hxxps://download[.]visualstudio[.]microsoft[.]com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8[.]0[.]302-win-x64[.]exe

Analysis

max time kernel
1019s
max time network
929s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/10/2024, 03:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
4964	npp.8.6.7.Installer.x64.exe
5440	notepad++.exe
5548	gup.exe
5588	notepad++.exe
5336	dotnet-sdk-8.0.302-win-x64.exe
5364	dotnet-sdk-8.0.302-win-x64.exe
5860	dotnet-sdk-8.0.302-win-x64.exe
1572	dotnet.exe
5000	npp.8.6.7.Installer.x64.exe
2732	notepad++.exe
5596	notepad++.exe

Loads dropped DLL 64 IoCs

pid	Process
4964	npp.8.6.7.Installer.x64.exe
4964	npp.8.6.7.Installer.x64.exe
4964	npp.8.6.7.Installer.x64.exe
4964	npp.8.6.7.Installer.x64.exe
4964	npp.8.6.7.Installer.x64.exe
4964	npp.8.6.7.Installer.x64.exe
1196	regsvr32.exe
3400	regsvr32.exe
5548	gup.exe
5440	notepad++.exe
5440	notepad++.exe
5440	notepad++.exe
5440	notepad++.exe
5440	notepad++.exe
5440	notepad++.exe
5364	dotnet-sdk-8.0.302-win-x64.exe
6056	MsiExec.exe
6056	MsiExec.exe
4516	MsiExec.exe
4516	MsiExec.exe
5224	MsiExec.exe
5224	MsiExec.exe
5224	MsiExec.exe
5224	MsiExec.exe
5840	MsiExec.exe
5840	MsiExec.exe
3728	MsiExec.exe
3728	MsiExec.exe
5004	MsiExec.exe
5004	MsiExec.exe
5352	MsiExec.exe
5352	MsiExec.exe
2668	MsiExec.exe
3868	MsiExec.exe
3868	MsiExec.exe
1500	MsiExec.exe
1500	MsiExec.exe
1696	MsiExec.exe
3928	MsiExec.exe
972	MsiExec.exe
5240	MsiExec.exe
5564	MsiExec.exe
3000	MsiExec.exe
2080	MsiExec.exe
4564	MsiExec.exe
1000	MsiExec.exe
232	MsiExec.exe
2768	MsiExec.exe
2168	MsiExec.exe
3928	MsiExec.exe
5236	MsiExec.exe
5932	MsiExec.exe
2972	MsiExec.exe
5852	MsiExec.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe
1572	dotnet.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{edc38f90-e61a-4ce9-b8c2-759325351312} = "\"C:\\ProgramData\\Package Cache\\{edc38f90-e61a-4ce9-b8c2-759325351312}\\dotnet-sdk-8.0.302-win-x64.exe\" /burn.runonce"	dotnet-sdk-8.0.302-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Drawing.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Components.Forms.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net8.0\es\Microsoft.NET.Build.Tasks.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\FSharp\tr\FSharp.DependencyManager.Nuget.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Diagnostics.Tracing.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Security.Cryptography.ProtectedData.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Extensions\zh-Hant\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\Notepad++\functionList\python.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\ko\Microsoft.NET.Build.Containers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft.DotNet.Cli.Utils.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Reflection.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\de\Microsoft.Build.Utilities.Core.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\ja\Microsoft.NET.Sdk.Publish.Tasks.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\cs\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\de\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\testhost.net48.exe	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\pt-BR\NuGet.Resolver.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelsecurity_5_none_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Text.Encodings.Web.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\Microsoft.NET.Build.Containers.dll.config	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\fr\Microsoft.TemplateEngine.Orchestrator.RunnableProjects.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\ja\Microsoft.CodeAnalysis.CSharp.Features.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\es\NuGet.LibraryModel.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\fr\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\ref\net8.0\System.Drawing.Common.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\ru\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_9_none_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\targets\PublishProfiles\DefaultZipDeploy.pubxml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.AspNetCore.SignalR.Common.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.ComponentModel.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\PresentationUI.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-netcore\System.IO.Pipelines.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\ja\Microsoft.VisualStudio.TestPlatform.Common.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Globalization.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.IO.Compression.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-netcore\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.deps.json	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.CSharp.props	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_9_all.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Resources.Writer.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.ComponentModel.Composition.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.SourceLink.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\tr\dotnet-watch.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Diagnostics.Debug.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\pt-BR\Microsoft.TemplateEngine.Orchestrator.RunnableProjects.resources.dll	msiexec.exe
File created	C:\Program Files\Notepad++\autoCompletion\tex.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\DotNetWatch.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\fr\NuGet.VisualStudio.Contracts.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\de\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\System.CommandLine.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\ko\Microsoft.CodeAnalysis.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Reflection.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Runtime.Intrinsics.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Extensions\ko\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\it\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\NuGet.LibraryModel.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Roslyn\bincore\it\Microsoft.CodeAnalysis.CSharp.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\cs\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Threading.Overlapped.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\analyzers\dotnet\cs\fr\Microsoft.Interop.SourceGeneration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\Microsoft.Extensions.Primitives.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\cs\Microsoft.TestPlatform.CoreUtilities.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\hotreload\Microsoft.Extensions.DotNetDeltaApplier.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Threading.Overlapped.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Current\Microsoft.Common.targets\ImportAfter\Microsoft.TestPlatform.ImportAfter.targets	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DF9E48827CAFF0DF8D.TMP	msiexec.exe
File created	C:\Windows\Installer\e591c1f.msi	msiexec.exe
File created	C:\Windows\Installer\e591c78.msi	msiexec.exe
File created	C:\Windows\Installer\e591c8c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA73.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF50B43C735645A371.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3D11B541F0B5E052.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFFAC177D893A95461.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3DFC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI626C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e591c56.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFCA3C4F025C2ED692.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI438E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e591c38.msi	msiexec.exe
File created	C:\Windows\Installer\e591c3c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF155EE4F059AF4EAF.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6699.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7BC6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e591c83.msi	msiexec.exe
File created	C:\Windows\Installer\e591c92.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2880.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3EF7.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD9CA40A8D74946D8.TMP	msiexec.exe
File created	C:\Windows\Installer\e591c6e.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA4B39D7A20023491.TMP	msiexec.exe
File created	C:\Windows\Installer\e591c73.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2832CA13-6850-440C-9839-16B2D01909F7}	msiexec.exe
File created	C:\Windows\Installer\e591c0e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3973.tmp	msiexec.exe
File created	C:\Windows\Installer\e591c33.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF36C0AA27A53F615E.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD3B83186655BE478.TMP	msiexec.exe
File created	C:\Windows\Installer\e591c50.msi	msiexec.exe
File created	C:\Windows\Installer\e591c69.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2B35.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\CacheSize.txt	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2C22.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e591c33.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6414.tmp	msiexec.exe
File created	C:\Windows\Installer\e591c74.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3D8A57C219B94404.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF686727A251340B50.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7D4FADFBC69BE08D.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9139.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI410B.tmp	msiexec.exe
File created	C:\Windows\Installer\e591c32.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4525.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD6F3754520049AF6.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2D2F485F3637AB17.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF49DC39B40D3ACE80.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFBF5E6ED0E41DD703.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6473.tmp	msiexec.exe
File created	C:\Windows\Installer\e591c51.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6707.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7066.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7ABB.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3B969566AEB3B327.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4293.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFFFEB360EC70800B3.TMP	msiexec.exe
File created	C:\Windows\Installer\e591c0a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI291E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe	msiexec.exe
File opened for modification	C:\Windows\Installer\e591c2e.msi	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openssl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openssl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	npp.8.6.7.Installer.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aapt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ApkToolkit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 57 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.6-servicing.24269.9	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D881F2EC0135A4B72CA89D27FD72F577\BF1DDEAE67888DF4896AA34F93884741	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.6-servicing.24269.9\DisplayName = "Microsoft ASP.NET Core 8.0.6 Targeting Pack (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\PackageCode = "0953E64A31336AC468576E085A4C0D79"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\Version = "1075329861"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\AuthorizedLUAApp = "0"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BF1DDEAE67888DF4896AA34F93884741	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64\ = "{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\SourceList	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0\NodeSlot = "7"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	UABEAvalonia.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64	dotnet-sdk-8.0.302-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B78A30BB69F4FE44FACAF3D2F9C9DEAE\PackageCode = "E9472E8A655D5AD43824D739B41AD123"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8E99F865D2F97D840AD56DC415B2A3DF	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\NeverDefault	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3F085679017B67C4D821BE9150383307	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBECEB62ED1345840B91B98BBEBFDB1F\F_RegistryKeys	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\AdvertiseFlags = "388"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27418C6A24027FE498953A9429677C84\PackageCode = "369480F6399C02447B0ACDABAB553A9D"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.6-servicing.24269.9\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{2832CA13-6850-440C-9839-16B2D01909F7}v32.8.36482\\"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ = "C:\\Program Files\\Notepad++\\contextMenu\\NppShell.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF1DDEAE67888DF4896AA34F93884741\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B78A30BB69F4FE44FACAF3D2F9C9DEAE\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\31AC23820586C0448993612B0D91907F\MainFeature	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	UABEAvalonia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D45436A831E8410428F1FD1A80E21C38\Provider	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_64.24.15241_x64	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\970223D1904F868349E4DA601A87601A\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB7C1BA431E2BD53D8863FA976A0F557\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64_arm64\ = "{854B6E23-DB23-4469-94B2-24BC3BDCA96E}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,8.0.100,34.0.43,x64\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AD4B97EC44D3D394E8CDC9AA4DC6D7FE\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AD4B97EC44D3D394E8CDC9AA4DC6D7FE\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	UABEAvalonia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\970223D1904F868349E4DA601A87601A\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{1D322079-F409-3868-944E-AD06A17806A1}v8.0.6.24269\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36FA49A2314054B34BAB6DD1F6BCB0B5\630BEA3FA8B452C44B2D5890449E904C	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D4DD5FE094CE7EA4C8A96FF48F3BAE85\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\DisplayName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AD4B97EC44D3D394E8CDC9AA4DC6D7FE\Version = "1075329887"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B78A30BB69F4FE44FACAF3D2F9C9DEAE\F_PackageContents	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\PackageCode = "F8169BBEFE6AC4D42A5C0AE3DB66EDD9"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\970223D1904F868349E4DA601A87601A\FT_ProductInfo	msiexec.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\qq.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 438339.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 426326.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5100	explorer.exe
5816	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
3120	msedge.exe
3120	msedge.exe
4088	msedge.exe
4088	msedge.exe
2096	identity_helper.exe
2096	identity_helper.exe
3136	msedge.exe
3136	msedge.exe
1252	msedge.exe
1252	msedge.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe
6052	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4748	ApkToolkit.exe
5816	explorer.exe
5412	UABEAvalonia.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	6052	msiexec.exe
Token: SeCreateTokenPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLockMemoryPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeMachineAccountPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTcbPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTakeOwnershipPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLoadDriverPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemProfilePrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemtimePrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeProfSingleProcessPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncBasePriorityPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePagefilePrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePermanentPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeBackupPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeShutdownPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeDebugPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAuditPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemEnvironmentPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeChangeNotifyPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRemoteShutdownPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeUndockPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSyncAgentPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeEnableDelegationPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeManageVolumePrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeImpersonatePrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreateGlobalPrivilege	5860	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe
Token: SeRestorePrivilege	6052	msiexec.exe
Token: SeTakeOwnershipPrivilege	6052	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
5816	explorer.exe
5816	explorer.exe
5816	explorer.exe
5816	explorer.exe
5816	explorer.exe
5816	explorer.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
4964	npp.8.6.7.Installer.x64.exe
5548	gup.exe
5440	notepad++.exe
5588	notepad++.exe
5440	notepad++.exe
5440	notepad++.exe
5000	npp.8.6.7.Installer.x64.exe
2732	notepad++.exe
2732	notepad++.exe
5596	notepad++.exe
4748	ApkToolkit.exe
5856	OpenWith.exe
5100	explorer.exe
5100	explorer.exe
5816	explorer.exe
5816	explorer.exe
5412	UABEAvalonia.exe
5412	UABEAvalonia.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 888	3120	msedge.exe	78
PID 3120 wrote to memory of 888	3120	msedge.exe	78
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 5084	3120	msedge.exe	79
PID 3120 wrote to memory of 1420	3120	msedge.exe	80
PID 3120 wrote to memory of 1420	3120	msedge.exe	80
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81
PID 3120 wrote to memory of 1780	3120	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff16243cb8,0x7fff16243cc8,0x7fff16243cd8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe
  "C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4964
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1196
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3400
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
    3⤵
    PID:5368
- - C:\Program Files\Notepad++\notepad++.exe
    "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe
  "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
  2⤵
  - Executes dropped EXE
  PID:5336
- - C:\Windows\Temp\{370B9E02-E979-4C64-9564-9DBDEE86014F}\.cr\dotnet-sdk-8.0.302-win-x64.exe
    "C:\Windows\Temp\{370B9E02-E979-4C64-9564-9DBDEE86014F}\.cr\dotnet-sdk-8.0.302-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe" -burn.filehandle.attached=604 -burn.filehandle.self=760
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5364
  - - C:\Windows\Temp\{56EA83E4-4ACB-4293-A287-77EE9634846F}\.be\dotnet-sdk-8.0.302-win-x64.exe
      "C:\Windows\Temp\{56EA83E4-4ACB-4293-A287-77EE9634846F}\.be\dotnet-sdk-8.0.302-win-x64.exe" -q -burn.elevated BurnPipe.{7AD75B73-F15D-4212-A4E5-454ABD82CC9A} {79E6FBAB-7D6E-497C-B75B-312CA8887390} 5364
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,3078959822009561221,12153139614211216929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:236

