hxxps://github[.]com/3DotDev/DotNetPatcher/releases/tag/Release4[.]6[.]6

Analysis

max time kernel
445s
max time network
446s
platform
windows11-21h2_x64
resource
win11-20240729-en
resource tags

arch:x64arch:x86image:win11-20240729-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/3DotDev/DotNetPatcher/releases/tag/Release4.6.6

Score

7^/10

agilenet discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4816	DotNetPatcher.exe
1200	ConfuserEx.exe
4728	DotNetPatcher.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x000100000002aafb-202.dat	agile_net
behavioral1/memory/4816-203-0x000000001B0B0000-0x000000001B166000-memory.dmp	agile_net

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	camo.githubusercontent.com
2	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1008421703-1762585720-607722284-1000\{67B3F413-C008-4268-88C1-6884CA61CB84}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "9"	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DotNetPatcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 70003100000000000259526b1000444f544e45547e312e360000560009000400efbe0259526b0259526b2e000000f7aa0200000003000000000000000000000000000000c10b380044006f0074004e0065007400500061007400630068006500720034002e0036002e00360000001a000000	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	DotNetPatcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Documents"	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	ConfuserEx.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DotNetPatcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DotNetPatcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	ConfuserEx.exe
Key created	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	ConfuserEx.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	ConfuserEx.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	ConfuserEx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	ConfuserEx.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	DotNetPatcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DotNetPatcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1008421703-1762585720-607722284-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = ffffffff	DotNetPatcher.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DotNetPatcher4.6.6.7z:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ConfuserEx-GUI.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
2012	msedge.exe
2012	msedge.exe
3612	msedge.exe
3612	msedge.exe
3972	identity_helper.exe
3972	identity_helper.exe
1828	msedge.exe
1828	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
768	msedge.exe
768	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4816	DotNetPatcher.exe
1200	ConfuserEx.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	672	7zG.exe
Token: 35	672	7zG.exe
Token: SeSecurityPrivilege	672	7zG.exe
Token: SeSecurityPrivilege	672	7zG.exe
Token: SeRestorePrivilege	2316	7zG.exe
Token: 35	2316	7zG.exe
Token: SeSecurityPrivilege	2316	7zG.exe
Token: SeSecurityPrivilege	2316	7zG.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
672	7zG.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2316	7zG.exe
1200	ConfuserEx.exe
1200	ConfuserEx.exe
1200	ConfuserEx.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
1200	ConfuserEx.exe
1200	ConfuserEx.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4816	DotNetPatcher.exe
4816	DotNetPatcher.exe
4816	DotNetPatcher.exe
4816	DotNetPatcher.exe
4816	DotNetPatcher.exe
4816	DotNetPatcher.exe
4816	DotNetPatcher.exe
1200	ConfuserEx.exe
1200	ConfuserEx.exe
1200	ConfuserEx.exe
1200	ConfuserEx.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 4464	2012	msedge.exe	78
PID 2012 wrote to memory of 4464	2012	msedge.exe	78
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 1116	2012	msedge.exe	79
PID 2012 wrote to memory of 4468	2012	msedge.exe	80
PID 2012 wrote to memory of 4468	2012	msedge.exe	80
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81
PID 2012 wrote to memory of 1976	2012	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/3DotDev/DotNetPatcher/releases/tag/Release4.6.6
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc33483cb8,0x7ffc33483cc8,0x7ffc33483cd8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1052 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,114330951516439838,5059081678893139324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2644

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DotNetPatcher4.6.6\" -spe -an -ai#7zMap12417:96:7zEvent22830
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:672

C:\Users\Admin\Downloads\DotNetPatcher4.6.6\DotNetPatcher.exe
"C:\Users\Admin\Downloads\DotNetPatcher4.6.6\DotNetPatcher.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4816

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ConfuserEx-GUI\" -spe -an -ai#7zMap27696:90:7zEvent10619
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2316

C:\Users\Admin\Downloads\ConfuserEx-GUI\ConfuserEx.exe
"C:\Users\Admin\Downloads\ConfuserEx-GUI\ConfuserEx.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\DotNetPatcher.exe
"C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\DotNetPatcher.exe"
1⤵
- Executes dropped EXE
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DotNetPatcher.exe.log

