Analysis Overview
Threat Level: Known bad
The file https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool was found to be: Known bad.
Malicious Activity Summary
Detect rhadamanthys stealer shellcode
Rhadamanthys
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 14:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 14:31
Reported
2024-05-27 15:01
Platform
win10v2004-20240508-en
Max time kernel
1242s
Max time network
1234s
Command Line
Signatures
Detect rhadamanthys stealer shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Rhadamanthys
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\rundll32.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{582ba875-ec42-4505-9e60-ec189a76f52c} = "\"C:\\ProgramData\\Package Cache\\{582ba875-ec42-4505-9e60-ec189a76f52c}\\dotnet-sdk-8.0.300-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\sdk\8.0.300\tr\NuGet.Configuration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\vb\ru\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Security.Cryptography.X509Certificates.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Metadata.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Common\tools\net472\de\Microsoft.SourceLink.Common.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net8.0\Microsoft.NET.Build.Containers.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\vb\pl\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.Fixes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.5\Microsoft.AspNetCore.Mvc.Cors.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\ref\net8.0\Microsoft.AspNetCore.Mvc.ApiExplorer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.workload.mono.toolchain.net7\8.0.5\WorkloadManifest.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\tr\NuGet.ProjectModel.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.Build.Tasks.Git\tools\net472\ja\Microsoft.Build.Tasks.Git.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Roslyn\bincore\es\Microsoft.CodeAnalysis.VisualBasic.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Data.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.Net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Diagnostics.Debug.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Extensions\cs\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.BeforeCommon.targets | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Diagnostics.Contracts.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\analyzers\dotnet\cs\pt-BR\Microsoft.Interop.SourceGeneration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelnaming_8_default.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\codestyle\vb\it\Microsoft.CodeAnalysis.CodeStyle.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-user-jwts\8.0.5-servicing.24224.4\tools\net8.0\any\System.IdentityModel.Tokens.Jwt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_9_recommended_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_9_minimum_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Razor\source-generators\RazorSourceGenerator.razorencconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\fr\Microsoft.CodeAnalysis.VisualBasic.Features.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\ref\net8.0\System.IO.MemoryMappedFiles.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net8.0\tr\Microsoft.DotNet.PackageValidation.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\SdkResolvers\Microsoft.Build.NuGetSdkResolver\Microsoft.Build.NuGetSdkResolver.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_7_minimum_warnaserror.globalconfig | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\cs\Microsoft.NET.Sdk.WorkloadManifestReader.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\pl\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Dynamic.Runtime.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\System.Text.Encodings.Web.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Diagnostics.Tracing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\es\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\zh-Hant\Microsoft.TemplateEngine.Utils.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Text.Encodings.Web.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\runtimes\win\lib\net8.0\System.Security.Cryptography.Pkcs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft.NETCoreSdk.BundledCliTools.props | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\ko\Microsoft.CodeAnalysis.Features.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\pl\Microsoft.DotNet.Cli.Sln.Internal.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Security.Cryptography.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.5\analyzers\dotnet\cs\ja\Microsoft.Interop.LibraryImportGenerator.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Numerics.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\ja\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.5\analyzers\dotnet\roslyn4.4\cs\zh-Hans\Microsoft.Extensions.Options.SourceGeneration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\pl\System.CommandLine.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft.VisualStudioVersion.v14.Common.props | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\testhost.net472.x86.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Extensions\dump\DumpMinitool.x86.exe.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\pl\dotnet-format.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-x86\8.0.5\runtimes\win-x86\native\libnethost.lib | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\zh-Hant\PresentationUI.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.5\pl\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net8.0\it\Microsoft.DotNet.ApiSymbolExtensions.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\ru\NuGet.Frameworks.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net462\lib\System.Runtime.InteropServices.RuntimeInformation.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.5\System.Threading.Tasks.Parallel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\System.Net.WebHeaderCollection.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\ja\NuGet.Build.Tasks.Pack.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\sdk\8.0.300\Microsoft\Microsoft.NET.Build.Extensions\net471\lib\netfx.force.conflicts.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{B59E8D78-7A0F-4246-ACB8-9867B22FDBD3} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC0EF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664767.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID5BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664772.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI842E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664731.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA8F8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664786.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664762.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICD99.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66477c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66470d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664712.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8877.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66470d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664744.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{025B64AB-0839-4E0C-81A2-758C82A7B07A} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB783.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{98927287-8779-447A-919E-73028D53F719} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDCC5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66471d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664726.