84a895d9c30f99ae
SHA1 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA256 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA512 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

C:\Program Files\dotnet\sdk\8.0.203\Containers\containerize\tr\System.CommandLine.resources.dll

MD5 c9c8df325a05d227bc32a5d854713c4a
SHA1 cf9ea69ccebd1ef0bd46beff01254a02c5fb0131
SHA256 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf
SHA512 fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk\tools\net472\System.Text.Json.dll

MD5 63f1d0b53ce47b0ac3216281c8bcaf24
SHA1 090cb7392ed07a94d237b5aa2175689faaf49b7b
SHA256 de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb
SHA512 386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

C:\Program Files\dotnet\sdk\8.0.203\es\System.CommandLine.resources.dll

MD5 79e57433e70b5a0a300303dfc5d759b4
SHA1 cfe5862964f3b389cbac01e157e9ade0031e45ef
SHA256 b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8
SHA512 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\BuildHost-net472\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\zh-Hans\System.CommandLine.resources.dll

MD5 c182eebde556be386ca5b656974993fa
SHA1 864aab5c6e71bc3537612c2541e7737d02e6f4c0
SHA256 d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd
SHA512 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

C:\Program Files\dotnet\sdk\8.0.203\ko\System.CommandLine.resources.dll

MD5 ea1fc85ccabec5aa1ae22452afbafac1
SHA1 8ea9da27d9335f80c76867837688218b78311148
SHA256 f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483
SHA512 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

C:\Program Files\dotnet\sdk\8.0.203\Containers\tasks\net8.0\de\System.CommandLine.resources.dll

MD5 e771e643a2f47b5d527aa4dd1e857aed
SHA1 ddb6ebbdc354122989c67ed9cc2555da640b16e5
SHA256 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15
SHA512 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-format\ja\System.CommandLine.resources.dll

MD5 5d26652b0f420ca6ba2bfa00b84eea38
SHA1 8dc1d2a7cb6b857344c120544f842fccdaa97e79
SHA256 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c
SHA512 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\pt-BR\System.CommandLine.resources.dll

MD5 c7f0f7e0a7562225d7b60b88459bde92
SHA1 96c432044ecf7d346e09c6c46f5ca163396d97f8
SHA256 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353
SHA512 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

C:\Program Files\dotnet\sdk\8.0.203\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets

MD5 5725a6d47308db618d015c3e55dd499c
SHA1 9b3e1ac8d62d522505f57fee89a249ac33325edd
SHA256 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512 ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

C:\Program Files\dotnet\sdk\8.0.203\DotnetTools\dotnet-watch\8.0.203-servicing.24155.14\tools\net8.0\any\it\System.CommandLine.resources.dll

MD5 4e92ced559ff6f26d238fc5393dab39f
SHA1 400983302371c5a7ba38e3dba8fbc4c5f8192018
SHA256 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471
SHA512 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

C:\Program Files\dotnet\dotnet.exe

MD5 9d47d73cba3278bfd203fda8da5c4e75
SHA1 5ef2fce6f6461baa9630019caad12c38abdb5a93
SHA256 8108ca4dffefbc2f75ae260efcda1d1eff9ddc7bf49a78de81333e61f88850ad
SHA512 2768217db76a199338991c6c88bde0d197c45fa147becf2b05482d3eeade7a3eceead472026f81ca4e1848f8506982c466f24cbe9c95c59406bb76135c96ca33

C:\Users\Admin\.dotnet\TelemetryStorageService\20240406235818_5f5649a48dc043498cbda7e5627e3e92.trn

MD5 9b09be5082bdad2a9046aadcfd97ef56
SHA1 dd7a69330cb2268fe8c7910ee90def6afebaa5ff
SHA256 051c39d5669e39f136ab3796eb9b3918b41d83ef5e801e74ed6ee41abfe6f514
SHA512 e5e83c6882893a8db5b6942beb7f465b98273edd6fc8fe31b37501a1b6c62bd6426227756391656c5b4b17b5af22dda0074b035cbd6add676861c9618f7674cc

C:\Config.Msi\e585f0c.rbs

MD5 1aa4ad798bf710b7080755669561c49a
SHA1 34fe9c75026571c7fcae0fad642d62af446e5a1e
SHA256 eb43e86057687726825c366646a1815bf5efc09a128e252430b6017d462ae939
SHA512 40f0611dd38e443cd1aa08b9fba08e0afe98c4291e690650ecac6bb2a505bb5f7c24558f0ae4973da77def9685e6cdd66ca3dcc834126b5b80ccecdb3554cff9

C:\Config.Msi\e585f11.rbs

MD5 0c8110bfc882ce199febb07e25a2dfdb
SHA1 a314eb180ba81774fab5e96f4cbce51d24cc1ccd
SHA256 4008bb827b6f0161d3aa62205f65eb32c01c08168548c76d9e3ba7d6762a0e4b
SHA512 8c62e60663d049ac7fc3008df0c625b587892061ef27a777d19dc260e4d718755b987bf6d7316c6a6c238ef9fa47469983fafca1a13750ebddfe94c6445266e8

memory/3052-6406-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6410-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6411-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6409-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6412-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6413-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6415-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6416-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6414-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6417-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6418-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6419-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6420-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6421-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6422-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6423-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6424-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6426-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6425-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6427-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6428-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6429-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6430-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6431-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6432-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6433-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6434-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6435-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6436-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6438-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6437-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6439-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6440-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6441-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6442-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6443-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6444-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6445-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6446-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6447-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6449-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6448-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6450-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6451-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6452-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6453-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6454-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6455-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6457-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6458-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6459-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6456-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6460-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6461-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6462-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6463-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6464-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6465-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6466-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6467-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6468-0x0000023618090000-0x0000023618A10000-memory.dmp

memory/3052-6469-0x0000023618090000-0x0000023618A10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b5a4ba76f202b4615223f7cca87c23c1
SHA1 1a303573c8ce875cbe575f2f3aee8ea819873c17
SHA256 c1087a33cbf106225cc3bde7d9f027e9ccd04012d029b087b911bdbc68c2c055
SHA512 12a14e6f90070123301c2b1e6604b0c2419b9028021a157a8076926ccca45dcdef9874f526d1a1d9eab7fb1a6f77d241377fb2833b82d9e08156c5aede7c79d6