Filesize
1KB

MD5
a90d8f3bdbbc8bfda8230fac1fbcdec7

SHA1
6dce45bc16716b7bc024ee0cb2cd0d391863203b

SHA256
b1883e8e108607ff311363c4acc77b6f03fb34304bf3bd9bd6025aa847efaa26

SHA512
44834b84911f2e508fd3ad596874488852827dcebeeacde3f973461b660693a813d9c3956542f074aa65d7f793fc2559a7d21a5629f060655713f53978ef55ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
884c8da0023292e9403adf54ee290afa

SHA1
3a3b0fb38a1123862a024cacb9b30ecc35f85267

SHA256
f56266c74a777fc7ac1a993821116e011242a3286271a5808938f7cc2e0731d4

SHA512
f7a22505e4791bc38fdb4e838d53223a77bd3028084af4f0846a9178702eaacc71e7cc8304422be1dc2011507801211420b5a410ff361968eafa1c883e1ed29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
faa1a2859704431065fadc5ebbaf21f2

SHA1
6b74e2bc325fa9c090b0814db6b6fd0c78a782e7

SHA256
35c2048ba356879bd823324364e41cbd17ac7d62aed9f70514db4682e5d543d3

SHA512
4e15548b6419c60b14973a849f7f559e755f0766c94be15b265ff318a0604522f0e4f659ccc3281163f373adafb053f6ffc97fa50bdc93d46576784f74e5e667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0501fa97dde0aea7f9e3d4ad00373dd8

SHA1
9b3cc40a1dda3feb9394a17c1668025ffe998b4d

SHA256
88cbfc49727b5a968a573bd2f45e2082090da7f7d2b199330731f5bed9925ddc

SHA512
fd9b8d3019dfa73fd2bf4d9cf15fbcbed8b9661a51cee3ccb0403d33283a9b35ebf5ab8b9f07b386e08dbb67bf50935a84ee0b760ee8ecb7731f21c4439fef88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
37bf10d0f5ccd9dfc50f4a2992aafb18

SHA1
e30f24857b11383a3e0028b47dd78d85afdb0054

SHA256
677b03fb8805e9f3ae941493cb02bf0b2e500725d5818d9244b8d16ff437099a

SHA512
ffb7ff22310cf3d2f9313ea0238d194d17b49489950b7cf02f663bff0d2d162df95c4953eebf50f50b1b3a5a43601e16bb889c11a574106fbb300eba5a2f2416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d6f1acc4a5c0a5b09487cc444f16b3d8

SHA1
49acda41adbc2774bb13e69767aa50cfc09eea52

SHA256
a0a1cab3d9703ed49ac5bcc193a9cc6ae8c3c360f90fa7930aeb4111e00215db

SHA512
7404cec365c6d8a3d57650e7fe7fa1e6f1aa0fa11d86c20f7858d32c1337d5d7b93afa069ec650db05cae517b747790f4fdb9d3afedc8b76586b10632c0e0f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
1b92794633aaa7d8ca83e408ef516a36

SHA1
4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6

SHA256
0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0

SHA512
698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b4256f10ddaffcb962943f1d21d0974

SHA1
61618237f0f480d14b9978a0b0947103db4994be

SHA256
2f8f98dfa10a1ed2ca175cf28a54214482c93b08685b32f60fcc51616e88974a

SHA512
64d2fdbf50f4f3a61a8a10cb931595f93d1043b2c5bbde41597a4692d6f30d1edde2b1e63df75cb8f7ba56998b8b6321d393153562a5605823c312f68d0b02a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f9b00fc7e421d816d73105274faac75

SHA1
9d2fae811a611ecbd4561bb750e7f6e9e98f9761

SHA256
2dc7b9829f590a5275ea31ac898163de93dd3b921865fb86f1da1444f43372b3

SHA512
9024b7886662c4ed9f9d69b6f1d463090f85333b9d241814076e272bd9b9b56aa41d2a2389636f061640c18621a9e0b80c89fed4ab20876aa4e69c3326a05c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6f1032084f86ec4e11894918bd1873b

SHA1
671365ea1bcc21c027362b22ccd6a5dca529745e

SHA256
528c97621486ae188de52c4cce9d8fb71dc24326b9cad374571a82f775dd3eee

SHA512
f0078f74cbdcb40ff74418d88fae573425d62ef31d80e69a6fb11e3993e5178157ebf74e194c4eba33a643a690b1773f4f3be91c9abe86eee024b6aa6d065ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b30435e08c61f705d57db5c7187a2a11