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI901B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5CFA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e66471d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66476d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC3B0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC44D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{4743A837-AAB3-4E49-A3BE-E1CAE3151EDE} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF564.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664703.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664708.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6FB5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66472c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664740.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664759.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID2BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664718.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7FB7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664721.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI871E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD91.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{568F99E8-9F2D-48D7-A05D-D64C512B3AFD} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8577.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{6F2714E0-EFB0-40D1-AD1D-6BFA5900312C} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8C61.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664736.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA32A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664703.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F4F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6704.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE08F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e66473b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e664759.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC75C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBE5D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC9AF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7D24.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI812F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e664730.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\45 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\45 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\44 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\43 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\44 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\43 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\46 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\42 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net6,8.0.100,8.0.5,x64\DisplayName = "Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81673062D6BFCB74F999C434324CEC6C\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D97B4C2B5C422845B04132B8CD366F6\F_RegistryKeys | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\90B010360F482CD3483320B456026161 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.20.13583_x64\Version = "64.20.13583" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D881F2EC0135A4B72CA89D27FD72F577\23304BF894DC77E44AD02E0D398636D2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.5-servicing.24224.4 | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8288AE79E163BA242A78767D4F4F90D2\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{97EA8828-361E-42AB-A287-67D7F4F4092D}v64.20.13583\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D1536F523A1229E469E4108E462AA11B | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E7D2A8AC10ED774786002B45810D078\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63337BB296F4141479799EDBF63E89A0\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\SourceList\PackageName = "windowsdesktop-targeting-pack-8.0.5-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA46B5209380C0E4182A57C8287A0BA7\ProductName = "Microsoft.NET.Workload.Emscripten.net6.Manifest (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8BE1666CCE8CC744B86D469395A20F8D\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{C6661EB8-C8EC-447C-8BD6-6439592AF0D8}v32.7.63663\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{582ba875-ec42-4505-9e60-ec189a76f52c} | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0E4172F60BFE1D04DAD1B6AF950013C2\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\87D8E95BF0A76424CA8B89762BF2BD3D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\782729899778A74419E93720D8357F91 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.20.13583_x64_arm64\ = "{6F2714E0-EFB0-40D1-AD1D-6BFA5900312C}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36FA49A2314054B34BAB6DD1F6BCB0B5\630BEA3FA8B452C44B2D5890449E904C | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23304BF894DC77E44AD02E0D398636D2\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{8FB40332-CD49-4E77-A40D-E2D09368632D}v64.20.13583\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0E4172F60BFE1D04DAD1B6AF950013C2\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\71B0D4EC11E49F14C8B3376FD1EF7079\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList\PackageName = "f0a38d69b91da2c9cf4812140d614380-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B553E43B09B5BB56F5BFD648001EF738 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AC4835B8981DEFC4D80FD2504BAE4899\F_PackageContents | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{98927287-8779-447A-919E-73028D53F719}v14.0.8478\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.20.13583_x64\DisplayName = "Microsoft .NET Runtime - 8.0.5 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9E7D2A8AC10ED774786002B45810D078\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71B0D4EC11E49F14C8B3376FD1EF7079\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.7.63663_x64\Dependents | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BE1666CCE8CC744B86D469395A20F8D\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71B0D4EC11E49F14C8B3376FD1EF7079\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D6FE611E8EAD6E40B8DFE1F54DC54AD | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\738A34743BAA94E43AEB1EAC3E51E1ED\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9E7D2A8AC10ED774786002B45810D078\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9058AAAC480CE5498F467954C6662C2\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\PackageCode = "66303D4B51054E0419EB241E70A0E316" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.net7,8.0.100,8.0.5,x64\Dependents | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.5-servicing.24224.4\DisplayName = "Microsoft ASP.NET Core 8.0.5 Targeting Pack (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D04AA1A3B0C02631AD2CCE434FCBEDA\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A9B409F9A0AAF241823E2E1CE257322\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BA46B5209380C0E4182A57C8287A0BA7\F_DependencyProvider | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents\{582ba875-ec42-4505-9e60-ec189a76f52c} | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71B0D4EC11E49F14C8B3376FD1EF7079\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE4D0B17-4E11-41F9-8C3B-73F61DFE0797}v64.20.13589\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\782729899778A74419E93720D8357F91\F_DependencyProvider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\Dependents | C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 267923.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm.rar"