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5400
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5440
- - C:\Program Files\Notepad++\updater\gup.exe
    "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:5548

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6052
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 27ED7E590A424E54146D681F411BB116
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6056
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 648A4FB9C13BB9717A346F8F4D97AF32
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4516
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A0FD31E2F165E13A004E9F41A35DDD5D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5224
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9F3934403991EC8855F026DDDA69EC02
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5840
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8EDB71099EC36A1A56EB3973536D0D5B
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3728
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BC2E0E5353A350A810B8D216B042B99C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5004
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E4D5BDC74AD8F76D72637A6BDDCAF8D7
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5352
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9370A6EAB2F5F3AE5725D4529BF1DFE0
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2668
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8553837AA4EC49B038F1C4B76B213026
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3868
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D84E579C1BFBAEE9CD84F3AE00BB8B1A
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1500
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B8102E6DAEE88D4B8E06F5AB17081F31
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1696
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 79482ED704D434FD56AEDE16879DB242
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3928
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8F4F22545DA3EB01E25EEB482A2A6AB8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:972
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F3DE3E54F32253D311B88E1557C85663
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5240
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A1ECAAB6695F3ED84D175733F1C0CCE4
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5564
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 826C151D9BDA9F63968C42C34F783DFB
  2⤵
  - Loads dropped DLL
  PID:3000
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 581F093D2AA4EC32730331FA8A18354C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 63711B8289B7FB667ABB7DD7E6D8793E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4564
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CA8555D53AE55A13946C80D43E428368
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1000
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2249EB12A49D9281B8CCC5812EB53BE6
  2⤵
  - Loads dropped DLL
  PID:232
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2A7F0488406B691AB8E20B61730D8BE8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2768
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A76605F42464B7BE95C6E0650A35259C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2168
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ACA71D0EB0BDC51ADE581311C3E0C8C1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3928
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3222952185E417F4648AC99D3EA045F8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5236
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6CF6B322D384F29FBFA7E0EF829E9012
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5932
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DA42A90FDE5F8E15C67327F20A9CC721
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2972
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4D4DAF7324C7330AAD2DD303A2578D9F E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5852
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.302\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1572
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:1196
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:3672
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:3692
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:2080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 280B2E3DE5EB698C6A918EE07901BD24
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4268

C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe
"C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
  2⤵
  - System Location Discovery: System Language Discovery
  PID:676
- - C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
    3⤵
    PID:3492
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2044
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
    3⤵
    - Modifies registry class
    PID:2804
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  PID:1908
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5596

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:892

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 NotepadPlusPlus_7njy0v32s6xk6
1⤵
PID:6036

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4404
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2732

C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe
"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4748
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -version
  2⤵
  PID:5912
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -version
    3⤵
    PID:4804
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6128
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5220
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5448
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
    3⤵
    PID:2832
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2412
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
    3⤵
    PID:3836
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
  2⤵
  - System Location Discovery: System Language Discovery
  PID:712
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
    3⤵
    PID:2724
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
  2⤵
  PID:608
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
    3⤵
    PID:4696
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5544
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"
    3⤵
    PID:2660
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version"
  2⤵
  PID:4352
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2844
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5916
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2644
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2404
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version
    3⤵
    PID:6016
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1228
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4984
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3816
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2168
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\qq.apk""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5348
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\qq.apk"
    3⤵
    PID:4752
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\armeabi-v7a""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2004
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\armeabi-v7a"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6040
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\arm64-v8a""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1932
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\arm64-v8a"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3016
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\armeabi-v7a\libil2cpp.so""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2760
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\armeabi-v7a\libil2cpp.so"
    3⤵
    PID:5312
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\arm64-v8a\libil2cpp.so""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6032
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "lib\arm64-v8a\libil2cpp.so"
    3⤵
    PID:5988
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1648
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5760
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "META-INF\*.sf""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3548
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\qq.apk" "META-INF\*.sf"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4884
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\qq.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\qq.apk" -aoa"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6088
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\qq.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\qq.apk" -aoa
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2264
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\qq.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\qq.apk" -aoa"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4404
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\qq.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\qq.apk" -aoa
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4388
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\qq.apk""
  2⤵
  PID:6072
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\qq.apk"
    3⤵
    PID:3164
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\qq.apk" "C:\Users\Admin\Downloads\qq.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4792
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\qq.apk" "C:\Users\Admin\Downloads\qq.apk"
    3⤵
    PID:3096
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\qq.apk"
  2⤵
  PID:5104
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\qq.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1056

C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe
"C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5856

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5816

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PhotonVRManager-level0-819.txt
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e591c0d.rbs

Filesize
47KB

MD5
188c95cc5562aa2cb2af5c1af45e92b1

SHA1
98d5373f8485322375d37aa000ac428ad379a29c

SHA256
9975b6f356ccf670aab1202c7934183c4320a14980f2dc18fa65d1f2c0f4697d

SHA512
e963c181c9db96ea69a77c780d21aa719622fce28184f7b93f43790f473da545aa65db545b8c5ff567435ea838c8055a1ee85ab5f0af76231c39e8afce86ce66

Download Submit
C:\Config.Msi\e591c12.rbs

Filesize
9KB

MD5
647c2b69a6539404aaa338dbddb401fa

SHA1
fb49829d96903cc800e1be37e17eca695f5b89f9

SHA256
5ad31a95238498aebdd5da0c7776b6622494ed3ca3d9ad5e90b6770d716a3a43

SHA512
6ef8c6252a4c67812a0c9fa32f45203431594e9c66feb5c7750acf3a4a8d3dc4bb1d7308bd0e0d6bd179a2c616c7b40a33f3c28f8641c9f11a5719f5a2d4524b