SHA1
611919dafb68b6471185d85a348d554a80661d1f

SHA256
361eb41efd9c1237b41d9d506e1554258bc4a0185bf95892ef7b7bdcbf9ead34

SHA512
487d9bf91919626ccb63dabd1648aec17f5fb20e9a9587126b1754f1af689b3fe7ca22ef6bce44becc5f8a1decc19cc1a90ce7125ab217ea4f494a7a54aa667c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
089a238e8e5df5bed01b12fd628a28b4

SHA1
50d4a038c7ae612d9b39b65232f5d042afec2325

SHA256
8d28d86b35a273e25217ef1f26027fe028b9d06552faf1621ea2d0965b78fc43

SHA512
d263867c48479d992a1539ce477866b42241a56e07e3dc2b7eaf5fcce06d8cb6ff1199b77e48734e86dfbcb1e755306bccde6c0d2efdad86ce9c551545f10b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77c26537b7b8136bc673c306b40b72ab

SHA1
6b0655cabcee7c8a7725d930b3d902a119681c83

SHA256
3b074aa5dbb0b37e55c16702e751b073999627fb86831b46f11f270c6f800c02

SHA512
3ed7ae1f44e61f7553ec1aeaaf2e47d2db60cdd1f6e40a7f2379296a128343209f703ca0934a747166db9a5af6597970e0da914403929ee7a4bcf7cb4aa5d68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da888bb5b1694e6f727158a1b02060f1

SHA1
5733fd79c8a7965c794482c0d1cc8a74adbb5a4a

SHA256
0baf32463e3ef203386b87764e0e7c443a337210e78da57c72933a4f8ca02d6c

SHA512
47056d993ac286be05d4ae0034444b195ad36a7ada142c8bb65d93c0608ca5d7b55cd2bdaf0623ea8d54837b65699479a37a2599ad7b96097119541ab434e481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b8ad7.TMP

Filesize
874B

MD5
687289d05dcbbea1151cfd9453d829d7

SHA1
d254b48c7dbd81dc9e329ed90ed5c0726fd74385

SHA256
571740eb0a8c695246ffab8c87ee4298412d84e2d21f99632e6bd620fef2a98f

SHA512
caf1a3444e1efad214dbd87bead63e120d42e617c293acb3ddb6cb21d9903dbf9ead1e3c65e85cd8da3142ae8fae02fb1add6bda9b5dfc47492b1e5556ee3976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee5d9ad37660fc7f1abac4808eb2c674

SHA1
34ca778f54b845dce580c9416bc5c9c05e9c483e

SHA256
66926c15ebdc5414acbeca131646d6dcccb14098cf14e234a0cc4891aa1c7fee

SHA512
02f1e773f0af7eeffcdd4b067835e47831ffd31bbde21803abd85f9f9f1cd4bff3a3b818cb3ffb49409b07e5b5639e331b65c52bd2a89aab7b024cbe83cac83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd4c81534b3e2c8259ccdbc404f82399

SHA1
dcb75c9063cca8fb7ca550fb08ed7b6fbe497e70

SHA256
7ea2fde9ff23a7d5c4b23afecb999d6cab3c55e336f877d7c20a6d4077a49c02

SHA512
74133d5d45ad9c39fd9066f6a7f61af5a2d2baded08a201ee4668cf956e952b20fa3de6ffcf7bbf7bcc4164475d6c04ecbd2badf2b031243ffab2902165ab8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70321cc6883ab1edb06d361cd914d787

SHA1
40c0a3568fc7593ac12a697cee1af0fba60fe802

SHA256
f265b35af22347244df7c71f5aabf4bdb41061c7c7e829bd565df595ca10aa8c

SHA512
571c05fc336b620aa0e2fb507394e15b8062f6b03cbe9e98bf1885adb5d5d1bd7b510c0b087a991e541602d8529b22489830f2480d6b10721e170dc8de645281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
de8820b88df0f9582c2bad603e308b12

SHA1
3bcac55a0791e25f6c410bae06154da034740647

SHA256
bd5de35108c1efe89d1fc61bcc9f9365cfea4a1ce1f85b199ebe6fd9c4ac93d4

SHA512
2050cba18fdad1b00443fc621e343918656b6a6a0c9241fdd6ba0e1c9b1e73743570676afbbf1f5a4d80a437b63b13c393b9b8cbc2e693a99e6e834367fb4798