C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8EFA8D6E\XWorm.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8EFA8D6E\XWorm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11330914297604488593,14787288828367593651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8
C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe
"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"
C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe
"C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=580
C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe
"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"
C:\Windows\Temp\{DACECAEE-0F56-4B1F-A5F4-E621AD56323D}\.cr\dotnet-sdk-8.0.300-win-x64.exe
"C:\Windows\Temp\{DACECAEE-0F56-4B1F-A5F4-E621AD56323D}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=692 -burn.filehandle.self=696
C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe
"C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"
C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe
"C:\Windows\Temp\{4AE410A4-B508-4481-B95A-8F18F90EDB43}\.cr\dotnet-sdk-8.0.300-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=660
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe
"C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\.be\dotnet-sdk-8.0.300-win-x64.exe" -q -burn.elevated BurnPipe.{8B11EB5E-267B-4659-A21A-0482B7E580EC} {F0AA8A11-8E6F-4043-894C-C7F2CFD7E252} 4516
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A75BF037CA2274F32285832B03A76266
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F9458977C3880F44297F263AC4239CDC
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 414C29158390DAE66E88B79A919CFAF9
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2920DD0A6FA7A335EBB22BDCA942A92F
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 409A453E06B2AFC6EC58A6A0AA2FA8C6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A8543B1D407EA83F928058F282CBA803
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8DEF51E37B81F3B541C76B5218269941
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 29A8A02202C8D934902AA52CE916284C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D0945977AB620D1C6833EA2C6963185C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BB05446FD92B7E7D6DF069D59D5AA85D
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 93BF0F19D78EBE67655D1573EB4B472D
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F97592C095823FE369A7571C5E87B14D
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B741D9963A6EC454E99925270E9FCB80
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 82454A3F013A928260E0047FF24608B6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 44CAC26C5EC34F5C6DDAFE5A1CE6F325
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C4A1D038CAB8FD2DA85D9F89474BC971
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D90B5406F539542373E58B301A05DF4A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DAB688707F4CF0F411D24D5A23048274
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 41CDEDA31D8E117620AA902079AEEC15
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6A5E260ED825361D3CBE519FAD66BD5A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6409D8C61A94E091BE0AB8BC88ADA026
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 23D0929D29D8E45052D4099DA017F2E1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 104301761E5DC36DFD13A6755767C4B5
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F6908A1F30714FD75F14FB2330749721
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 82630994578926AE422AE2816E83EE91
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B0024C057A0A6C7DBEA26C029D94FB7F
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7FC90379543634715A9E1EA574E58D74 E Global\MSI0000
C:\Program Files\dotnet\dotnet.exe
"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.300\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.300-win-x64.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\system32\getmac.exe
"C:\Windows\system32\getmac.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B284B2FDAF2F759B74DDE917D0812F34
C:\Users\Admin\Desktop\xworm\XWorm.exe
"C:\Users\Admin\Desktop\xworm\XWorm.exe"
C:\Users\Admin\Desktop\xworm\XWorm.exe
"C:\Users\Admin\Desktop\xworm\XWorm.exe"
C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\xworm\XWorm.exe" ContextMenu
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW8913.xml /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w2wvm2k4\w2wvm2k4.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8DE5.tmp" "c:\Users\Admin\AppData\Local\Temp\w2wvm2k4\CSC86DD88D14DB7453F987FF5E28070F5E.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ay2oyft\5ay2oyft.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8ED0.tmp" "c:\Users\Admin\AppData\Local\Temp\5ay2oyft\CSCC5133424FBE141E892BEC5F9DFA62C4.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dzxtp25y\dzxtp25y.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9102.tmp" "c:\Users\Admin\AppData\Local\Temp\dzxtp25y\CSC721BF77B2BA425DB0FB749B943124A5.TMP"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Desktop\xworm\XWorm.exe"
C:\Users\Admin\Desktop\xworm\XWorm.exe
"C:\Users\Admin\Desktop\xworm\XWorm.exe"
C:\Users\Admin\Desktop\xworm\XWorm.exe
"C:\Users\Admin\Desktop\xworm\XWorm.exe"
C:\Users\Admin\Desktop\xworm\XWorm.exe
"C:\Users\Admin\Desktop\xworm\XWorm.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\xworm\XWorm.config
C:\Users\Admin\Desktop\xworm\XWorm.exe
"C:\Users\Admin\Desktop\xworm\XWorm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 52.49.113.86:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.150:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| GB | 3.162.19.12:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.113.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| GB | 51.104.15.252:443 | browser.events.data.microsoft.com | tcp |
| GB | 51.104.15.252:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 12.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.155.9.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| GB | 3.162.19.12:443 | d6tizftlrpuof.cloudfront.net | tcp |
| GB | 3.162.19.12:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4748_ETTDNYFVPSENZTPV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec846ad367a4609f0e7086ab3f76806e |
| SHA1 | 2e3872fa3c9d9e7fb37a74c790af0b2c85b314c9 |
| SHA256 | 13364d3e8c318d721632c5b0282ba17b4bc2efd6776c4bdf46e3c3d6be01df30 |
| SHA512 | 3f1b97d47da6169e4c908009ccfb1a582b9375a7f8c375c700c51a98d6438a29d417067000fef883e44bb115c3cb7100e0c434b2d551d97d5d3e791f371bbb65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b2e0711ac2cb72418c2b29590957ed9 |
| SHA1 | 689a3655a74bf7122326fcd297aff91f5e6319cc |
| SHA256 | b260ea560641dfffb2b7872af99c56605f7e2a5748a972694c9cdf8d8a1ac866 |
| SHA512 | 4f781bbc3824673ad1248eb123186ace66d0bef8d3666c05421ecd3555477be6eefb1aa8c80c26a0df02df33e5f3508f688802b05f4c7b74b8748a7f95d8c944 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e26ab10b1e60139972f8f909c9792a84 |
| SHA1 | d47588828879b093e3a25bd0a266508a5de50d23 |
| SHA256 | be083419a2d6bc1155e1e2c7622486c25f88344f37d9fc65c7dca465a6522042 |
| SHA512 | b8f845f621b0d36c1f423b5b6de5301222bc093f38881f3c7ee8897ea7c3a654ab60b087c7df00e92d30a3fc49d11c755c5ef13220b007c562abe2bff7a06cb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae852079ab02b5886ef13ab1427940fe |
| SHA1 | b4298afe5230d3a7e846968e0158d8d43bde5c3c |
| SHA256 | bbb81ec837479584494ff8aee88aef458041abbc23b9d64dacbd5edd0c4dc659 |