Download Submit
C:\Config.Msi\e591c17.rbs

Filesize
11KB

MD5
29ccdc461a7180522898ba869b985f3a

SHA1
c329dbc2a0433d05166ec432496b840a80aede1d

SHA256
908a6b4206721bce78bb7aa9c612efac3c0c4c1be1dceea1f87b6392cfe4c1d3

SHA512
fd7f120455558e73679f835c39f56ac4f5181894854389f3202a6bd6daad019cbcdff143e97e8aabfe02918ff34b61e6e50aa1d3381397c0f10169965b1959b5

Download Submit
C:\Config.Msi\e591c1c.rbs

Filesize
8KB

MD5
836f3b90bb497f74d2458c71b504a62c

SHA1
adbd5be1f0e03a6dc5a45be2428c0025698a40a7

SHA256
554ad3de2817f4049d9c441b800e94fa26018b7dd7dfeb9842a91ba34c161d85

SHA512
6098197ddd032eec16179e891bf1fd243a59217a17c1daa0457b67f81c70114bf0a3e1b56cb6ec48e7a94e20dc2a4a424676bea7aa9d894c1ee35ae582bb9266

Download Submit
C:\Config.Msi\e591c1d.rbf

Filesize
143KB

MD5
33b4c87f18b4c49114d7a8980241657a

SHA1
254c67b915e45ad8584434a4af5e06ca730baa3b

SHA256
587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

SHA512
42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

Download Submit
C:\Config.Msi\e591c1e.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Config.Msi\e591c22.rbs

Filesize
93KB

MD5
75e9f0fedaac472c0aee3e8b7c9bfd14

SHA1
4a6bd4870dd8d2743540d1642484fab0eed7d45f

SHA256
95a5dd9397884794234edb178d0c8508907097217a839951780f903662ed546e

SHA512
3ae3b4225593cd97a8e9018746006899df2c724c0f169cacd301263206d1b369bfc765446462428dbb5515f9b74a5280da944dbe6e6b12907839db112bdd894d

Download Submit
C:\Config.Msi\e591c27.rbs

Filesize
11KB

MD5
1770a6efc0aed422a9695c53a6774e8f

SHA1
55d670bfdf96ed66e36c7c45faa4d584ae7f22e7

SHA256
b96642f8ef4494a6220318350be90c9ac8646a19bb30af856cd988c2b6ce1f76

SHA512
e738c93e98407ba1a98b16b6188d488d3024f630e2997fb30a246e56c198bc05b46405ae443d2dd51f4b020f3c8cfc44a654b3381696ea1e8c298f1894db5e36

Download Submit
C:\Config.Msi\e591c2c.rbs

Filesize
11KB

MD5
b38718796fa806651d4960cb19942b95

SHA1
bf2647e1ef66449d8b7ee351f812b26392095765

SHA256
b4293d842aafdbe12e9e9433ce06061a23a5cd5ff4497bb0c2fdb54f6af64612

SHA512
7e6ef0d92c26bd3daf55fe89cd1b4e49f9ea825dc267c5fdf7f6aaade6cf883f3e69aab512ec88389c94f64d0393f9c0cc7f657d9ffe9eb213e796af98632745

Download Submit
C:\Config.Msi\e591c31.rbs

Filesize
11KB

MD5
a2447fa224c7f15003f571c52ecda27a

SHA1
b9a379a7785b3446eefbad00e1b030569e35a072

SHA256
2d52069e1a77f43233f68b0e714100498a8ec0e04ecc3c60cdcc28619e591822

SHA512
f47b162549cb6d2dcbcdc670d4e2be5eddd7eaad6aeb65516147bfdc28d62304e29796049fa5a61bc0b2a77978b6f1d8bf341fd2bb357e81b6f740f06ee3ad33

Download Submit
C:\Config.Msi\e591c36.rbs

Filesize
35KB

MD5
0cb6a259462d0fef74bbbd09bf9cdefb

SHA1
4685c946c5f58588911786d2df922aa5b98be430

SHA256
7a7e576a622a98c274937cc253dd20814d98f1023435c3b80bced8a02bba0e8a

SHA512
1a5a68403664d7d110f87050d3ab29c1b74de2cd3ebc56969fd183322f861de81daaa30588c73b4e0d941a1722e751bcdeb9ec0f8386578d676cecb566d6359f

Download Submit
C:\Config.Msi\e591c3b.rbs

Filesize
87KB

MD5
73617ad48e8c42056116232c634b3d61

SHA1
a8942a0b02de6d6ea624b589c18cca0dfd374f2e

SHA256
add05d5b19d2443734a541fa453f1231087778e0fcf886a0affc8dbeba7d3b1e

SHA512
8059a4f34dfb0ff8e0bd89e05e5fa27e721904053d2bf9443c8cfaf332a734b2f173081d00a4a3a182040ae7c85301b942b50655f0889c9ee84d17c0941a0836

Download Submit
C:\Config.Msi\e591c40.rbs

Filesize
40KB

MD5
f90fe7e02a67d70bd26b050645e7b4ba

SHA1
d1170d36eeb5ea5aaac8978b13530f7b53009869

SHA256
3cb3c7f222d009e338494029b49433dde61d05fdac0275da867ce586435e53fd

SHA512
b986fd18333bf6ca4ffb22cbcc2560d087adaf7bfea375d4473fc2c6f897474dde5fbe60843562b16f0b39bb348526bc2a96b5f0ab7b16b4625373d9dbead02b

Download Submit
C:\Config.Msi\e591c45.rbs

Filesize
92KB

MD5
f643c2b3047fc320e5f8704aa9822a7c

SHA1
5153c70bf8a03fc12e137a12c7c523b13da84781

SHA256
839c35322272d32868b222af60a7e1e457c7ef70eee4b15a5b20f74b33a6818b

SHA512
0b83e309155ba7fcf8aacffd640c2e20f008e0e12d413f77e5bcb56ec26253d786ba1c47198d5751e494826c55b54c9763e60cf11bd1e7a746ffca183660a1d6

Download Submit
C:\Config.Msi\e591c4a.rbs

Filesize
9KB

MD5
1ccdb9d770b382a75af6d1087ae3990b

SHA1
89f7ca48fe2509c726705f06cd0bf48577e2a8a0

SHA256
8886594ce571e09b6bf8fc0dcaa9ee8ae0743de1b65afffa240619a2347d56e4

SHA512
5382674124c3be6d54456a8d39b64f84c3cdf09deebff97270b5c0a38ef7e0b56791607c20b8a6b02ec98b3b711a259bd882d20aadcee658cc043a72922137f3

Download Submit
C:\Config.Msi\e591c4f.rbs

Filesize
8KB

MD5
380efe29222c021297a88c195b0d8e47

SHA1
7686b7fe04d97f8c028211f2b5772710a4795530

SHA256
3d113331aeb03a0d7d3cdfc0ff83fce0986e84d1dba6e3ec7d3b5b5f680a4dcd

SHA512
8e476a00069b7a573ed8237ec5ae1af8861ddd1f349cab789513f1bb0d71d678e4e922d6dd7902ab69e399422695f6f8b2ec07913927aa93f4d49d65b2b69eb4

Download Submit
C:\Config.Msi\e591c54.rbs

Filesize
8KB

MD5
b0dab75ff54d8deeae4c2c7c2e1471ab

SHA1
4d10c62d3b27057506c282f73b28faeed0a047df

SHA256
c3356945f8e9a7af30c771e74f06023eedb110703df6330e921ebf40f89fb82d

SHA512
94e2e36999867f91cd28c3964d56731792cb9875b800dc0449a72fea244d1e0ddb520ce06836c2bc58139920d44e37d5fe21cdbc76c7479975df20563ce161e2

Download Submit
C:\Config.Msi\e591c59.rbs

Filesize
9KB

MD5
a298bf961bf34852dc29fcf751a4b840

SHA1
938d93f58fcedb509fe93556310d7e32b265305e

SHA256
1f88530debdbe4f8f79fd238e9f27eca6f24493054afc5c15444b3ab550852df

SHA512
7c8054b8dd86558b6a73067a76782dde995163f76bcc0ecc467a6713a1bf4c5c2d16ff3d695221a5479381af322e1a4bcd2ad820c2692de14f9974b229949716

Download Submit
C:\Config.Msi\e591c5e.rbs

Filesize
8KB

MD5
50f761e4bbb50f0c1109965f977000a5

SHA1
9054c4546f9d9fb11ee83a997c9179129feb8328

SHA256
837b408e3948ed3c8994b1609dea6d73d2bb09977e902a3f7da06fe905dac976

SHA512
341321222233938e7134a0896518addd33efceb60e2367aa07924fd3ad5370f73e4dcec09d458a84fe63008e4ff61cc58e07a0435c0ff3c07768e04b5132d3da

Download Submit
C:\Config.Msi\e591c63.rbs

Filesize
8KB

MD5
0e26c6d9fd679b7e9e19a74ab92f9b90

SHA1
808120c306756828462ce9078e4b3b5363bca642

SHA256
75487c160e50d8f10cabe1c1165306c7ca5af22f4a7a688a7942bd6b5cf09b27

SHA512
09a59943475a9100e740487ff238dc01b4b0a401697a9d5bb2c9471fadd6b6331818d7947f1c63abe279baff790f7f5b6d2407fad8cea63b4ecdaeeea6a80e21