Download Submit
C:\Users\Admin\AppData\Local\Temp\.ses

Filesize
53B

MD5
e00a302adcbad05b5ca5a4f2248d4fbc

SHA1
68b498e18aa725446a28dab646edba56b190621c

SHA256
e255d0fd54784eb1c7ab65bc3cab83459a0ab1151947b1ef06ebb1efdce169c5

SHA512
120a11f1cb2b270da9fe1f2d91632f6ad93f18e0057d8cb76f94f59d0685ca02c058944361aa86810062cf4281c907b15e0baea00e0a7222d887c23ab27f60fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
8KB

MD5
6f4d0a06c730c8166e549eb2344ca036

SHA1
7c8090bd4ac93a2f4f918184c19c7436a1b0a1d0

SHA256
d9fe35f19a8ef72feaec6bb4e2afff3c8b221f399d18cda358e21f7c4ab1d882

SHA512
0a64d0fdf802d60547ef430aec38963a1f6c3a03ad18c4d3c91778b8ecad72bf3d944bf91c85630333c9f651aad4fe14b2a08bb4089cad699cabeb281c69c6fe

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI.zip:Zone.Identifier

Filesize
660B

MD5
e85cac401fb4d5c6033644b86302ebab

SHA1
29f522fa7364691f894d8465b5d94bcc44a4e990

SHA256
f7e04ff067953b16432b4eebafa8521b55e42c4ea04e5482af1908f8c906fc10

SHA512
c31b61dc8947e572669fa2630da3e338077d5ba1d41745e5ea4e6bfa96c8fc751271ca861ecae4f6a9767ca8519b2f567269fe5de98a23b451238a2d924c90da

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\Confuser.Core.dll

Filesize
190KB

MD5
7b259cff1d0a6daed7f0683a4632406c

SHA1
da5b0ad95eb85d59654f41a960431daddcea2832

SHA256
12193041a68cbbabb4a9ea7a7c14621407739f613516fea5cc19d1bd1257c8ed

SHA512
72e70daacd161d29e2de05a4d39ff8c8860badb5359783e23ec7f68c69d09afbcfb635e57ea1f362e3ae6eaf2e08c5a75c126d6f7160cefa0c0140a9e41a2877

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\Confuser.DynCipher.dll

Filesize
46KB

MD5
a987fcf191af79cdf8df01112f948b58

SHA1
17f84b484e792f1ee9fb26f24009dad88be1ce16

SHA256
946ab6be7f3b39aee1077636b15f898818db3d2dd48271177d647a7aa663e2e2

SHA512
c5515cb33cc9ebcf9601b75d2e4ba3219c51d6d5f8db0a1ab5bd26c259088f673f103de23c0191bef7884fbb9ea7ff4bd697b2076bc2b3c902cf85967974150e

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\Confuser.Protections.dll

Filesize
150KB

MD5
0847ad3a7c96ea9eaf958dee2ad69619

SHA1
5b6daa0884c048831868d56e9f3137ee12499053

SHA256
740829dd568727c5c4c79a2acb7bb65442cea842e1a23b4c493273c7e571f8db

SHA512
ebe99389e5459165d9917a7daf8a9fca765dbd6c265031c4c49b28bbb42ad1ebefc8af0e0a1a2377e9497404b3cf90f100429f14338080efccb948e8049684c7

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\Confuser.Renamer.dll

Filesize
350KB

MD5
cea2d9c9edd62bcb3e75024d4e62fee4

SHA1
4aebd35a3a4f9c5caa5b84a17308b83b2ef4b531

SHA256
9b58a1c9f326a1d30f6abfb43626c23863c575d47b6f227dae937db7f852b1e9

SHA512
8453a2fd1f20477df4e03e1f8abe119fadf975f23fc0ac2bb00c726ee2a060590283746facbf5748a3ce5edd47aa2588056c616ad175af87bab43ff7c711a7fd

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\Confuser.Runtime.dll

Filesize
45KB

MD5
4a55045fa5701d5597d93c93952d085e

SHA1
3189c52f518c76f1eb0ec29ba36eb2439a9e8491

SHA256
49a3ae0ebdbfff2c4ddb872eabdaa37b83ebafb5cebe643147b1c14e0ca621bb

SHA512
f32fe8cdf725f1b2f10ad7d130ef393368189aed194f5dfdba622531349a44f48c8f3cfeaa06a60ee8cfdd1243d4ac22545893bb5403114b90f5bf7216e7fb4c