| SHA512 | b9590e0949bc6fc70a163117d245b0dc3006ba4c39bc4b1392712ccfecdb87e52256198ccebc6c20bfb88f5503d984d743a5c403afc0a27ff031c0c8f952cfe5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b8c4ad018d0814754851568cdefcb1af |
| SHA1 | 279288f935399c034ee9911388ae8593ada0c34e |
| SHA256 | d847d4a68e21139392d607406a715d81bd1b7e9cd7fb0bac496c747b124aa3bb |
| SHA512 | f951696d2372ad862bbce4b9944a76b57a175d0061d587b75e8e3d3123286b25995f33aed6c98a103bf926891675805240a845e01ea489d32db62050550f9416 |
C:\Users\Admin\Downloads\XWorm.rar
| MD5 | 8845f7149b64a79343f12ee97b8d90ad |
| SHA1 | d48a4d2b00859e6e7e362e38a34190da60ff8550 |
| SHA256 | 17c103b0cd832139aded6213496300760f83abc7922d3829d10f09d422b2b348 |
| SHA512 | 132c47c287aad520e29c42debff6c2a847487323a57824e7b43f48fa5562d9b008c28b297fd3a260b108aebfd99246ed2fff5d38cc9fd52b3406a047aedd5bd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b89f6001d0f9abc11a53f35d355656f |
| SHA1 | f8f88521a4b856c68739fc26e3be63c7cf85b5d0 |
| SHA256 | 4eebf3df15aa85a6ae045599a5e180946acddea6e41cbf86b7b8d223996936bd |
| SHA512 | 5105d28656f84d6e0564bfa16f2f0e3065955644ffc7dd06ebddf479992afc6c6c43d246dab54790676b6a01f1bd831ab5961ed2d37a4524cbecd55cd7fcd923 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e2856.TMP
| MD5 | 250698ed7bf15717e9f2edb0d9edc6a6 |
| SHA1 | 821bdf450b5b39a4aa8943a4922f67c3bcb2bca0 |
| SHA256 | 4035de4dc891ff5022267660270bc0500b5d7ff7899b5215787c8b95a20cb6ac |
| SHA512 | 99550ea4b026af2015064c4109bbc08b4c921bcf86d9e921b9db68659f975a1c92707440c2821ce57590fa604e671ce2255a139335062889ed0e0ed05454672a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df29993c0f80a07f8a20bec0c6535694 |
| SHA1 | 49a19d5fff379175f95576bae7dcf3b6c747a5d9 |
| SHA256 | 7bcd0aabe5bd47a66079307c84c424c9315ec544984db479a71a03f5742ed79b |
| SHA512 | d1aeeda2659e25632908356e45fbdb1ac30d5b4083774570b049f9ac3aa13fc6839c66ae3e35227b04b44768a0f67145aee999b86574e23c7a0c9d2416f58d3f |
C:\Users\Admin\AppData\Local\Temp\7zO8EF5F34E\XWorm.exe
| MD5 | 515a0c8be21a5ba836e5687fc2d73333 |
| SHA1 | c52be9d0d37ac1b8d6bc09860e68e9e0615255ab |
| SHA256 | 9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae |
| SHA512 | 4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522 |
memory/4592-311-0x0000000000610000-0x0000000000617000-memory.dmp
memory/4592-312-0x00000000022D0000-0x00000000026D0000-memory.dmp
memory/4592-313-0x00000000022D0000-0x00000000026D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 13dac13997eaa7f1f56e10d4c0c68658 |
| SHA1 | b49b02601f366a12dc8c77bff4519dedf2a9829f |
| SHA256 | bad90612cd2967e4d4502e0964b21e972d6f4847bc9f1bb3a00f1cf90100e8f7 |
| SHA512 | f4e435d5261219dc1d6f587ed86a702c3c96cad8904dfe0289aa507e87f9d5f5da47b0075da5c4a34f3965e8eec7eb31c57e2dfea5a12e32a693e06fa648bf46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08739a8f80b4f6e82d7a3c8e1c7c2a9f |
| SHA1 | ba6bb984efb0f5c6157bf1cc3b3287276a8a2526 |
| SHA256 | 19be69651fae9140265d31382e53b4b314278f6beb6c1a1c684c650329287b7d |
| SHA512 | 6da2ca7b3cc2348161af1db17bdeceef927a97c77e529592af16efc6f549100c62faf4dedbd9282edf7288a56d7a5fc862ea3865cb93a7aa096db529f1a4128c |
memory/3452-352-0x0000000002270000-0x0000000002670000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4d480a9060a8806c31caad61cc23630e |
| SHA1 | 744d0f52b02a84616d105b4f49fba1456b5d9e98 |
| SHA256 | 534bdb500e28e17594bc8bfa06de7f92100fd431067f717a60bde99fa328469e |
| SHA512 | 019ee3471b08f3eafaeab601957b261d5a20048212b18036a3faa2808250b0af5a96158e6374acbc1ad162ed56d459c67d3ad9fff055f844ac85178409791eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a7a25b41ccabd96a30013a97cd02719 |
| SHA1 | e95ff65ebef46b71d8b620d0222f403aded2230e |
| SHA256 | 8101336d01a643a446296fe1ba3f469a47208c7ea2e970f17cce45c55b4dcd1f |
| SHA512 | 5931034657d66893e64529781d9312c92a190fcc47c8d4c600d64f9080e7ba1d9a7d1d0d98427596753f4414c757bd324816be1e2da3992f003805363db0dbe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9854edfc72a88064d9afa9e1ad60d29a |
| SHA1 | 4e51563177afce184c50dccea6c6ee7abe868eae |
| SHA256 | 87199d6f4a833f55a6f1b2fe086c177707ada59a4b29157d5c4cc1c39366e086 |
| SHA512 | 036d27870121d27ac089b4720f5d98a88d0253c6caf19fcee978c9ce6a85f5ff69556a38bc75b63430994383c631853658253f53cb5c7c2a013c8fe6259605aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cd4d90c57f00000ee0b50ad6d6c1e632 |
| SHA1 | a893999b351aff22a98e2fed651399faf11c034e |
| SHA256 | 48608f5ad288402eaf1fbc1ed06e752f03c2ca492311c7f308888e70125dbacd |
| SHA512 | 715e6d17e6d1223ca22a59fdc931403104b1741703edcd8016fa7e7ee8024bc5f961450af909a061afffbdff97c415823d900ff8beeb0957fa0d0e19aa162eb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1aabd4e69904c99cc5d2aeed09a09b55 |
| SHA1 | a260ee48eaff473c263f0e07e71d8f167c38d9b3 |
| SHA256 | 520d438aa380dc79b6fa8c088ecd307947da52e2771f28dac95572ef8f65de9b |
| SHA512 | e196d2c481dd3b5106bd5ac7cbd8063e2065de0af8effbb986d1139cd1eba2ba4329b01a1416bf7c93ee94a27d943722838476c6316682f8439258cd94b427a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de49a6540874148cb963da131d1ae790 |
| SHA1 | ef1911ac44e97f0f26a8b863056b78414d3287ef |
| SHA256 | 3f328965994f29333e2d75add5db72e1ea4490755b910bfd82ee0486478398b4 |
| SHA512 | 65c84638237d4d54d10612a4ee4db3b211cf97ae6f53bb7247dd6700890a9a35d43e0c9a33c107ff2a22fc4fb97e53dc55c5e8713f8aded29671d5d4efbf82ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | d2d55f8057f8b03c94a81f3839b348b9 |
| SHA1 | 37c399584539734ff679e3c66309498c8b2dd4d9 |
| SHA256 | 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c |
| SHA512 | 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 3c2ac6ed09323fe172784cdec7f3d671 |
| SHA1 | 79eb656ac99f1a2efa7fbf8e8923f84dd2b63355 |
| SHA256 | 67d42a456baa3edbec1eb21c94f294c04a72bac350acfae80f4f2b65afe8bc5f |
| SHA512 | ac95a571afa882744a42447e84c1ca5231303ba33700f63e99d58860e9635ddc861745678d5c74b137af3d50daf05ea710abe65b11ffba95e2b2f6aaafb65071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 047dbaf7429bd6fb2e31adc052b78641 |
| SHA1 | e6a965deb29062afffdd1778d12d49c51bd92910 |
| SHA256 | 9057108a2b9a91d3b01e29aef1222826876f3922c704a3759ffa474b0b876132 |
| SHA512 | a4d0971c9ca2740336c02ef9e703010585ddbd977197d97f85a6e0f43d67ecb7af71db6e5b83a34c05c1e076124ff63da2cc3634108389fc55cab7026fdaacc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24385817cc260f2a6d52a90b1bea7fa0 |
| SHA1 | 6d2991c42a1b05b079839ccf30467491798224fb |
| SHA256 | f5c4416c59674c7f7a20a4f9afaf63c1e7fe1bb3a91e44242e1d5797bbf58249 |
| SHA512 | 2356da46b6efb6df8a92f2e000b4b98ffd621bd6392486b6f5d9998d7ca4e6f029d5d7a7a30495618b9d628a8a0ae791851ff4dcfa3d083e8393f34542288006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff9e014bb84eaadacc81e92e11fbefe9 |
| SHA1 | 6c1ebdae0992e6e22535372442dae1af3ce90335 |
| SHA256 | d9088b4ccc35993cc075e382bf7bb0931f2897b16c7b74719097df750e71fc2b |
| SHA512 | 6b20708926d4ee72a8cd05f0791a7f3f9302a4914df23a939e58abd924c044802118c27381a98a57342a3249b037f14fc9071b9826c932721d499391d27aba93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4600d9f2424f6e0ac739a5352aaf3be2 |
| SHA1 | cd0d1929ae55ee07409968a159d36056fe4d5dea |
| SHA256 | e2fbcd62049d003c6996e77c2f1ff999c5f483d68775b3a9d1e7e1fa70f18071 |
| SHA512 | 0d2ba1edc67fe5507bd8b8de927f17e8934a28e2e2fcd0d2fe619e6e4da3cbfabedb11a5b4b652541ba7c0705981e0746d9b17fdcac1a9259c86381aaae0994a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5f0a258fbb065ea742b8cf37e7b4380 |
| SHA1 | d99c84ee5c4cb329cca83e1a5ef9822a89c616f3 |
| SHA256 | 538bd52d0feb5dbbb3536d8356df45e314faa8d192adf1101e8880e495e4e49b |
| SHA512 | d773a0e992d8509ba1f5e4202de45f642cccd66b73a31a72340c833f957a0ac7541bb6c5db57c61ec26a34d70b246be659065a8e58ee118dca3f99921f2b2ed5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19e80554d82fa89805968062281615dc |