Download Submit
C:\Config.Msi\e591c68.rbs

Filesize
8KB

MD5
c4a44b4112b0a0a98283735e179ba3d4

SHA1
48a636360d223c4e9c72df5f39f0197fb119119c

SHA256
c1d3ffbc1887f792375f14dcd0fb074ee5c27c2a17e19c38c71fff3a6b761c5b

SHA512
38fd7051367d9b1603f2abe7cf92c344438933317e30c8dd40179d3b0c4f80b8ecdb99301f344f4a1f6281182ac5cf20dbf215338b25df1287d845ba9dc2e645

Download Submit
C:\Config.Msi\e591c6d.rbs

Filesize
14KB

MD5
e89c6beb874ddd744b13dec2bdd2acc3

SHA1
64188eee4a10f5fe2fe72e7852f15b73bf0fd497

SHA256
52e395b85fc1faa6860ebdc21cdb6692f2216f750203b53aa956ff0bf36b071d

SHA512
eb4299abfba1976eaf17521861b740f0c9f0d20a85c463b3c503dc422fd8909a92fd640d8c05e129a04f7b7d3f920d4ad8c60ecf7f4958d91dfa3817e393dc68

Download Submit
C:\Config.Msi\e591c72.rbs

Filesize
10KB

MD5
4a82ee0b797a48741423ee0de26865f8

SHA1
ff943c96bc5aa98b2957d18712c527f2bc66d13c

SHA256
5be76b6af3a34de9210fc6a3e09f4906626c342feeba66c022ff651ee03dfc65

SHA512
a04adab77ce41f0ec1cfa61c1442961c07a44a2ed756b18446bee1ee780314a1195dbf41745c522f968c7df7c4293c51bb8669f495cdf23eb33c4c22c3caeb36

Download Submit
C:\Config.Msi\e591c77.rbs

Filesize
10KB

MD5
1f038de0473eec71130a69e0445b73ad

SHA1
2454ae961f7b51784b0dd1bbf8120140b1ef16d2

SHA256
becf8025313f87494ff9c3addc74f92128bff098ef1df2fcb2c92d1a285042a0

SHA512
c4694e27ea477679a40bc6ca0308e0f2ada785288f2a65e2ecc0536d8b02b8737da045f48639afead2e47f42fb85c314f0311e91bed90f339010f20fd8bea6a2

Download Submit
C:\Config.Msi\e591c7c.rbs

Filesize
10KB

MD5
557fedb726e3ad6dd7ede83b9d414b3d

SHA1
479fa7eed9e904815b9a1817cf6e62e3a490099e

SHA256
48d3086d4dcf92f482513c1a1308c865af8c32d300f7a35c6f0a95f4ad8d44df

SHA512
72592ec8672b10aaea538e5ac94fbdd0fceebc0dffdfeafd90b023b8f32d9be59e4c587f37b7705073f4bdb9d08b0a1f7a346e0ca042a087fd6f0f6e6ba6efa2

Download Submit
C:\Config.Msi\e591c81.rbs

Filesize
13KB

MD5
985710470c5ec3fbeb177f8d3d36cbe7

SHA1
9a768d0ac0d7f9388ac86884d95bcbfdd4fa782a

SHA256
1136ba0f2684747c3ec766b244645081089a8fdd9aa25c601360f41aad022ef0

SHA512
51d6258902b8bae677e5912e0be5d6a18cee74326299353de15c5272efe8bf5522273facf2f92d6a2f53d610bef4c66a351a18942977738661818b63ae533219

Download Submit
C:\Config.Msi\e591c86.rbs

Filesize
13KB

MD5
99b0041ed00612cb5132f124907977b4

SHA1
e96eaf5414f1662e5d6f909b4bd46d8879740915

SHA256
053404180939503c8eed1b4fc7e1ab6c311ba556235f0146c6bc9a3d5efef2e9

SHA512
b4811f99c98ffe41988b0d5bc0a0312c3dd9b412d3a18dba5051535cbfedc16e7cd3ee7b5453ae18be113029710c2e361045a106871fe530d6f83d424c3e9a57

Download Submit
C:\Config.Msi\e591c8b.rbs

Filesize
9KB

MD5
30336486cb25c99ff3e763c4cd18353b

SHA1
4b5cefb53864f918b90e7aca68313c99b0a82ca4

SHA256
227e9aefeaa747e9972e8db5d11200e1b6c45173acc3b4250cc916e9ba2accb5

SHA512
54067019412d8adea19caa8a9c4f759db7ae74a004be70f09a074b6f409c8467000daaab5968c098ccece703b7ba26e31a2e107ff90a1733fd432680ba9c3930

Download Submit
C:\Config.Msi\e591c90.rbs

Filesize
1.0MB

MD5
fe486752c737f42cf72e8f5cb714e54b

SHA1
266c68980545a82887c1ddd48bad5641b4c2271b

SHA256
dfcc57cb4c28c7fd8fb882abadc321c47dafd5c1765ced9825ea559a81f8c1fd

SHA512
249eb50791dcf6558640b0667c3ec334a4fae90d128ec027318a8867463937e68333c826e197c01b94c73d18a00bd0c62aea7495b79205ca577c5bd524e19c7c

Download Submit
C:\Config.Msi\e591c95.rbs

Filesize
40KB

MD5
54a959fdd2d8ea6cda22d1a30829dee9

SHA1
5acac9d438d9bb2e65dd320d31ef2cc13cfaa5fd

SHA256
d2192a18d17fd8e51fee34dc29f2d0251c8d28b578c2e563f34af86b17a30099

SHA512
bc060a16dfe7cdbadbe8e44893a37669728b777a8bd42613205a3d8c455d9306c6b688c0c4eddb30f75871f985e1a33b0f29221a61f693f0691aba0f501e4d82

Download Submit
C:\Program Files\Notepad++\contextMenu\NppShell.dll

Filesize
375KB

MD5
201c06dc1a485f6a74b21c9b739c2eae

SHA1
96c1f31f32804db333148175224b453a28032d9e

SHA256
5b2ab24d0f1a1a9691352a467fe4aad18454408b6f7700420c578f30c46d5cbb

SHA512
74251b5a6d1474a04b8d85b14a8581670ffc662b6a14d23af84b53ff4bff9cefc7ffe850a4a230ae486dca89fdbe54e91339634917962544a05cbd7e3c7df70a

Download Submit
C:\Program Files\Notepad++\langs.model.xml

Filesize
460KB

MD5
6dc18e98260a6d648c591200f14c9bf6

SHA1
c5d3343d3f91dbfe4db4abfe8ca762104b32b995

SHA256
e3c7749a2caf5ed7d5ad3ee5b6e341d1dcd5cbffe56d2ac9c910ee4bf7e8814e

SHA512
6c0fa09b4712f6aa2397927a7261a7c06fad4d528d8be1aca94bdb065614b83d070e91b484c1133bb9de9180a2f48724d5108c7e43da0aa65917cd7e543b66db

Download Submit
C:\Program Files\Notepad++\localization\english.xml

Filesize
94KB

MD5
7de4504dae7aed90e346581420b1bd65

SHA1
4051dd54cd7880f7734573812de1238055bb6adb

SHA256
dd7dc850a79d24fa6035387bfce2258367bca3760da6499c3a408101ae43b901

SHA512
168adf3e11ca5835cd52bec65ba51da39fac6bc5ecbe28622d0df562dc57cae54e88e190460c2b3ef91cd1d4d1df38b51a75c2cdc4796aad2f3ce47b4d6ab515

Download Submit
C:\Program Files\Notepad++\notepad++.exe

Filesize
6.9MB

MD5
013dd1c256a30cc3926b828cce0ebcc9

SHA1
1bd408453ae299385ab0b09edc84312a8379156a

SHA256
86aa89aaf2b85dd3cd9482aa90411fc9176b0dd642c54c13c0e3324518f54574

SHA512
83b57663adc290dc97f0939485b0e46f4cb90edc3542a856a394eeaaacd9e7cf66bccdfad2de2ad9bc84954d5229fc052702ca82c29e428f689125adfa196f4f

Download Submit
C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll

Filesize
208KB

MD5
daa999587d75d05f292c3ca30238168e

SHA1
3c45d0213bbd7b8e29071d5e0fd5323ee10a14a4

SHA256
bfc176fc4b3d1a948020000e63738ba07c75f0f6c82d9d535223f6d546ccd2dc

SHA512
0a0ede2687000b1b1512060bde61c26ba1c9f900d4c06df94fd7a43f904a19e521392bbdf2ec2968b281ef6852f0498c8fa3dab5ab49e9bfacbdb25899b7c194

Download Submit
C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll

Filesize
198KB

MD5
fe47a5394ad80794d0e5d2f4d35758d5

SHA1
f83b072945493899d8280bc962551c24acefd147

SHA256
b2a56428cfa2e9ad9f85d6832e2b5b2e1489be66806c3590d42f3d3b7c8edaff

SHA512
2e99f823e84945f1a8c6bd33d499d4b1d8ddcf704abf688ce350c4a7caa66608c292c549208a4942d9be7c605bda84e768dd30ee39d751d32cb29a0f490c13d4

Download Submit
C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll

Filesize
153KB

MD5
b53f287847b2657b4ab19581821db4d4

SHA1
bf0e5307514a29c4d7995cc7087dac83b9e37a24

SHA256
e14b00514a4be327622db2097c41dffd94d36f58a923cc604f680b6f7a0df726

SHA512
1b1638c5855743c26e7d97680c24b2b8a1d3ad0b99808dda39114a840237780379422c7e6a329135a753125a418ffd4e62d97c0564293aba3f322a2062af2b08

Download Submit
C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll

Filesize
145KB

MD5
8c9d93cbd75e63b81bd0b5c12f68af6d

SHA1
3acfeb2e7a7d72c840b0225cf6ae38550610dd02

SHA256
a7d6da97ed2b1ec210c9563b94ffa7d12119e9d7074873323068e712c3d36a1e

SHA512
db969f4af272e0dc3f6961ff7bc9c8bf3b9f252186b71456702dc582a782a30fc74dc8579554b364d000f026fb74992fd59e8e7e7142ce5ee44eaee1d8e4835e