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\ConfuserEx.exe

Filesize
271KB

MD5
b67f3f646e0f7d87ae10dc0165092729

SHA1
d5299413e96efdf77bfb00cb5134c442f4eca6b0

SHA256
fe50545a6aed7c7552b9339a0990df5df4b5654da334b3b72507651c63b20e03

SHA512
b93e050202837751bf443a412418ba48089aae19c0e02188407f34261a28a551c8e67a85389030e6999f9045c290bdeecc0075b908d3149cda041027418caf0b

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\ConfuserEx.exe.config

Filesize
596B

MD5
6f343bf7889ff8e8c4009e878f71a5e0

SHA1
5bd328fc281746a4d394d878b641e72e5bfdfc7a

SHA256
6f51a805120648dd7d2fc2bc30f44bb2dae04f5ba8fa4f7605b00c7c3c80f73f

SHA512
c22c113fcbc26e27da8b57760cebd122a8a02f32ed402aca41123e47db8d640c6895a0417b3417549fde06b7fe8bd439ee2e0f3a76e959d75f33dea927afee74

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\GalaSoft.MvvmLight.Platform.dll

Filesize
13KB

MD5
5b958b4229538ac23099ce9ed6f37de4

SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041

SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\GalaSoft.MvvmLight.dll

Filesize
29KB

MD5
af04687248da9e95a7ff65ab538d0bcf

SHA1
7511184300e2b6f70bc92333392386a812b2dabf

SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\Ookii.Dialogs.Wpf.dll

Filesize
102KB

MD5
c124d6f1980a92e97518751605c98d4e

SHA1
a39b5e53f150ed608e6cae8265ef03dd5a97979e

SHA256
c5c2b40eb870cf4f46e002a6c40656096cbbf7c062c19bc01ce26e503611553f

SHA512
0cbfa12d84da80bd38a662a8b8eb79c01d5be74775e99cc258ab409c97139e94bd4f68746d29d1838b91b31a66ad234bb9339151a96dc952dee1ab816b54db3a

Download Submit
C:\Users\Admin\Downloads\ConfuserEx-GUI\dnlib.dll

Filesize
1.1MB

MD5
e517eaeabd955f1e0f83ed04a0e6dd86

SHA1
4a376b09ca00c7b934f6b444302773d0420ebd85

SHA256
d04369e2fafabb36fdc31fc63b9a4bfd2bba577a203ee8180f9b084d9b344676

SHA512
3c416235e0bb395b000b75f1358bde869c0ba2ff554b64821f5729f0580349fd8d1ba99ebc80e4b6dffa7b4741b4bb45570781d568fa9f5e3272de5d9108fe6c

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6.7z

Filesize
513KB

MD5
4f4a057db6f3d896ad93eeb69787ebed

SHA1
a510eab8b36802b0b5b3778ff22a23d23fd811cb

SHA256
f7c12669e071b8d78062008002da893806165a926ae9ea5a91dd2e087c91832a

SHA512
d24a00b9980cd992ec4c23fc4c93afe2f69c8813202bc09d6fafa79aa008473f007065253694b23f3dca462ec685b5c9418a692a6c231b83c57c30f190862236

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6.7z:Zone.Identifier

Filesize
672B

MD5
4f6e0da90b9ab391c8a6e60c1c29fcc9

SHA1
981b7be8925aee4d5a84e28032824449c08f45ca

SHA256
ce7fcefe19b484d88a40aea08f76bc635542ae7cf3cb021ea3258b295800d947

SHA512
e605d1f896fb726c6475f8d8a5c20932bd153de7d21f2c476fa0e4ad1f09e61cdda79378000465c9d6c4384f032bd36ded8a4b21ea632c2612d5db79b9c191ec

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\DotNetPatcher.exe

Filesize
463KB

MD5
171b6b1cc6cdb075608f75b274d89ab3

SHA1
5fe89aacae54ec47cf127b068c0c509e225c0786

SHA256
27a1194e4fc4cd96452eca985a37f44439610e61bfbbfc99803ad7b985629872

SHA512
edead30f33929339f24900d6430a9eedc38a976e9dec7c27cd8c4403774e20ab8105e92026ddb4ac859aa0eccb29d9056b335500cd30551a920f78940eeced0b