| SHA1 | f36f99ce119b8dc1a0b0065e36bb3b5e40f0db2b |
| SHA256 | cf8dd948a8ef652e746e118b0f04ae0184083b0ab0a44299261d862a3bba6477 |
| SHA512 | f036aba83284094cc718a98907b7ef7e0b14df09ad98a58efd41a075a6e9648997788aa88e9e51f8ddc0691b9471bf2759177b1558022b5c9e00be1a558e99fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 5ad67628093b90d7b09f19fea57ebe1d |
| SHA1 | c983290e8692fe0d4a5a6f7354c27ad4c61a0221 |
| SHA256 | 4c79b51c58fa56da28c18b94f01cd86596fcceeabe3f7e624cfd355bb966b63c |
| SHA512 | 77831e58cad399009e784dca517836ed2a27237890f5ab63dda6409b528952313c33f76b689076162f239d3de2da1aa96d369c19a3a328da431ce712642574b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15f90924fc927766c2c375d1970e87b8 |
| SHA1 | 7e7990ef63ce4b0403fd5f52d2f18ae53536b9bd |
| SHA256 | c41d1b680289428f6f21756da2985e08bc662df18ce719708ae8c3af802f27be |
| SHA512 | 60033246eda13a7e68b227ed673bb3a0419ce3a58eae5640ada52b81d4d518c44b526136b6904d890676b70fda85b2574b769ac88b3c732ba285c590436bfc25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6f07254e5acb784dc65f74fd15bcc658 |
| SHA1 | 9e25d26cd69285b9915fdb5f9cb588b6316f9f29 |
| SHA256 | 3edb2d4c83a83f454c4278a243b21a4fe04903605f11b3f5619fe6f26d9784b9 |
| SHA512 | e32952a6285a0e996021ef556ba9da3c9159f656acf44a5f77663ebce3c3c6e5e5802ed2a312eec6d22d64dfd02d51602035df0783072ea49f4a07c2af964a7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 85da770c110fab50857645ee712bc8c1 |
| SHA1 | d379b8ebf52dd161c84d65bb850c396388ffa2bc |
| SHA256 | 2f57504a98f31ec6f7d91148c1a6d4991605b7b1aac50f322839e9a967bf2f3b |
| SHA512 | ed63392d9e48f05c83fa43815f6245bda526bac1e83279f131d4907f304731cb4bae5ef75f694e77d8d3674b13d85af6063cc3a3f562bad4a351450455a08f53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 37b3b4f1bb007a0971498dcb51a31103 |
| SHA1 | 25afb9f44f0faf2dd7c47388129197e296947849 |
| SHA256 | 35284f9f4cc8ab7e1252c5da4647ac39cca7bfabe965ec484b8dc6ff81b460f3 |
| SHA512 | c1530f7035d4328a55ca461e47fed5dbc3ca4a32b0d1cd1ab889a618248723fa377e0f4e623134f4d9228f98f315e045c1941acfe766ae65d8a7aae8d0c5042a |
C:\Windows\Temp\{55584C21-40DB-498D-BD89-7DD5E43B4938}\.cr\dotnet-sdk-8.0.300-win-x64.exe
| MD5 | 3e5623a5ff8d3523bf9baa47ba4be97a |
| SHA1 | e2c83a2a7e591aadf891364f88030880f227058b |
| SHA256 | 09b93545d93cf4feaaeb5f827d91bea5581dd2f7045de4b02f77d42c9dc0f5ce |
| SHA512 | e6fd7e4f9f9954dc91c1e3e90ed24d073960e0cbad41e15c53c4bf2660bedba0f6f8405554a98bb3b0e210856756e0ef3a79d297055c4ebe822233e6657a9f65 |
C:\Windows\Temp\{6C633254-460A-4E4A-BFC3-7A7C5EE6B725}\.ba\wixstdba.dll
| MD5 | 87c8a7ea44e8ee0d9358e25b7dcd397d |
| SHA1 | 0e2021be823fee499175d2c0d68346d15c02a376 |
| SHA256 | b7de0a0ca3a94738747abd708e30ba1f9638a8c8b7d8173c76d4f39fae3d9346 |
| SHA512 | 98b5bbe5bb3ec331a0025e3da209296050b2f695be5a4b90b5c939f8fbbaada6dd93483eba779c10151546c2798aab5282fa619a55ec0cf04f56a03795a0a3f5 |
C:\Windows\Temp\{6C633254-460A-4E4A-BFC3-7A7C5EE6B725}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{40253EFC-EA28-4C23-B1CF-E435FB7EE2E8}\.ba\1033\thm.wxl
| MD5 | 4479c9aaaae17f8009392786f0910789 |
| SHA1 | 216b73ba2094150424a9fb4a3d4e1d46b7a38945 |
| SHA256 | 34919f9197533a6ba636941a91e33e57338fb86a821fa02bf586cb80e9eebdb2 |
| SHA512 | 6a15007c0239ef1d463f688a5a5f577a8dd0bfb1ca2308b128e31efbb4fb2a2856cbbaa4695e688ec894f8e3ae75a132707d61f88591c686d410f019bc30a9bc |
C:\Windows\Temp\{40253EFC-EA28-4C23-B1CF-E435FB7EE2E8}\.ba\BootstrapperApplicationData.xml
| MD5 | 12ab63b7e3b6a19e0704d7aa36205e7f |
| SHA1 | d8500be309484e966a9676b2389ee2343f6a1f64 |
| SHA256 | bbe5d1660e9d44878d8bb132be8b4fa21bddd1d6e823788ca5867b25b0ee4daa |
| SHA512 | 53498a111ee0e0c6419a638ff9f8e424a38f6e1986f3184b9549f75f8ba1082fed9924147124451b696448772dbb9da4c98e8280e954fb8a2552726373f26612 |
C:\Windows\Temp\{40253EFC-EA28-4C23-B1CF-E435FB7EE2E8}\.ba\thm.xml
| MD5 | bc4c1b302d6c87c4026508120e167c95 |
| SHA1 | 4f33e2661eeb097e50a3fd2dd240f281353d21f9 |
| SHA256 | c9e7e37d46601196e0dda5d42fdf80c533dab4cdf09d68e5a7c9a86c05795e00 |
| SHA512 | ead68a5f2e59dcca4e428c6c0945c8dff74e9bb72ec0e7e2ba7bcc8ace7a9c756f3b1a382c99bbdaee506b583623355e9de3533961eb86a35fac4520b4792dd4 |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\windowsdesktop_targeting_pack_8.0.5_win_x64.msi
| MD5 | ecc61fc4446eea417696e929f43fa891 |
| SHA1 | e197da3c227187b67cb2343e78e7de6955bf7217 |
| SHA256 | 1b0a334e1ef3563c679fe7b6ab13b5b460c132ee52a95872e5de0d96d3a675d7 |
| SHA512 | cb772e282b7f9845f79de09e4c74f61ead830b7fcf261db101fdab6ae374c5d3bac05961fd8f0e23a884560c8e88b95fe61f84f2485c25b99d2d80795f87d99d |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\Finalizer
| MD5 | ded6968a51eb0e00589450da07d9ba19 |
| SHA1 | b1563065de68e8d9abafe521a2613d88139e9a48 |
| SHA256 | f7e648310f9d0c356feab0bfbc0e96c9fe44efd1fe84d69b9535333120b00220 |
| SHA512 | 5347763ad5d9a2f3aba43b97e0d6e8c18b8e1c7852ff615707d7a91b663c49501de10cb13b0b173fe62c4d35a2b62576540aa5dead5b96f006fb6bedd6e65476 |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_runtime_8.0.5_win_x64.msi
| MD5 | f515c54d4ed80fe910e9ed252111adda |
| SHA1 | 0ca07002ca35e4f01818f9aad91b9f16ea9c4f90 |
| SHA256 | 23dd0b88aaf091992aadc29cf3845f09e6c6ee385395e86c6b735e7899af096d |
| SHA512 | e93af9c67e1cdafeb29abb6df9eb7ebb30e2d300f044bf6144543c1d6983f78b1e59384e43a1a1d18a1a97e0f68872f637b1fb98ca2763738ebf5cdbc36b0f3c |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_hostfxr_8.0.5_win_x64.msi
| MD5 | 523e0b41c264342ad9e9dfe3f86637b3 |
| SHA1 | 0ed0ef1483301004c60787784f2d4a4f91c6b1a8 |
| SHA256 | 1e498023a1cfe5683042a099b4568b4f75e4af965faaed1418598bb614100a08 |
| SHA512 | 54805876e6de4e2ece8b9420ddd631969e3427648a06ba2c6c38a79d4a2fdb7ab71ad7e43b918c752ef362f163365af2a1fb41cbbfb81e5fad9767b6d3ebd1dc |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_host_8.0.5_win_x64.msi
| MD5 | 11dc38bddda84ce013ebd2f64a30ba39 |
| SHA1 | cc3024b33dbefe3e5ddaf99d2ff48fa836d3acc7 |
| SHA256 | b735df85f784fd764183379b755a3678cc57fd93e022e2649495dae0f7b0eae1 |
| SHA512 | 62321afa69c78565841b9ab408e7e571c5b235e54530365a856de92f9e67282c24666bc6566fa842163c4e86e37d45644232783e111fb1762437f3eaa48c8c7f |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_apphost_pack_8.0.5_win_x64.msi
| MD5 | 5775073fa11dd045a9969669c51a5db1 |
| SHA1 | 8e80aa478ce31cc22bce936d9a40e93680d077f6 |
| SHA256 | 17d93947fbc71b6f5f0907a474a1616447ccb8039b49f4ccba284e40943a7669 |
| SHA512 | fff88888194675fd109a32b580b082b11cc02ea9b1d69a3becf614bcbfd40c9ef77cd948d51fcfc2ce4a3eb56a863f13ae811fd0fb8ba2c324eab16be5c900ef |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_apphost_pack_8.0.5_win_x64_x86.msi
| MD5 | 433695d32045986230ce899b07b0b7b4 |
| SHA1 | 231f9942a0d415f5db53423a8613ebdfc37d1b60 |
| SHA256 | 7d117a3b36c51bd1073bd2c16ebb66ac7be1ae408c7f17d82726eef009958fdb |
| SHA512 | c9887b9b7520d645b64d0d9d833dbcb1485a9c91b881f633aaf86e24fa7dfd99534f7241a9662e6617c702f197bad90652b36e67970b2ce1f55c5494f6cdc81b |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_targeting_pack_8.0.5_win_x64.msi
| MD5 | e88a6f08d2bbe974b89979f71676c1b7 |
| SHA1 | a00841527ed694c9314f686d379a3979164d2808 |
| SHA256 | ceeb7d052b2bd39fc15ffa3b578b7dcfbcb5b5a182a693afcdd6646433a3482b |
| SHA512 | 7f2b4f2402a60384d1054f9311c7a02bf4c3455f979269a8c708644d74774c15100c767b062f965c2e6711c8351699b1ed4ce22894585f99e3c64956a2e6cee6 |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_apphost_pack_8.0.5_win_x64_arm64.msi
| MD5 | c09d4f94aaf83b8056e95ae607e0aec6 |
| SHA1 | e10da8d4733aafd18b2f643667d5e40ba39cc0e9 |
| SHA256 | c8e7e38c5189a37a2530d9360ae8a5ec12bfd4584e8fbad676416de76a9732e3 |