Download Submit
C:\Program Files\Notepad++\shortcuts.xml

Filesize
3KB

MD5
fb573784b83033dd4361f52006d02cb8

SHA1
0a2923a44ec1bd5e7e8bc7cace15857ae03bf63c

SHA256
37a24662cd55b627807bc2bb7cbba5bbf2abaf6da4dd7bbb949bfaa7903eae9c

SHA512
753b44b5e8bea858cf5cc5ddfdc38098a2f3f921949cf98706ead95bdfa1de7ab0c115e9d69237623a03c422969480204c69d3ba277141527458c68230d0c67c

Download Submit
C:\Program Files\Notepad++\stylers.model.xml

Filesize
190KB

MD5
9ff5fb88c47ac8e7c99f9f340f2d909a

SHA1
5c4abd414ed87fc4f16eb9f9b39c690f3cd1ca22

SHA256
070a560ecd7ab3f787bd7674bdde50aa906e895553f07beb74fd140b193627fb

SHA512
8c1af565b19803ee665147ee7d5dab420f591e2faba8d7f6db95e9e9b911bdf9586fca20851f04152fe4f7c98b354e3e16f84140dcab9aac22e0b2233c4cf4fc

Download Submit
C:\Program Files\Notepad++\updater\gup.exe

Filesize
789KB

MD5
7744ed6fac4775706938298f9cb5ba0d

SHA1
2f20777a19b81a4b37de89e4d5a9b8eda21b51a6

SHA256
b9c965aa538c21b4702ec7e4f3ac47fc999e1cd505d69e0896a309f7956bb351

SHA512
9a6d02f58367c3bb728e81566685b0292232e4cd3e5c6b4eed65928026115e7a1fe20e1248950431a5a9d0b5e477310d756f9a70b9337edebee9b2a9acae47fb

Download Submit
C:\Program Files\Notepad++\updater\gup.xml

Filesize
4KB

MD5
abde55a0b1cb4a904e622c02f559dcd1

SHA1
1662f8445a000bbf7c61c40e39266658f169bf13

SHA256
92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5

SHA512
8fe75fb468f87be1153a6a0d70c0583a355f355bfe988027c88d154b500e97f2c5241d9557ebb981067205e2f23ad07b6a49c669cd3e94eaa728201173b235a0

Download Submit
C:\Program Files\Notepad++\updater\libcurl.dll

Filesize
732KB

MD5
a4f81a9473e13a636a23b8e84d0c63c1

SHA1
675f8077e38a7a72c41871627ed5f003746fb8b1

SHA256
eb654233b73a7031fd966068713b5f5d430242ee9c2c3b5a4a6dc0cccbb722be

SHA512
325f9a9e7250a42d71ccb736907c8f06774ab7eafe4c89842a585d52faffee95d6e86944c96e9e692446edf0ca17620feb7c16a6cf84af43a19851f171e54694

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
143KB

MD5
4209ac83bdc20a053470a48c3ce2719c

SHA1
9e8608f8a6cc1ee04f350f66b16f3481e81e9262

SHA256
c6e330c1e3895deab7b47b725822a4453e50dd0b79a148dceaf8ba3a749f8412

SHA512
944aabf043890cf92a05ba6641d77c8289639f0aab802f9d8c8a73fc18d8a94529a86ae1ec0ad70af3158cb6cf72835370d5695dd8ed7d42987af244521a164d

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\fr\System.CommandLine.resources.dll

Filesize
19KB

MD5
aa8eeb801d74a4e562fd8c044e03fa8c

SHA1
8653841bd62dc74f605f608ed8f354dd692faaa2

SHA256
7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b

SHA512
388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\zh-Hant\System.CommandLine.resources.dll

Filesize
18KB

MD5
9101e8227a7ab83cafd27e4ec222ba10

SHA1
3a80807f7cd695bd9258eaaadf8b2d7dccefc125

SHA256
8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e

SHA512
e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\it\System.CommandLine.resources.dll

Filesize
19KB

MD5
4e92ced559ff6f26d238fc5393dab39f

SHA1
400983302371c5a7ba38e3dba8fbc4c5f8192018

SHA256
37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471

SHA512
0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\ja\System.CommandLine.resources.dll

Filesize
19KB

MD5
5d26652b0f420ca6ba2bfa00b84eea38

SHA1
8dc1d2a7cb6b857344c120544f842fccdaa97e79

SHA256
654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c

SHA512
5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\pt-BR\System.CommandLine.resources.dll

Filesize
18KB

MD5
c7f0f7e0a7562225d7b60b88459bde92

SHA1
96c432044ecf7d346e09c6c46f5ca163396d97f8

SHA256
516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353

SHA512
05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\tr\System.CommandLine.resources.dll

Filesize
18KB

MD5
c9c8df325a05d227bc32a5d854713c4a

SHA1
cf9ea69ccebd1ef0bd46beff01254a02c5fb0131

SHA256
7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf

SHA512
fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\de\System.CommandLine.resources.dll

Filesize
18KB

MD5
e771e643a2f47b5d527aa4dd1e857aed

SHA1
ddb6ebbdc354122989c67ed9cc2555da640b16e5

SHA256
8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15

SHA512
14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

Filesize
19KB

MD5
ea1fc85ccabec5aa1ae22452afbafac1

SHA1
8ea9da27d9335f80c76867837688218b78311148

SHA256
f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483

SHA512
42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

Filesize
18KB

MD5
3f14df8e4be6100673090c43eb3c3476

SHA1
61c1e35aeb6cb477077416f050c344fb18f5f87b

SHA256
09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2

SHA512
7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\zh-Hans\System.CommandLine.resources.dll

Filesize
18KB

MD5
c182eebde556be386ca5b656974993fa

SHA1
864aab5c6e71bc3537612c2541e7737d02e6f4c0

SHA256
d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd

SHA512
3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-user-secrets\8.0.6-servicing.24269.9\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json

Filesize
340B

MD5
db8f50afa10272bdd9c658a08ee151f6

SHA1
be0fb5b4d6a013e2a9f024a11a2e87e827bf6ea7

SHA256
9930b35481aeac719b7c7e90c5a3b55019be2017f11b0a1e83b4b3199f67e368

SHA512
4f237d5c266101e6f58073767bf02642f035271cb960297c693ab79a94792cf0a0f8364035c7a210ead4529976bd8634d11b7a9ef04f48a05ed8bb2225729d30

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Numerics.Vectors.dll

Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\cs\System.CommandLine.resources.dll

Filesize
18KB

MD5
2f679e46823cf54660405eda0dbf0842

SHA1
29fdcbd753e36022b6308425dad9323e5f3472fb

SHA256
6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf

SHA512
f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\System.CommandLine.resources.dll

Filesize
19KB

MD5
7717b3eae55b3ec74f40699c1b9896c0

SHA1
1483166af6059633de2e20545bc3f3cb6f035304

SHA256
8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02

SHA512
c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
ff34978b62d5e0be84a895d9c30f99ae

SHA1
74dc07a8cccee0ca3bf5cf64320230ca1a37ad85

SHA256
80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc

SHA512
7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Encodings.Web.dll

Filesize
77KB

MD5
fa9d0d182c63c49a4c567f7c1652b6e6

SHA1
55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc

SHA256
e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84

SHA512
58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll

Filesize
627KB

MD5
63f1d0b53ce47b0ac3216281c8bcaf24

SHA1
090cb7392ed07a94d237b5aa2175689faaf49b7b

SHA256
de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb

SHA512
386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.ValueTuple.dll

Filesize
24KB

MD5
23ee4302e85013a1eb4324c414d561d5

SHA1
d1664731719e85aad7a2273685d77feb0204ec98

SHA256
e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

SHA512
6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.props

Filesize
295B

MD5
a5dcc9e5bf323d748b26652e11956905

SHA1
7f8c7a2523d1f4600e0f8bf347d10564cef36780

SHA256
2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c

SHA512
79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets

Filesize
297B

MD5
5725a6d47308db618d015c3e55dd499c

SHA1
9b3e1ac8d62d522505f57fee89a249ac33325edd

SHA256
61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1

SHA512
ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\testhost.net472.exe.config

Filesize
4KB

MD5
a22cdd3374234d3a50c2ace2dc33a63f

SHA1
d71bb2417cb805c3da21ebcc0e1ae5a102823c9b

SHA256
b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874

SHA512
71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\es\System.CommandLine.resources.dll

Filesize
19KB

MD5
79e57433e70b5a0a300303dfc5d759b4

SHA1
cfe5862964f3b389cbac01e157e9ade0031e45ef

SHA256
b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8

SHA512
8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4429db03-329d-424b-a01b-d2b26d900205.tmp

Filesize
5KB

MD5
65c5bbb4155e9de6556776999176cf9e

SHA1
5df397d9e335593d8b59abeca5caca569a9b0a46

SHA256
87e55d93ef62ac57280ad8c4906220cd50be1e58d1529bf092893a24ce19702e

SHA512
b5c2abddf851417bc74a6a85d9980c02d3486f20465d8f38ccde847389c1663f5f999fc096e69ceb638bbdc0265fe9c4bfbd01bc11ca8a174c7c123518cea793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\824a5136-db52-4ab3-be9f-83f02dc1b20c.tmp

Filesize
3KB

MD5
0edbf827d87d092abb4f86ca4db1da32

SHA1
27ba1882e949d8dcf738c62c77c6024f9784e6eb

SHA256
a797e053cfdcfa40b3a02b08bfa5e1e4272def1bffe571e987ad5982ed3e565a

SHA512
089892c8ce91395ecb2d069ab9c1104ca447880f1995d21f1f536f467d5194eeee1389b9b56136869ca044d90408ba65ee3bf9c5143b8d113d566e7c5e2e2b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
21KB