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\Helper.dll

Filesize
271KB

MD5
402b6fac0d8e29cd44b44c685bdfd507

SHA1
0a9c9bf07b95319b501dc9b752f1f9388d4400ae

SHA256
2083a7c8cd733a665c5790348b75d09c575413659cec12fa820fdfe361931788

SHA512
d83cb4deda0307ff5b211e9f88ef10cbfac66ab4391f93252b51f7cb8d3b09700fcf4f12626c669707e841e57cc20ab41308676fae8f4c4a8481b8441a770c74

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\Implementer.dll

Filesize
842KB

MD5
9b436390c6a258ce0a7f1b16536f2515

SHA1
d63f9b540ab4808c5f6af321c7bdcf8dc6fd808b

SHA256
98e823dcf1a32432634efde9dd3372b3938dfd8f7dd9bfcd572bd2a9e8416588

SHA512
b966543d4a1d84a2662e011cb8c4b68279982d0a4ea5b4a03e3cd1863963ac3c893cf0d23ed7f09d1509a795d8ba10c76c5bac67a4089bcf2b96f283bfc266ed

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\Injections.dll

Filesize
53KB

MD5
acad1243205503eb4368b9e37bb390be

SHA1
afc76cb411976f5249a2cb2d0fc5987a16752605

SHA256
9b844051d3c0d582dcbb38e8b30ef77ae0a323ac9862afda95c25d06bf9af08a

SHA512
0d1bb62a0a8d7ebad2e31c7d51c0cd35d22cbfa02bd7fea27ef12eac0a87d5aef0b50f0e8e2c37a6d5d6643b8484fb4b778b862ecdb22cf243fc8c4a538be763

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Confused\LoginTheme.dll

Filesize
169KB

MD5
59fe730799480b6cd38ab822499240dd

SHA1
2af96bdaa6896150f64ce1e9f480d6582123b549

SHA256
1a534e4aac15247981116eaca9f30722f407dc7b2bfad1db879f4cb66f7e2921

SHA512
b0df519fc867a1dd998c1a2cbebdd71eb3b1f8a1a87239ffebaaba2db29799dce0b3a43c46a047a68f4d8cbe18c9c9cdfa46413771b44ab4ea9d6e24939e40df

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\DotNetPatcher.exe

Filesize
499KB

MD5
a4c26f2c2b4c04d4d8ad1cef64704939

SHA1
03c6d3a510ad90a39def29b28750a9b2e2d61f31

SHA256
9cfb8ebc4ea1d8b1250d3d7f555251a3513207bfbf4aa59335dafed311fbf8fe

SHA512
ea7098a5588f13b60adda5421902ee76612113092244f0ba384a7719eeb816c5b4f147e70b5b9ca407eba82f089f147fbca2b3de7e456a14b1deb174664e65e7

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Helper.dll

Filesize
77KB

MD5
646ff53be622738ddecf5c0a4ea020a3

SHA1
2db2e08b5d76f9b6a945f4b48022656c1cb53e59

SHA256
9361d48f31e1f2562c9232b9cb518724fd69f0aebedf75fc63b37af49dc99311

SHA512
7a033386c27827c3f5e65e55cddcea86f7a6f969b55e611ddb7cc21640003165cb4bb4a5c89df16087d5fbf825b6425f2961f9657c769cbcd87ac72cbeda7e67

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Implementer.dll

Filesize
698KB

MD5
d51b13b97ab8cf8d3455a988d717b9c5

SHA1
ce0170b9e6e051a05092519f9447e7a5912f00da

SHA256
9946dd96701ff0779282cbcd670f4e4ad98f9b4db41af2f8e5510fddf6bb8fb8

SHA512
b957cd31716e333e2b3684e5ce9160543992e64a2d72875b9077e11ce7f3c35ae75bafee1e667a8605a47568313646312657807216d04a92e854b1e8b2ea0743

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Injections.dll

Filesize
6KB

MD5
aa21dd7399a08f6cc94325e537a2c3a0

SHA1
99e26581f4d06eab0791716bcee02c3ff546ac2a

SHA256
f853f776bb28fdc2dc01b12fbb64b96ea082bdab515588aa9b0d7ff3db02cdc5

SHA512
5dc6a305934bf2f7a4386e9959bcdbc99796ee3cf46526740674d14da5647006152e09f2959c132535f7a7c1e143d01d0b6e0f3af9be0520eb63179b568fa8a0