| SHA512 | e818a870628b0a1c743ab7baa7cc1cc65ea9684ad0fea8985ee7bcf215808a76e28d76d7fdf5cb1d674100639bda91c02dce31370a4f82f84a74c5a00dfd5cb5 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.300_(x64)_20240527145653_000_dotnet_runtime_8.0.5_win_x64.msi.log
| MD5 | ae456b2132f0d3ca13db66a29f8c838f |
| SHA1 | 138b4d9aae6039405dc121b8b263972a151ae01f |
| SHA256 | 28dddfabbb5acdeb37827ea3e4e71757aa2af92a9f7796a85b3befe8738f321e |
| SHA512 | 97e8d799b845bcdfc840ce8cb9f1cb868768d745f2def4241d93b54bd0d473b90a6761a324084c8ec2f08c57235bfe988ba52219cd09795da9dad28c76e10c30 |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\windowsdesktop_runtime_8.0.5_win_x64.msi
| MD5 | 2d8a9f00fb0887ffd890b622aecb2da5 |
| SHA1 | 16c6686b4c44abd01ed814d218528fae411fd87e |
| SHA256 | 2edde9257410ad2303baf9395016558e398674e2c18e9774e46c9f8cab1506b7 |
| SHA512 | 3c2236f4ebe388fc6276d555058d4cfb72c67612ccc947570155d10297076d748d6b1f8fd8b18ae477951c2a20d74c0994de2ff0b19ba247a84a63de8eb24eea |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\netstandard_targeting_pack_2.1.0_win_x64.msi
| MD5 | 44c7e9bc360848980b4378d65f9f34f5 |
| SHA1 | f7a63dd8c002a0bc6b7052916d86f3b45c090dc1 |
| SHA256 | 6c17746b7be6bc679a62a919783eac7161ecc63866bafdac02081c75f3be40b4 |
| SHA512 | ada7fa6d0b3a1687755728c7085add9016be73d2ef59a65bf1065eb82824e0067910b74795888b050bb7cb359d667b65d3e1ad82781d5f90db744dd643991db9 |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\aspnetcore_targeting_pack_8.0.5_servicing.24224.4_win_x64.msi
| MD5 | bd0f9be689bd9206127bc7a06ea3577f |
| SHA1 | e67685c8fa16f8422a7319a445dbccd4880addff |
| SHA256 | ef93fc6f7d997bbdafc0ba3271ebb9909eabd75bacbaf2d44802c946e157e678 |
| SHA512 | ead04ee79c9c20d5a17b1a441b9eb4c44ab6142334e7632ccf23acda44c77272b6fadd0f8c62b8ffac14f877939b78a56af4c455ec458fc9a3b2eab7e6c9e915 |
C:\Windows\Temp\{80B074ED-1589-45BD-AA05-4BB101E09BD8}\dotnet_80templates_8.0.300_rtm.24224.15_win_x64.msi
| MD5 | fe1dae231d859bb8873a1cfb4d10a780 |
| SHA1 | cd11a4fc943785281145e7d94817be6e3147faa4 |
| SHA256 | 0a971de7da8d04d1cc0491f9d16bfdaec605dc7eec0d7e7df9844645e58f75fb |
| SHA512 | 76608d7eca7df522d23636bd29439280db828d1e0ad1fdba7e22e12a5cd740ae9d7b3c90c2840085686279ce0e015f477f4d4270c944c1ab9203f138aa14b486 |
C:\Config.Msi\e664706.rbs
| MD5 | cab2b93a2675bfe27f4018e5920e025a |
| SHA1 | c228785bd10b50e9d06f9915b6c8512c0e3dab09 |
| SHA256 | 89974b74a2ae281e15ded6be975e75eb533d01d1df9a361e1cbdb9bbaab91930 |
| SHA512 | b772565d8c374fd7a88909a9be94dfe3956669de540d1b1804c779d2beb1dd28fbe5a9055c54705376423dd834eb07bea1654537ba95d250ca8f8d448cec1f6b |
C:\Windows\Installer\MSI6358.tmp
| MD5 | 8edc1557e9fc7f25f89ad384d01bcec4 |
| SHA1 | 98e64d7f92b8254fe3f258e3238b9e0f033b5a9c |
| SHA256 | 78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5 |
| SHA512 | d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd |
C:\Config.Msi\e66470b.rbs
| MD5 | 00fc7ba1fbe7e6036bb756e8d868d1f0 |
| SHA1 | b33565a4880f9da396c8d0397c4e4720689d3058 |
| SHA256 | 9f54bcf9f8b9d7fd838e562f63f515d181869da2a9a2c0185a097dfc0b7c82ea |
| SHA512 | 74b736209f6fa624fc1a3982844274335d98bbae01b254dcc5f9da85580b47ac6c15ffcad52db655b376be705c844ff5d97088e68a6fc2f4820bba4a0bb3cbf2 |
C:\Config.Msi\e664717.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Config.Msi\e664716.rbf
| MD5 | 33b4c87f18b4c49114d7a8980241657a |
| SHA1 | 254c67b915e45ad8584434a4af5e06ca730baa3b |
| SHA256 | 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662 |
| SHA512 | 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9 |
C:\Config.Msi\e664710.rbs
| MD5 | ed7b01b37a23f466908298a47740de27 |
| SHA1 | 1ef88ff192d6afe4250e70288c64fa15ce447fa4 |
| SHA256 | 472570cd3baf92c06dd9fcbfd43e5368da36593783ed6709eacc934d26c29352 |
| SHA512 | 42982c990a90343f1608dd3f17734bb0de9e1f41fc0439411ee127c0baf9f30ae730cd02233f946a160da11f4243b1488ae67e662d64c30b9c61453068c27bbb |
C:\Config.Msi\e664715.rbs
| MD5 | a3a56b6286816fda101dfebce0c9081b |
| SHA1 | eeb9ed30340deddf6166333c8e0cf6dac40625ac |
| SHA256 | 3d248cd88ed5b9a501883581fee1321d31982834091ed702e01caa99167690c1 |
| SHA512 | 7e4b5354d00d7f8e4dcd6d7aa5a94d0950323f085d2e5b7aa8cff311dcd70548c966bcde4763dce4d336a48272ed360c40b76cf7c034eb8a1eea2dd32803e6ef |
C:\Config.Msi\e66471b.rbs
| MD5 | ad18e0782e52d99a5c2e88167de35eec |
| SHA1 | d51177831cebaa51e30b5ffcd9960958b89d911d |
| SHA256 | b88d387e0ed843c90e0b8510c97189ba4d05ff9988331374bc0763e88b72f991 |
| SHA512 | 28e7f4db8ac334bd9a67ae209e58b993d7a6c575104cd2b8bf7eb33eb8a77cc7a575b1870362e03d8cab243c616ad7f6f9495e7d2574e608a548b3408516dde2 |
C:\Config.Msi\e664720.rbs
| MD5 | 8eed15e4e58ccc513bb2c5ecad519c69 |
| SHA1 | d28bf1ecef40f71de6c2bfc85389f0a8f05ba5eb |
| SHA256 | b8bb1914617a0d6e37bd2d3707521959470d580114dc59b867834337a1f8fc13 |
| SHA512 | cca9c5bc9fbe6332f062ea9da711305b0dc33bcf83b194d2afc44afd33938de6a927ac0106bdb8aa9eb3653d03ab165659f126a0b321ad4879ce62fbdfe2835d |
C:\Config.Msi\e664725.rbs
| MD5 | 7e725afb5d092ae5ceafddb76109be31 |
| SHA1 | b95b1ed9abbe4de7527779a8d49848a81c4f33ea |
| SHA256 | abe66584850b86401af3471ef9b1cbbd1b9bf48054ccc51bd87a942868f34789 |
| SHA512 | a1c5139ea6f48572f6789fc29a99b39e00bc480bb25502a5ec5f200e7b12fc1eb139ee81264afc20cf21993fe8b0f99a8609acc82992463a0d5635b7f8b77c6f |
C:\Config.Msi\e66472a.rbs
| MD5 | 7d588f11fc84e515c0bc87cbf94c2c5c |
| SHA1 | 2ef593ebf3ee904840a8cb9fead3b4a3cf58b522 |
| SHA256 | 0ab9b3107a950a4335891757b3793f9fa07a6a3874dd45522488f7eed1653e0d |
| SHA512 | 8fb6043c478c9a3c8563fe2878cd33380df25e2afb10bdfd745eebb762ea1742ba09384909a938057fbade14d43f30bcf98785f3e19e84c2b851a9454215a58b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4077d018589baf8bc3ff02a0e560f9d4 |
| SHA1 | 95184f191a2f93c2548f21cbe08ced6713182d6c |
| SHA256 | 1ba61645cc57a78fbe111e6838a22139c35b186a1a0705849043d518a5af8876 |
| SHA512 | 4c8f135db0cf8176c06c9c39839931691a58914a3244941a1d21302913d7bcc5865b676d932a31ff13fca09bbf76665b5495a40cc5f40ea4544b93681df1fc97 |
C:\Config.Msi\e66472f.rbs
| MD5 | 9520f27521858670cdc89c479e8bb593 |
| SHA1 | a4f135303a81e725d8d36b288329538a2ffeaf58 |
| SHA256 | 028d3a584bbb31da80fcbe2e59e9716939f982d6d3b2e394a237f3b9f643376c |
| SHA512 | 24d7be0424b4769a50acab424a6bf43a536884b8d7442e28c3081a45320f765697cf20c7ab7bb8308840dca8c9952346749261e8b2e2a5c2b6bdaf35c7199a5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90acd44f900fe5566c12305edb721883 |
| SHA1 | 14617be28c51bbe9cc0be9cfbfce001524bd3e20 |
| SHA256 | c8dbf0d1ca13d7272eb5ca717671e5b66eeeb1bcf7a3b7aefd4868bbbe157031 |
| SHA512 | 48b3a0b203669232de3ea1f203f34557733b93cbcccebc4286805f871d9bc907ed2c743e6077d31c5d4125657bd1be039bb0aff6f4da38d6cb00952c26a2c385 |
C:\Config.Msi\e664734.rbs
| MD5 | 0d32702f5ecc15a30e0168cbe6bf1bb1 |
| SHA1 | ea2515cf9eae1216c573fe5b0965d84c6dcda137 |
| SHA256 | d9e198247c947a6af0078e985b3f9f620568b244dca4e145f985b9e32eef4d60 |
| SHA512 | 1d94c2e6cc1f53573bcf05593d2ae5cc758e669afb1267b4f1daa96dc0f4dd0de0e0bc58698eba30f3812e7e95167d7bdb978d2521f8d226fe836537c9278e16 |
C:\Config.Msi\e664739.rbs
| MD5 | 352a715c9ad5bd05bcb00e8170a8467a |
| SHA1 | de31167714cc3906a55585666846a00c2ac07028 |
| SHA256 | 8605a7bf56d1247c6f23fba0a2e6d442b7f3d1c4caaa72a61616a26bc08ad91a |
| SHA512 | 5af4a31d9bfb8fcfb38a68fd9aa3fd4e2dcf40413975dcde92e85da9cd7a8194da0a2a789b75010b89ce3c176de48cf34c19c0f71f9ac601eb3ddebeba8af452 |
C:\Windows\Installer\MSIAA61.tmp
| MD5 | 60e8c139e673b9eb49dc83718278bc88 |
| SHA1 | 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56 |
| SHA256 | b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb |
| SHA512 | ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103 |
C:\Config.Msi\e66473e.rbs
| MD5 | 075eb58f412f9bd3db941d947489ca1b |
| SHA1 | eed5e14336fa4c98d40aa999d885192d494317aa |
| SHA256 | 0cc4623cd8322c2d1f77325864775bb257be6859ca26743a0c9ef64f42ae0c6f |