MD5
aa521e4e4c27306805ee2da1706959bb

SHA1
f2d27a4dc1eee1b9abbc241f7c20678c03c9e775

SHA256
ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04

SHA512
b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8c122a746fb4aa007f95f42380088a1b

SHA1
d94ea662f557f6d844fbcd6fcab8d2c71d817cdd

SHA256
020ffe4fb07e119a2022f2036eee6e1a6954ef5186c39816a8249e98de542082

SHA512
19c9f400372c81e75f16557fe49f6439f9fc6e97c3330b0633d47c44e9b0154b59e25509b37cd2b568307e5c1c3b4525dccccf21f231a83d7c45bc557972d401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f1d0bd5847e39a4fd8c2f3222ea4fb84

SHA1
435c12287ebbc1524eaa4aa3ca83150f329d3d7b

SHA256
83381fea3509ee4b3fb21cdabb6612c85e9011cb8c66e7f12e97a273216b8a1d

SHA512
04bef9b3f12f0df32a5f4f56d8090d9e5d25790560d58f01a361b78dca2a289a88ad69ecafbaf36a32df03f96a933430fc870abce8185a149e018ebf58abc15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ee80af02411f9a356a50e6d6473562fd

SHA1
56afb2071d4e9ecaa65b3191c6cb84615f58de91

SHA256
183d6280935e28cb0ca9e31f42046638c4b4b17a4afe88105895ba9bf094978e

SHA512
73d14c22b663db681e6abdf7b603906096a1a5a027950ba8467259f6c9632e1ec5841c7924507a63ff8e68e784dac447eb360c84f946d490e5910a65adfcab1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2964ea341677c6ffe2fbe1b3d7945198

SHA1
6c6c7d5fe58b119c8988cd2692fabde636603271

SHA256
9d2ab9b3a37c84f7fdc57fedab9be001a5e1246c652b1965fa2cb69f82abbf46

SHA512
03a1a23220e7a31f342c6b01314416fbb673bbbabbaab1340439ec5d61fc6636d36d27121c0d3b31ccaff67f5592b1ba8c502d80073a9ba5d1b8f6b6fc0986e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
470ac1e18bc6d94bba9be0cd46f33a5d

SHA1
adfd33b651fec8579f4c7f0cb6065e13911a8c1c

SHA256
6dbe334420cec9f0cad03b98aad8da98322d25c7f55df95c110b7c3338a97059

SHA512
dcbf71ab24c174ea27c2235fb8861731d8ee3413cca496ed094bd29cc5c295120c757a00f515dc152af0496920f0583f68ad61ba2cd83edde6bcfc33467a030c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
77d90f66abad662943cb85427b383511

SHA1
2d87b749e33ba9d688adae5ea95ef92daed4ef57

SHA256
240d8a12d8480e3070001732f01d8f2e691bb41a8fd4df86c6a4fb5f91f0f7e7

SHA512
060387a8e94013be0749883d54eb1d2b50f3c46d446913ce2d2a33fb66546db088179d95bfe87bbf8b598cbfd5b4e7b9e7fca9c49b2f73602dae8270c5927b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
cec5a723625d46d097d10391eb11c6f2

SHA1
a444cf9f86aaf08a1d0982a100d5b60a8c16b146

SHA256
d1e1c7ca61b1d2419b6bd9363030162b3444635c897338266d17609a8fe0ebf4

SHA512
c35a5c41ba2c8e7f9f6b11d2738b8f33689b8fddf527968d7ffc2b89139373e954bd85129430df7915467e4bd7ce091cabba10030b266fae75e59107e6214f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
15ac5c8bac3a1631e6035797aaa22cd0

SHA1
fbc215bc3601f2e45f87893681f8e16db8e3cb76

SHA256
9f8370ba7552c369c2d0f0d95020abf861f1fc25c8a4ae32f3ad2e1ecdeefae6

SHA512
3b9ed3f4ca08e0abf44a6ba7c80ecf658c7091c27429b8fb324788f6d5598325f64723d94dddd249d81cf316fc934831dec8e778ac96ef353474b6b2d3d1a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
42955133f6d4e9a4a81079b8327b13b1

SHA1
1b1f3449986244a8e29eed95798b51b02be9b4ad

SHA256
2e52c480b61c04d63bbe3f5479ff71a352c548b232c9890ea5570cf36c3d05c0

SHA512
8b133c5398295f28a7292783c29511a9b8a4feda0989a9232545a424122123b09242dade2514b66a641726e88059365406e4b5dac275e5b8dd3d0e3e1d748d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
3cf5353c9f135ef1319c04e2da66c5b2

SHA1
535fa6a52ec469d1c09f6de38b0cab3ce336d3c3

SHA256
6b10afd68283fa44ef065788359acecd811073be0d4160b79cb4dd2c0c57be4a

SHA512
0098f3068fbfac3c274424f7b06c063d42dc3ba27ea40a198a2fbef40f8eb49c19a84d1387b1b20c72345838fab38569a5dc0e8184b42e524220238518ea63f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5d76db46d04525e18fd67a194a914dce

SHA1
cd3ab24edbc8b1b9a891d8674c47134d7fc2f47b

SHA256
73acde8a1a09ee94c44e158020a81ff90f13f35b35a210f57b4fe85854fd8d47

SHA512
8c476396b27008ad2a75ad6a4e893771c373727821151ee86705fbc6d6aec6038730327382cdd98e99d5ade7afd1af3aacd04c23c56f961bad839a5dcc0a22ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3f56926ff637c680aae992a63f43080

SHA1
03b876fd5a62909f49f4b77ed4e3a4e69e71977d

SHA256
23fc39483b101bbc366a9771af37540bdfed398a51595826ddb7926d6a9c3c67

SHA512
bb6709fc33c65237d9394418045d0bc407556c65100c7347b685433245e5047b87b0f42241773fccb9d491d2ed3dd45a8ee4ea02c5ccf406d946b72a08e29fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
696f2322fab55d52d4fe6b5f40b5f256

SHA1
88bb1991498ace5f484d00dfa785701acd84088b

SHA256
26795ee9ade66767c327713647ceb0225bb45ca5dfcfa9d91010ea2b462acd0b

SHA512
caa0406d74469e873c505409ca7a99617974aaf241720f08c7a3ce9cd0f3e7cc9cef242ccf19b2557848f1ab5c56e40c9b7b16c1660924cfa872ed369cc40176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fd076edba01a0628d9c6aaba729f583f

SHA1
d6e926940e4d35d247e1cacabff6ba318acccee3

SHA256
ce15a54f4586c35bda5cf13decf35204560fcba69b1f9606f7f8128584febf03

SHA512
daeffca13393f5fc94c2bb4b080512a62241ed44f4ab4440ed0aca4ff1238d773157fd234e0b945f85838228a5d006d207bffbc71fc8982fa0166980cfbfecc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0e24c788a5a0f5bb7a77f24c50fff187

SHA1
a788db7f22c2aa56f03c16e1d79e202888076249

SHA256
f3f0fc4e41e12412aa2c2a541261ba008d026c178746facef22fed952d4bf39e

SHA512
58d849b3f40a18197297fcdbdf6af650002b95303e02a5725d2408753f6f5db35f0b9a00928c2279b0011e7d6a9b1d3907b6fd5099bdb31b2a52a0fc505875ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
060a6f40867b2b36343a005074ab5054

SHA1
60b450c8bb221b1d22e3981b625ee265ddc3f30a

SHA256
3f13aad3ebdcd75034a3933d0e647c87da1c99796ab8c1cc4a54213e323379bf

SHA512
cf2d828194aaa57606e0e26821f946b68369e22b36935cb6ab8cefe8db7fcec5e5aa9b9245d040d69f4aa77ee8859b6037f8a07b130c987bc463bcb7cdbb1346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9bbb0314b5ea1a72c3dc1e6bdea14e18

SHA1
418aff4075161c66138b6790673db2252abf7c67

SHA256
9806420989ab922afbdc5a64c5beb859fc42ae0299c47e9151492273e147fafe

SHA512
9c83dd219cb7ecefabd063d3379ae2d225c777f4e933e87506a878ccc0736baa3517de98d36a27d58389525a04545e6ba0fd5647d3f520388787127cb2be5d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9d5b685a2e63af1bb774b1dc6f38c6bc

SHA1
e0566705cc360a9af79eecbd3c6e5097c2ad039f

SHA256
c5db5dbfe2db497d9ac67b18a050466dd95da58f869b4a90a87c3d3422f3b5c8

SHA512
298ba7993144351a4da4fcd2e65895716226f3bf872bd9aef3abf0a88564bead058e4b001bfae2a8ee0a6f593d0d2fdf6753f0fa51c3b3638940194e16520d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7af9e6b2e003cb121015c43d9706b007

SHA1
ac7902b12a3bd34008a46e6e29451382b62a4fee

SHA256
ab4629325edc3474d815d0f4638e9e3a34c6adcef335060763ca46b64ef38344

SHA512
0ae394d3b155b0708e49db9cc31be96253109476cc1515183fc95872d6f59a8b515abcf4724b202fad167e03aa977a75cd38f4f72d43a2106b9fd36219d8305a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
119bbd0fac7ccc47e03605ef3cb87e93

SHA1
c28ad9d732e476dbd075486c57139fc879a884ec

SHA256
f19df84761c8b409db3b1f519e43acac3a491fef1cb7f51925737714873a8d03

SHA512
0cb28fa335abed0df7424e0bcaf2e84df0e3314f5762f43a8f532b2e29e215b21b3b75f95cb26e0417fbb987726e077dde795cf7e961cbe9dab5db51791621c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
52fe1373a951fff87501815e9c6265d7