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\LoginTheme.dll

Filesize
41KB

MD5
0b20d7f48cb721417ea7adc9960603b8

SHA1
9000828b1040c26d057a7a13fc939726753ff169

SHA256
95682e3b468901bcde4c3b4632016c79a588293e297ec5b1f292c32ca418971d

SHA512
b860485a622d74d18375d3cd49931bca7c06698a6e74a9187acd1478356fb2d8608a0f520a8017a769f9dd8d407cfb09a291c1290b066f56fad831823f60321d

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Mono.Cecil.Rocks.dll

Filesize
14KB

MD5
71fcbcbba7113d4b6afec488ad680b27

SHA1
2cf4965f9f4bae8e34ce9ab9b1411c8917dc2109

SHA256
4c4bc87c8134a0e9aaa17e47729a7d63a101d3ff84c77827fc77af6d46b77a4b

SHA512
e7286acbf9ff60ed530019af0b71bca82cb9c2af6450be267e52ac5b749c9047276c0b1f242de7dce0599ca9c96a8d4fddc970484d392c868470cf00db42e239

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Mono.Cecil.dll

Filesize
266KB

MD5
5e4ca2efff7037f2378c9db750ff1244

SHA1
121ac4362fe7d0dec677c1d0848bd67db1dc84cb

SHA256
840971855fcc5098ad12cca7f988b42524e2f823ef4ed5aae8a20704ee3e8504

SHA512
cf94228e73b47ecc1b18bc62e17e10f98e7c350e717420e086bb1c7ceb3a1d02a2e68e72789f95fe5e6f6d895120e8dd9dab802a748f97bd00dace62a7bb205d

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\SevenzipLib.dll

Filesize
30KB

MD5
463ec87fcf823f4d0bb3dda5d8be3e92

SHA1
634f5326a1c9933abc70984be2b4af6f5fff5d0b

SHA256
2d6ef5eb8546e657d058fd0255518d5821588856ffad33260ee6bf2fc890d733

SHA512
592471a1ad7ffa8eefa567941a05ca7e513f560702b77ae41902a902f1d82506e316384c85e83dea45fc120c72127ec5aa241b846ca06b4a8d1c968b9c1a4219

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\Vestris.ResourceLib.dll

Filesize
74KB

MD5
8bf7d3475b0a9c71b61e23a0346a61a8

SHA1
fe1bb57b9e2a8c2b31aa475fd0ad511ae611e12b

SHA256
0cb103d80814e09383255f12fc323a7f805fa5103dd83389c8fb4ee7fb1bf4c7

SHA512
a0a766dcf8585b9e3ae28d80215277cce291c57014dafd71efc40ab1b2ed455b654f63049860dd066644d0f8c36f98f89ded442c87f110d01634d89fe024768e

Download Submit
C:\Users\Admin\Downloads\DotNetPatcher4.6.6\dnlib.dll

Filesize
61KB

MD5
c1998048057c9620cf4ea24d56ef1899

SHA1
31bb74f83ab7ae6ca7de3020e078a5744589620e

SHA256
1f1ca64b9be0cf358c14c8be69a77b74d7f17ae462e324dc8a4e778dd96f802d

SHA512
b8856c7ed20054064120257784497ff616ef15df769238ab30abec4be0833638a96b43728d73e289088c242158328e461d3f29ada6f08caaf32bffaf723d16d8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 519190.crdownload

Filesize
2.0MB

MD5
8f92059ba02f5eb20a4cdfd77d44c05c

SHA1
4a3edb9d2f8041288aecb60b7ce807159fb2d68f

SHA256
308a207cbc563ac2aaf1ad8d65320fafca48471833bbc65d37d61807419884fc

SHA512
9e10a0f6214e3976ec2bcfd2e6d729ac7b268abaa6953814d0f09f12453e3a6ea81453cd912f3b3f6dad8d0d361faaa2ce13c2522dab83935c35a1ea121532ea