| SHA512 | 7352011ea486d6c2c736989809066e241cab5bbeb869fcfea9871f2fb77b139a6c774fb121eed68138de7e872b2bdee1fbb54d2f35afb7ff92ea3e6613a14e01 |
C:\Config.Msi\e664743.rbs
| MD5 | 12b3faabbe176c6435c7323fc890b379 |
| SHA1 | 8cc7bf3fbc8e108d90de324bd1a415470f5f0760 |
| SHA256 | 39bc7c6d46222ce5f0a8bd7f4ee2f902d8c51107ecf9f936b2c5787e18db7d73 |
| SHA512 | 4dfe6bb842a5091ccd671c145b6dd5009c815b8801d1aeb016f5d283375f690003417a95d62ffc1bfd79bb749a110a2f5c29f38870f545cf0b4d8056ed41cd59 |
C:\Windows\Installer\MSIBA91.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Config.Msi\e664748.rbs
| MD5 | 4369ef4ba05c4a37355e8294c3e533a3 |
| SHA1 | d226b01f12bf66d61e21ab38371a55d994389a73 |
| SHA256 | 1f4934278017294d7a27777107ca33f2ee082037465a4d227ed93efcb04f281b |
| SHA512 | 282d0674afb7f113b6d29797444e8323036af00bd93b44c5a44eba175460e45c4ead03797077f3a0b01f5f585ce519b782fd948461614fdaf9674cce304b1e1b |
C:\Config.Msi\e66474d.rbs
| MD5 | 97bc3ffa43e40494c162fad75b9b9e07 |
| SHA1 | 27820acab87290ee9eb5db6c73fd8b55006bc5b3 |
| SHA256 | 0d127bb5b632756d039b3030c95a6d9a5215d3b35ddc4a5c5a60135f7671d795 |
| SHA512 | e574de8668250120f1f01a543f9266c9e9a1e01230c8da3f60e8af76cf2d7b42f32f400bc269a4cb1b454f96b7dfca894e464e90c813aba5ebea4fbcef42b5b5 |
C:\Config.Msi\e664752.rbs
| MD5 | 31b27d3467d5e3095862b35714b8b56b |
| SHA1 | c8256584db655f1dfa026a2f58b9d603197989ab |
| SHA256 | 38c78a27e3feff9e64ad4e79fa805fa01a4e2a4f4444e8fd4d40e59ec5ff8993 |
| SHA512 | 9a391eaa9879a1a265f8276730ec74e1e77df19868b31f1d89bd90f8b6b25fa7903a4ca6202c37ae951e9e45608edeac656c088b6ba58385083b0fe62c99dbf0 |
C:\Config.Msi\e664757.rbs
| MD5 | cbdc127951438242e6009e4ce8edc1b9 |
| SHA1 | b62d0e0aea15ee5986bceda57a3e924839fd903f |
| SHA256 | af9043958d10404ccec09e05ab436ff338cc6fc7bdac9492c7027ece033ee92f |
| SHA512 | f9ce35f04ec2cb24f04d533815ce8b8f8160bc348ccba478938cdf04380a74f9ee9e0a77d80ccf8fcc9d417326d2fd1adae6c1786a16bea019dcb6ac304d5784 |
C:\Config.Msi\e66475c.rbs
| MD5 | 5649d3b3769185c0b21c334c0b2affdc |
| SHA1 | 1ef9ab280a700efa49f0d87abeece94891d41010 |
| SHA256 | 79064559312258d0d94b05179d243a910b7301a5f24461c77a03721ddd6390ae |
| SHA512 | df3f5d30b21859093d0d0bc140d3b0f312cd4b6ee81e8981c986acdbab718ee0b7745987c9c82266272a540f38405e13e2282dba0421083657c539458ce63f85 |
C:\Config.Msi\e664761.rbs
| MD5 | f95af0e8955244572c7246c52791606d |
| SHA1 | e612d4f1c8509c5bf7d0f8305fdc0b6f0d092242 |
| SHA256 | c56202f76a10df29ee79aff42ac13837d14f51c88723e6be2a466dc2ee46485c |
| SHA512 | 6380a98cf859aa8bbee8a7cf6ae1f29d10a51d2070818081eb4c1777979820bab83958e3790c050fbf85c86cb79a7bca5ac08d5f186e87344e0d8a50ae9f3997 |
C:\Config.Msi\e664766.rbs
| MD5 | 2855b06737c18d355fc16a880afdb129 |
| SHA1 | 620e74c5333201a3193a9e711ae6404f4ec4de27 |
| SHA256 | 9f042b11a1ecdea8cd9872cc3c977f184a58aa37e4cbac663000c57095bd20e9 |
| SHA512 | eae1972adb5f8765c731fd4e7bb6158518474ffeed8d4bc4fd38e8eb9a261a014cf8fbfea8d8a1dd8f8ff32a8bab646aaa9eaa816ff25b7d72e9f5b85750dae7 |
C:\Config.Msi\e66476b.rbs
| MD5 | 311207e08aa98e22cbf0e85ce5f0e3b4 |
| SHA1 | 8eadfa6f68b0a2a0b0dc396a3f3e62a071974a5a |
| SHA256 | 1a2607fe7847505d1433cb7b7aa09f81643f8d3c22e442616465de141e4219d8 |
| SHA512 | ee25ab5a8e7332866ce2d26e50157d820219fce02808bba8d690580415057f0193065eb9e397fb659bac069d7c5ba4846ef0f5b2a8482db9796aab4cd1061187 |
C:\Config.Msi\e664770.rbs
| MD5 | 9fdf4b67845ece5efd89c1c135325223 |
| SHA1 | 914d3c81770f819596b93d31b65833207177fb47 |
| SHA256 | 671296dbfca612bcf2190199dc318433e005dfcfc58049c70ad86234ea55f2a9 |
| SHA512 | e69c0f9bfaa76c69b007adb53f14a58a66bdcf0284b3e84f2b48c93a543573f3bc5447e99764366ea5044100a17aa261938d991459fd25f6e8fa580e0523f04d |
C:\Config.Msi\e664775.rbs
| MD5 | 2f1e6455bb545a0a4f7c40a1761d1915 |
| SHA1 | 04e96adc69543044792447bda6dda70927371ee4 |
| SHA256 | 349e057dcecfee93853d623f98fbab40eb9342a768214805084e1ca6fbe5ac7b |
| SHA512 | 0f12a8474b593c4f58e4ebd81404fa291f681b9392dc3667d535d3d745680d4d9ebcc934c82e7035f52b5aa4e1a4da608b808cb904dc174db4359fed3ca3846f |
C:\Config.Msi\e66477a.rbs
| MD5 | 2d65ef3850b333bd51b30f8d2ceea123 |
| SHA1 | 76c1244c96d9272b5adeba4f5bbce61080bc1aff |
| SHA256 | 251efb4d7e3a1d1be88518e05f2db035c83a9c844aa5313db83db4f4e2f5a2fc |
| SHA512 | 5d7e463500365e987719598c5a53a31f853ef61506a4ba480d298418a6a50fe56c1a5dd52a74d2a447cc398579e2bc44f98d599d92d26598b7afe2046b15a4cc |
C:\Config.Msi\e66477f.rbs
| MD5 | 7f6ba83975562b2b75b8cf8d2d8f1201 |
| SHA1 | e887fb00bc403643d8ff48ecf0a7160294b92ad1 |
| SHA256 | eb0e94c06e5965e8529ae34e90e1b2d4f30f32f0be02367ff1ad8e1b8a818c73 |
| SHA512 | e23010b6d792668bcec5b506a51307116c92d487bef0bf858a6a456f60fb5c868259bb4f185ac54c4338c627328d87c2690579f9b8db8a5b21588860a83e15f9 |
C:\Config.Msi\e664784.rbs
| MD5 | 1ef8b90d09283db74eb7a767761cf67a |
| SHA1 | 27912f46c1319e055719947c374edc53ea506047 |
| SHA256 | d879be65c7134509cb5d7bd7bb9ec2bd00773712aa2b8ec48a3c2938994e2b32 |
| SHA512 | bb14d0ad4cd1ae401a2da1de08fb1013bb495ba9068e98601fc74d56e53754070f73bde2d0b365744b2e49ef396b1e33ea0c2f8f45d83b4a25e86ec6fca99396 |
memory/5000-3501-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3502-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3500-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3512-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3511-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3510-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3509-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3508-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3507-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
memory/5000-3506-0x0000019FE91A0000-0x0000019FE91A1000-memory.dmp
C:\Program Files\dotnet\sdk\8.0.300\TestHostNetFramework\testhost.net472.x86.exe.config
| MD5 | a22cdd3374234d3a50c2ace2dc33a63f |
| SHA1 | d71bb2417cb805c3da21ebcc0e1ae5a102823c9b |
| SHA256 | b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874 |
| SHA512 | 71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Text.Encodings.Web.dll
| MD5 | fa9d0d182c63c49a4c567f7c1652b6e6 |
| SHA1 | 55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc |
| SHA256 | e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84 |
| SHA512 | 58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll
| MD5 | f09441a1ee47fb3e6571a3a448e05baf |
| SHA1 | 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde |
| SHA256 | bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f |
| SHA512 | 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Program Files\dotnet\sdk\8.0.300\zh-Hans\System.CommandLine.resources.dll
| MD5 | c182eebde556be386ca5b656974993fa |
| SHA1 | 864aab5c6e71bc3537612c2541e7737d02e6f4c0 |
| SHA256 | d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd |
| SHA512 | 3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll
| MD5 | ea1fc85ccabec5aa1ae22452afbafac1 |
| SHA1 | 8ea9da27d9335f80c76867837688218b78311148 |
| SHA256 | f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483 |
| SHA512 | 42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk\tools\net472\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll
| MD5 | 3f14df8e4be6100673090c43eb3c3476 |
| SHA1 | 61c1e35aeb6cb477077416f050c344fb18f5f87b |
| SHA256 | 09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2 |
| SHA512 | 7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c |
C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.targets
| MD5 | 5725a6d47308db618d015c3e55dd499c |
| SHA1 | 9b3e1ac8d62d522505f57fee89a249ac33325edd |
| SHA256 | 61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1 |
| SHA512 | ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ru\System.CommandLine.resources.dll
| MD5 | 7717b3eae55b3ec74f40699c1b9896c0 |
| SHA1 | 1483166af6059633de2e20545bc3f3cb6f035304 |