SHA1
108f88b7726ee90608df2dc531a08298331e6dbb

SHA256
280625957c4d86f8981ec3d707393799ddf0bc996a2e6168d8d678b4bab1fdd1

SHA512
2f221ae88d1282907ad3acce1f3a76187b06b6443cf2991c25e50fa0381c4461a40f58df16a9a6a7adb0917e2ee634fc7a0877b14027f78641df9a57cc537fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58236b92c39defa760f69be3147d3638

SHA1
8b540595058a09d41841c83b1a389b4d070a63b1

SHA256
691197f2402e364294aa4e8acc9d21784290cd53c96105120e4dd715572babea

SHA512
7afad07ded1e496b78f90a0cc2924267c62bef277d07787c057b4a0dee75a19454ab7359033919c2ad6ae5ae7816823b93184796942f75c3e535e04e267b08e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
904c8cbb978f3f4faf138430a1d985e6

SHA1
6ed433a46d990ab57da0261ffcfc26297f471aaf

SHA256
de2e99dd3767847d432971988ca3ddb58dd9ea22f5210c7ccdfa3fedda0e1c80

SHA512
5ffda99bd436eedf68f2cf89b242ff80af754e6e26895dca8fc92963ccffa7f3ea7199dec66c8687feb5efbc84e670e074f6acffeef98aeb2aa0327924c9865a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed77e2df71a846cd0faa421c3d7ea681

SHA1
67df012c19090ddc0284af0001950a68200b1791

SHA256
3bab2e18f3fe178e926c4433bb2ff35f8c588d359e180250e823c09a5caf1c40

SHA512
bbb7f68892a1366f60ebf1192295e7b83a1534d9a60054af5f301a8a1d148b56083f7b8064076154f2cc91f2ddbd9a9fa1d0e9653c8f1ef19a2cfe4526c592d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6c9934e37fa8053435fe7dabb3b55315

SHA1
b0b14627a4c39d19d91fedcf3533c8411cc6197e

SHA256
7a1590adf7322f6ac8cbef183f1deca6c904ae75b3bedd7f7d8b84c418822abb

SHA512
ea7480f8d5275a5441002e7058d870dbc7dea3123e4702ce7661616b83baf5ea668b33eb5c267b58e000ea4871b5c8c7c718c78ee5f7e4f7d94d26cd83d11d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f7be632a86f2a94d2db5ddf2915b14a2

SHA1
84042be2c1cca0824e3833966ac96edbf5391fc4

SHA256
d4a6a58f546d0378c252871baa992e0fea9eb98bf3d53eb698ae38b8bb634ad6

SHA512
dc79c2ecb383d1ddb6d37385259609dfd18c6aece0809b5acda64a762c3b2e1ab0409bbfa6a239ceb554e6cab5f5222404831e80dee12e50e53776a9e2745bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e2be8d99bd0809e80fb47c99569bd15

SHA1
0a22dacc819387358da43318e05e763aee132e18

SHA256
f644e16de79c185f76be3e9ee5ca64fc88d6c54f7112bf4d979961430f672dc9

SHA512
ea42545ef36ca7690eb22191e7f09c9efd8481214174659a94e93f0f2cae9d93b65ea4bcd89afc5c590aa36fe78a65279727bca1f9b6d6a98264d97bb09f76e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583023.TMP

Filesize
870B

MD5
b9b94725e8cb3569828c339e5d32b4e6

SHA1
7ac12299daa590be66d45f780d87a99438aef169

SHA256
30adb1aaab787a2cfbf636b4ef80c58ee07685eb5ebcb979a99e1f2fa05492a8

SHA512
42e83f9d1de2d58971a1a1b48282e5bc517e6eb8f859ac86c8d8e6cc2b19ae64609c11550aa1fab0537cea3ba439c8af5489553969acc161373f623a4f479810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27b7460e73a599ada3fa8ab8a0a0e86e

SHA1
99fdd37f57e88dddca3a1734fc1aac67034801ce

SHA256
e0e24dce8199034f484ec30e58cb6bc12339c2216a6e18dc43893c9816c16039

SHA512
165e2e9ac785f275c6275ced9d80dbc730c7cc06272b035317a5a02f65ec96aebbd0c88e2820056613a249ec38cd9867706cb6f2c63e0dbb4fe8a8cf30429707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3ff74b89d49f5713ce602db9bd43a944

SHA1
41ba45676ee41e380ca7469f21492b7dc9e62b26

SHA256
e80a9c12d4034c8ac10979ffa665025e87d09082b00fb46d840c3fdeedc11087

SHA512
588b613a66e4eb995f54e889e51d2c7eaed8ddfe3f25c824a9d8e00030ecb9f63fb2f4c5690174eed87be7383a9c4c6eef16ba59a81ecf23291d2bb03987d80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5606afa361922462dff02171ee01f875

SHA1
463fdd3b2781836c46600ecae16c4acecacf547a

SHA256
99b570a6c49b29e6a114449aae45f329b7bdbde9f07af4a229479d2f7e97e267

SHA512
1a2150285e54dd38f914bd454b11b7c7eaf0910e67bce4c27ad98e8a43dbd3ba071b60c8d3acd53b08e96721d8f0ef335d651301c1bebefc2f7623d3877aede8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a8c6e99ba7bfcfd3953c779acd866c2

SHA1
c59e151362bfb7d57db2e6fb87721fac35a7c081

SHA256
4ff5861f1a1606f9c37279bc107a2f4cab7408a94de2341426a686ae1afad374

SHA512
32954e44c3aa653c6a0c5cee0042b83ee206b3e828f0ba38ba7059bb8ab81a424df82d7ed845c383b29ca8bdaca023f24e866d40df8749c66455517e0f955d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3fd04e17990eae6755a6c9cfad51bbaf

SHA1
c7a9add6632ef7bb26d9e26c2b68e194622b7b98

SHA256
980ecb535e6d9e6f2968727f53a920c3793083664d8e851f983a66e98dfd24bc

SHA512
da5a258c33f9567a0eeb638347045f57045b7407dffde3230433f523d82c349ba9573da4f11968d11277f9996be5abdb13e7419437f627a2923850c1e8947499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
934580c99693e0662e8d2acc04d96e98

SHA1
508168e95b8ec229bd121313c74b263e7491363a

SHA256
9cde131b8999b315a522196db996320374ed528f415a25e938ff8c9820b3f9e2

SHA512
0b18f7df78588a87a461e036531f1f2877f9392abfe6d7c0b801d8a766e8d63baa60c2f38ba9dce12baa9ff3e590059df7e61af14ee86cd8772f18943d78dd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce1bd37130db4800fbf042bdfadb53ea

SHA1
7344b7ca2be21ff25dd1a7f6ac4402935cffbf77

SHA256
47c40007dc45091cbefd98190faacdebcb6e7c44662fbbba532a3ffee646e8a7

SHA512
3f0a02b57bb3140fedce82a8a84be54fac99d69c43dc51b8c0a1e314df2a602811b80e91c02602d4ff89d40bce319cf929714ffe63893c0f19791c7cd6976188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ecfe68fe71ce9602fcd316b2e0658399

SHA1
2e112c8081f0447fe161fea5681db9c998beca55

SHA256
a90df2ecd7388c88bc2a86f2c523e4be94e005f8a94f58ed58bc095d62cf9338

SHA512
c70c96545fb8f5f92778f30b598e6da88753bad6f6d73c830daa418446588456c08fd32df5b4399427b7fd73b4591ec4dbe28791b5a7c79ff2fbacb0b40d041c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4895649fcebff003ac50a12864f1ba91

SHA1
1ec37f80ce02ad4143678bddce6852c9f952758d

SHA256
d3e55ffbecb6af737362572ee474d6259f79c23837ac301719e9342f0b01c89a

SHA512
daa7bf00c2174b6e6aada1084c8fe441d04cd67f06a2f8c9397e4a75b51c1b2d2f6d92dde9b16c6424c50d0f7a726918d1aee8d6e38a0552c4037d80845a08c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
791fb2638b6743a4af021be2823bc7a4

SHA1
5132bbb3d278346d67d6370f7908f64be2e56ead

SHA256
007c70196096f35b112855b030713265cdacda9398099cb5577b51761f561772

SHA512
a81295f1942b462d083d6dfbe1e4380fdf3d115be17d5c59d4ae2b5fd65cd7e54d72c9f6591609d03b5e3c0aeb14f06e5b0bcd26c832c750bf6e1d8d2d702f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b0ea27119bc464850e0443828845dc2e

SHA1
e7e6c163c1d286b43b3b0f089c2b790aedc56f01

SHA256
c5e6f90d1a5188bfd017716e5b25d25c97d066ad2716ae85e3158c12e672b7c5

SHA512
3336d59d877ffc846dba3eb97324bf4bbb3bb09ad1a0aa5c1316ea1db3262f76251f41beda0fbd80bb612812c9308f4cd53141273dd63e8b503f64a08b3c7b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6618eb1dd134a5f11c26f728b673c6d0

SHA1
34ea0808b0e8c6d4bba48253dba42b53d7ecdabe

SHA256
4e8d8cbccfd4b05681fc83313ef3947ac549f5173ac816bc0057ea63059b7a34

SHA512
33e009b12155554180baeb5e7749bc776284cfd59bfb73964627d37911b6248b06183f8e783df745423771bb17fa2d52b8e3bf139c78b88b2e8f70664447fa72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscC2C2.tmp\ioSpecial.ini