Download Submit
memory/1200-985-0x000002D1A3C90000-0x000002D1A3C9E000-memory.dmp

Filesize
56KB

Download
memory/1200-982-0x000002D1A3C70000-0x000002D1A3C78000-memory.dmp

Filesize
32KB

Download
memory/1200-971-0x000002D1A0F00000-0x000002D1A1022000-memory.dmp

Filesize
1.1MB

Download
memory/1200-973-0x000002D1A0B50000-0x000002D1A0B62000-memory.dmp

Filesize
72KB

Download
memory/1200-967-0x000002D1A0A00000-0x000002D1A0A36000-memory.dmp

Filesize
216KB

Download
memory/1200-965-0x000002D1A0C10000-0x000002D1A0CCA000-memory.dmp

Filesize
744KB

Download
memory/1200-975-0x000002D1A0BB0000-0x000002D1A0C0E000-memory.dmp

Filesize
376KB

Download
memory/1200-976-0x000002D1A3C30000-0x000002D1A3C38000-memory.dmp

Filesize
32KB

Download
memory/1200-964-0x000002D186350000-0x000002D186398000-memory.dmp

Filesize
288KB

Download
memory/1200-978-0x000002D1A3C40000-0x000002D1A3C4A000-memory.dmp

Filesize
40KB

Download
memory/1200-1024-0x000002D1A82F0000-0x000002D1A82F8000-memory.dmp

Filesize
32KB

Download
memory/1200-981-0x000002D1A3C60000-0x000002D1A3C6A000-memory.dmp

Filesize
40KB

Download
memory/1200-980-0x000002D1A3C50000-0x000002D1A3C5E000-memory.dmp

Filesize
56KB

Download
memory/1200-1023-0x000002D1A7C50000-0x000002D1A7C76000-memory.dmp

Filesize
152KB

Download
memory/1200-983-0x000002D1A3C80000-0x000002D1A3C88000-memory.dmp

Filesize
32KB

Download
memory/1200-1022-0x000002D1A4070000-0x000002D1A4078000-memory.dmp

Filesize
32KB

Download
memory/1200-984-0x000002D1A3CD0000-0x000002D1A3D08000-memory.dmp

Filesize
224KB

Download
memory/1200-1021-0x000002D1A3FF0000-0x000002D1A3FF8000-memory.dmp

Filesize
32KB

Download
memory/1200-987-0x000002D1A3F10000-0x000002D1A3F30000-memory.dmp

Filesize
128KB

Download
memory/1200-969-0x000002D1A09C0000-0x000002D1A09EC000-memory.dmp

Filesize
176KB

Download
memory/1200-1020-0x000002D1A7E40000-0x000002D1A7EC2000-memory.dmp

Filesize
520KB

Download
memory/4728-1043-0x000000001BA50000-0x000000001BA84000-memory.dmp

Filesize
208KB

Download
memory/4728-1045-0x000000001BE70000-0x000000001BF4C000-memory.dmp

Filesize
880KB

Download
memory/4728-1046-0x000000001BD90000-0x000000001BE10000-memory.dmp

Filesize
512KB

Download
memory/4728-1040-0x00000000009D0000-0x0000000000A4C000-memory.dmp

Filesize
496KB

Download
memory/4728-1047-0x0000000002CA0000-0x0000000002CA6000-memory.dmp

Filesize
24KB

Download
memory/4728-1041-0x0000000002C50000-0x0000000002CA2000-memory.dmp

Filesize
328KB

Download
memory/4816-269-0x000000001DF60000-0x000000001DF7A000-memory.dmp

Filesize
104KB

Download
memory/4816-255-0x000000001D780000-0x000000001D79A000-memory.dmp

Filesize
104KB

Download
memory/4816-260-0x0000000020910000-0x0000000020992000-memory.dmp

Filesize
520KB

Download
memory/4816-265-0x0000000020B70000-0x0000000020BB8000-memory.dmp

Filesize
288KB

Download
memory/4816-253-0x000000001D750000-0x000000001D766000-memory.dmp

Filesize
88KB

Download
memory/4816-267-0x000000001D740000-0x000000001D74A000-memory.dmp

Filesize
40KB

Download
memory/4816-203-0x000000001B0B0000-0x000000001B166000-memory.dmp

Filesize
728KB

Download
memory/4816-307-0x00000000008A0000-0x00000000008A8000-memory.dmp

Filesize
32KB

Download
memory/4816-309-0x00000000008A0000-0x00000000008AE000-memory.dmp

Filesize
56KB

Download
memory/4816-441-0x000000001C160000-0x000000001C1E2000-memory.dmp

Filesize
520KB

Download
memory/4816-201-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/4816-199-0x0000000000020000-0x00000000000A2000-memory.dmp

Filesize
520KB

Download