| SHA256 | 8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02 |
| SHA512 | c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Text.Json.dll
| MD5 | 63f1d0b53ce47b0ac3216281c8bcaf24 |
| SHA1 | 090cb7392ed07a94d237b5aa2175689faaf49b7b |
| SHA256 | de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb |
| SHA512 | 386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521 |
C:\Program Files\dotnet\sdk\8.0.300\MSBuild.runtimeconfig.json
| MD5 | 29b1d428243138af5176ef6b2c1b2c99 |
| SHA1 | e056c83aa5dbbef653ce26a02eb05eb7e54cdc75 |
| SHA256 | 6359ce84d5ca840557e9b26b85499f2ac90dad7784cce1071b3fbdfcb3aeb7ad |
| SHA512 | 063d2d52f6bef27945a31949c1cbeffa23ecee8d6b225d7f64189ab1b2fcbd4387cd4cea17e5a0c3bb32d14fc80417f7a4a714742c03035e933fb888fee9def6 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\zh-Hant\System.CommandLine.resources.dll
| MD5 | 9101e8227a7ab83cafd27e4ec222ba10 |
| SHA1 | 3a80807f7cd695bd9258eaaadf8b2d7dccefc125 |
| SHA256 | 8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e |
| SHA512 | e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\pt-BR\System.CommandLine.resources.dll
| MD5 | c7f0f7e0a7562225d7b60b88459bde92 |
| SHA1 | 96c432044ecf7d346e09c6c46f5ca163396d97f8 |
| SHA256 | 516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353 |
| SHA512 | 05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999 |
C:\Program Files\dotnet\sdk\8.0.300\de\System.CommandLine.resources.dll
| MD5 | e771e643a2f47b5d527aa4dd1e857aed |
| SHA1 | ddb6ebbdc354122989c67ed9cc2555da640b16e5 |
| SHA256 | 8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15 |
| SHA512 | 14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | ff34978b62d5e0be84a895d9c30f99ae |
| SHA1 | 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85 |
| SHA256 | 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc |
| SHA512 | 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-watch\8.0.300-rtm.24224.16\tools\net8.0\any\fr\System.CommandLine.resources.dll
| MD5 | aa8eeb801d74a4e562fd8c044e03fa8c |
| SHA1 | 8653841bd62dc74f605f608ed8f354dd692faaa2 |
| SHA256 | 7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b |
| SHA512 | 388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\it\System.CommandLine.resources.dll
| MD5 | 4e92ced559ff6f26d238fc5393dab39f |
| SHA1 | 400983302371c5a7ba38e3dba8fbc4c5f8192018 |
| SHA256 | 37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471 |
| SHA512 | 0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3 |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\ja\System.CommandLine.resources.dll
| MD5 | 5d26652b0f420ca6ba2bfa00b84eea38 |
| SHA1 | 8dc1d2a7cb6b857344c120544f842fccdaa97e79 |
| SHA256 | 654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c |
| SHA512 | 5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419 |
C:\Program Files\dotnet\sdk\8.0.300\es\System.CommandLine.resources.dll
| MD5 | 79e57433e70b5a0a300303dfc5d759b4 |
| SHA1 | cfe5862964f3b389cbac01e157e9ade0031e45ef |
| SHA256 | b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8 |
| SHA512 | 8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4 |
C:\Program Files\dotnet\sdk\8.0.300\DotnetTools\dotnet-format\cs\System.CommandLine.resources.dll
| MD5 | 2f679e46823cf54660405eda0dbf0842 |
| SHA1 | 29fdcbd753e36022b6308425dad9323e5f3472fb |
| SHA256 | 6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf |
| SHA512 | f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5 |
C:\Program Files\dotnet\sdk\8.0.300\Sdks\Microsoft.SourceLink.Common\buildMultiTargeting\Microsoft.SourceLink.Common.props
| MD5 | a5dcc9e5bf323d748b26652e11956905 |
| SHA1 | 7f8c7a2523d1f4600e0f8bf347d10564cef36780 |
| SHA256 | 2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c |
| SHA512 | 79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae |
C:\Program Files\dotnet\sdk\8.0.300\Containers\containerize\tr\System.CommandLine.resources.dll
| MD5 | c9c8df325a05d227bc32a5d854713c4a |
| SHA1 | cf9ea69ccebd1ef0bd46beff01254a02c5fb0131 |
| SHA256 | 7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf |
| SHA512 | fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 91dba54eca40d3cfaa3ac78a883363f9 |
| SHA1 | 61743c077f10a80b42597a3a968e1b40b52203b6 |
| SHA256 | 8bed1f80f0f88ae90728d3ba3e13b49c408b7642667a2550c5724638d1252cb7 |
| SHA512 | 72993a8a886fa740801b3a9c8d7a7f4fa7ca1db898039728971f1c7c2e212007f374f1123b527dc3c75d3cd454943639435a0b29194fad990cf16202bbce4e68 |
C:\Config.Msi\e664789.rbs
| MD5 | c3e4b0b3e800ed1751c0100570864eb7 |
| SHA1 | f797f60d99dfe18765f1c23bd203fcc0fe1e27e8 |
| SHA256 | 928e998b872017187689695c1057c18036e5982d00deb0bf37925f7e4aa80bb1 |
| SHA512 | 4f5cfa1fcb3b3f20637f1a670c1cf6992df5e15296f604c904a622474659a1a4080546c092cb52fbcf6de1728cb14403be93bd8d5c234e269312534df31ec5f4 |
C:\Windows\Installer\e66478f.msi
| MD5 | f8247cb4681460bacaa8c44719257952 |
| SHA1 | 3a41a903ae164b823215b195b618c8c3dc159b9e |
| SHA256 | 94b57e7393198f0fe80ccb0ce070a2fa6f719134d7f976899f710aefcbacac0d |
| SHA512 | aeb476c9ea76d3ee8529c3074125833eddfa4cf331d8ac5cd4ff3b7ed48d5c09510e4923593a880851f45804926ee40795273ebfa6cedb8c54812145f11ccf92 |
C:\Config.Msi\e66478e.rbs
| MD5 | 4b191656e5902e10a648243b7b0cd4b4 |
| SHA1 | cf297b4cd5218214049d74ab8e1d7165b2d08460 |
| SHA256 | 27c9000368cac49c1fa0f1213f2f77077aedad987a9f171de443407526171baf |
| SHA512 | 0a7b5e2787e0b01c1d580583c51c441823768b770f848afde7b8d71463e5d4cb10bd4c6bc97426d91c0e641521073431bbcd60114626cf47799cfb14a6f7be17 |
memory/4844-7339-0x0000000002340000-0x0000000002740000-memory.dmp
memory/1920-7342-0x0000000002350000-0x0000000002750000-memory.dmp
C:\Windows\Temp\SDIAG_34b4ecc6-c58e-4ef2-aac7-650edb32c659\en-US\DiagPackage.dll.mui
| MD5 | d7309f9b759ccb83b676420b4bde0182 |
| SHA1 | 641ad24a420e2774a75168aaf1e990fca240e348 |
| SHA256 | 51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f |
| SHA512 | 7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d |
C:\Windows\Temp\SDIAG_34b4ecc6-c58e-4ef2-aac7-650edb32c659\DiagPackage.dll
| MD5 | 79134a74dd0f019af67d9498192f5652 |
| SHA1 | 90235b521e92e600d189d75f7f733c4bda02c027 |
| SHA256 | 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e |
| SHA512 | 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nsnykoev.qo2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3708-7484-0x000001B82F3A0000-0x000001B82F3C2000-memory.dmp
memory/3708-7492-0x000001B82F3E0000-0x000001B82F3E8000-memory.dmp
memory/3708-7501-0x000001B82F3F0000-0x000001B82F3F8000-memory.dmp
memory/3708-7510-0x000001B82F660000-0x000001B82F668000-memory.dmp
memory/4064-7514-0x0000000002550000-0x0000000002950000-memory.dmp
memory/4080-7517-0x0000000002470000-0x0000000002870000-memory.dmp
memory/1100-7520-0x00000000024E0000-0x00000000028E0000-memory.dmp
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024052714.000\PCW.debugreport.xml
| MD5 | ce4ec43186fe5bbd6ff7736f70cbf5ea |
| SHA1 | 500c374b4c0ea157c2c0f621e76c24ef6be17823 |
| SHA256 | d6933ee6e658da1204c84c87f3966dcb6c03320e4cf9ceb6da807a833631a481 |
| SHA512 | c80f62f261996031f8bb8ac872c9709a51ac62ba4831179dacea7d044e975da20d32158bee1d8a6a316e58274ef6f2974c87721110ae76bd3831f265e5549b5b |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024052714.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
memory/2756-7578-0x00000000023C0000-0x00000000027C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c37a52a1c545fdd08e6cc086db652fd3 |
| SHA1 | 46b3e2bd6dbbe13ec1e58a26c5bfb6aa2aee5367 |
| SHA256 | 4becab38c669eaf92f22ecd635fd53595999a845f417277bded669061f5075bc |
| SHA512 | 2996ae64e6a7ab356ad6f71885b3acd11bec3afcd44a34d07fa8a6c3c634b92618ad7e8ecae6b03017916aa70e588e8628e599e8c5ce5c4b8a6e58d46074f887 |