Filesize
1KB

MD5
ac16d7f5e06b8ab9d73229aac176059f

SHA1
2eb7dd668a91519f8a391a35308e3cd99aa8b9cb

SHA256
de71db5b216101a9886efed90aa622fc78cf8005c08fb56b03eda4848c91e559

SHA512
12c18c5cfda4e03b96fc12d3fa5aeea1b7a2552858b0492b3778e191e9422e655e9aeff273eaeef9dd2b37a854d0d55b549f6fcb5fbab433eaf5cb035be3ff1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscC2C2.tmp\ioSpecial.ini

Filesize
1KB

MD5
cf7a986a22ba6ccb1e5b959346e534f1

SHA1
d018a83794e8ca99612e4314433675c4a1290593

SHA256
2fc2a41fc50adbb384f397472f08132918204c250af2b1d51c37ad599a0e9ea1

SHA512
acc03f57ef921c338f76a0b6e4c75484ad11b64919d7ae99eae2c38a6257e17e414c678239b4168842fb8bb821497a739384d652fbaa5af2e437ad6cdca4d25d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscC2C2.tmp\modern-header.bmp

Filesize
25KB

MD5
56da15fdb8d96f8f5c649dcb5e79d775

SHA1
157e19e89c5fc690a67e3e3e4786edfce917949c

SHA256
bb90d4338d2474138473e6b16e94b0237ee847bea45019ed0dd4439c71bd233e

SHA512
341157e6d6a6a445223d7e0b48f6887b32a0f68fa024fe6d3511b8e5f4664bfe25ee8b9c1c9cf6d80db1dc3b0383bcec76b385d36aff176b64a4fef57e81a8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscC2C2.tmp\modern-wizard.bmp

Filesize
150KB

MD5
c2cf6928a3ab574a5548b4dc1c38b6c0

SHA1
8860ff529f60b38a93912f88f234d46eebcf664f

SHA256
2125550c12fa512782f2016e802d70bc51f4a06017cfbd4176b4a994eb2542f0

SHA512
fb6b28f2677b1418f8ebf621dd1e201b127b53b998c02300caa66a9f374f681961f5b9a7f843d6082821890df9e3d91a3403b4f83d70d155e9c841893e1f80e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\UserInfo.dll

Filesize
4KB

MD5
d458b8251443536e4a334147e0170e95

SHA1
ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

SHA256
4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

SHA512
6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\ioSpecial.ini

Filesize
1KB

MD5
b70e728b66f6fe6ef9a2b91a645e6238

SHA1
3b1d35fed12da1f4590905cfbd5493fa64d07937

SHA256
7584202c7d4c8eac180a7735ce42dc0319764c3cac6a84b4a169d82d9d8e10b9

SHA512
04a6327b10d61a885c11742af6119c1a60e143ea178fcbdcc21cce5dd16a833e491b7b2cab8d441e0f0dc3d5b479b1429da25728e1c80612879d6bf8c2e56794

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\ioSpecial.ini

Filesize
1KB

MD5
03ea5c4bb7ddaa5dadfce0c6ff5e9d09

SHA1
9aace1e250201110e32f1371700f12a1ca7480ab

SHA256
a93c89e0547a93ff6b42b049f5703d38dc931589c1b21a823443c4e6bde54037

SHA512
ffc2136420c917f24daa1c6b62f9d9aa40a5ce726a4dd61f0bd32494886f7fcfda1a7c85bb61474c4386961e0ec96df748ac618223bf2cbecf1c18413238cb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6704.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9cffdbd38830fc4943f26848a3429a51

SHA1
8456c65e1cd5b23a834e67bd60c7ab74a834a5f3

SHA256
3198d80f2c286e747da8b40e172ff90912c55a0eda7395dcbf729d0e10a85751

SHA512
0d91a20199d10b9758f61145ff381b74ad48509888f32dbd1650ac699b0d78530b5c084ce4f0a4574b375a54a71c86ca7e0fbdc5b750629bb5493b73a8cf9094

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c2b418735862918ca308cff294975bf5

SHA1
77f39e3428288842e286918377c0405240821b2b

SHA256
9ac86516a381e967440dd5edd7e4138088a3a9ab7aa374ec641e18566f635342

SHA512
bf8020a28f402d521b3b04abbc069a992b6482fe8f020e6b3a48949cc78e6b1a81383a71fbb45e4da9a10d93a0600e0ee5d786a3127f27ced71e4f86ac7db2f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
fbb527b9e1c59a089854da3cb440bf98

SHA1
69c83667c9812a6eefea9885bf50a114817f4ec9

SHA256
5006444d1400b8997f0a5b530ea576c6f70cb8193c4a08d9e85a1e21ac7307f2

SHA512
9246356ada35f9eefb5217c0474ed2efc4f82db38ab82f7c3321746c61aeee5a9b289685748e47d71eb5e177a09ae4fb75da713c7c6a0cdac4ea2a7e79b19b5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
f2615656c74a81493ecf458044c668b3

SHA1
c36a447b1cdeb45728b58cf108d5fa11247d496e

SHA256
215a408fc16787358cfd0764a10d3e8ca2268a1c16db0d600602b6348c7818f3

SHA512
fde9d3b2c2cdea2d221ad275614c308790680cfaaf1646bfa4356707549b9ee24b3d64628d2abcaa91cdb3716a4caddf7bc6cbd7047cc29b2fcb2570873a3495

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
1993233d31af57425afde184ae1e669c

SHA1
ec03ea94caa5c071e5648b7f070e61aee76848f7

SHA256
bc47b0c967d2f1a123a2d0deced534ae70b426c47911d9e44c838802d864ad38

SHA512
ee0f4da6fb4a3725bffdaa8eddca3da4244f1dbd24fc4a75b0dafee61ec8b7e6e13c442378ff543dca9aa6d77d22328e4d3a1865996774427a3705fe793cb409

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
e3e077123d85be11384cfc92b0fbdb2a

SHA1
7c02639f526f78bedbdfb2838c71537bd8d52182

SHA256
d3158a4167fa56e83e3057b6447d7070d00d02a5d383eb8e2ff9b1457fb37e07

SHA512
77ec99f356c77ed6f85bd85b52eefd20907bdb04d57941c5292eae1a06ec48f0f7c747b1b8e3743d7eee6628d20e72c94dd58c8fb081b573ba125abc137b07db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
4397bfbbfe4f58cd3d4b64c0c58cb614

SHA1
0e14840e15c0cde20648f28ecacd658471775139

SHA256
e873c8dcf8b6eaa654da36e71c666aaf493256e02723a05405b1c15635eb4835

SHA512
e798a7dcd2f19b045984458b5204626c4af110da9132842cb504b4e5ca85f72c2205ca254fd6eecfb86127ee989aca4c2ea5ca34b28c6750db30a0eae0599a4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
54e28676a3b956886afedfee8ed03938

SHA1
9fb881c6da52f308aeeb635bb3cc9e633d463348

SHA256
058747032f7e979ff37f4d330cae3843376016af5caee3fb73840ed159a1c6c8

SHA512
846a1978ebf88bb2bf5fb67451dc1d6c82453817109079a307888dbb8a78e28a3e7d17113efe51e64579038a6a3f970ab8e119178e4b06a1810736f8b078296d

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\contextMenu.xml

Filesize
4KB

MD5
fde4cc09d1c18c6cd7c1a4878e89d27e

SHA1
22fba21b254fed1a60da5de2b8af3cf6e132b647

SHA256
43ac0b7ba9b1f91fd8d4841b8119344e6212b307a1decccf61658f31d38bb425

SHA512
fcc87b93cb4dd0949e82edb7d2788d7abd317f9f4c5f046ceba1cd85a64b12b29c6baba3e8646265db02a48a2dc20c3b5e893a1334d9b1e91d26692b4e9c2d29

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini

Filesize
646B

MD5
f07150054a6afff4d8e9d58899167722

SHA1
e092cd960ab728667d91b37d64a02d7f6821518b

SHA256
5b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0

SHA512
8c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\session.xml

Filesize
794B

MD5
11ed485c7a5a047e5b0f5dc586c0e5a6

SHA1
8a61c467c78029bad442379fe97ccff927ef9909

SHA256
3cdb5cc92e68f76eda3189d10f60d573892bfd9f90da6d1009034551861f3d66

SHA512
7ad35e48a48ce08be419f0f7e101b3ad92da0988278db51ad72f164002df351514dd6dd3b7c3040d62cc619af9a4573100b4998d8345432524f6e1062a6173b0

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\toolbarIcons.xml

Filesize
2KB

MD5
bc4b775a277672fc7edf956120576ecb

SHA1
fe7c2db5b4d4c5a3f5603cf56c4d71cc9ee2d71d

SHA256
4ec98de37193f41242c1a47507bcc4c1af555e71154f7354272bc3e664e19877

SHA512
f87dc3ce52831ee308fbfa2b1b94c07e2811e7028360f046e012f8ea5a8f0ebcd362de7a663dee810c3da0791474c1485b1a2626c7867e76236156b125ff39b2

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled.udl.xml

Filesize
6KB

MD5
672e6d5f89887666ec94711e442644e0

SHA1
8d069ae93347316eff0dcf7aff4d22da18a62af2

SHA256
b34fe6811dacfe49d77d434123867e866daf6e0e27387a0446887dabe8943f04

SHA512
8fc5e9bbe027826304fa6f329fb16e4c9e4e7a597d87e9c691ed6a9f505b7bc1967339b43c6426105432a030260b0654468ab8fcbb4312b2fb6ed6c6aa537edc

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled_DM.udl.xml

Filesize
6KB

MD5
3690cef1865e32fe6be1b2ec7656539a

SHA1
bc043bec63c310a60d9e242810036460c467945d

SHA256
e45e49f0895249d951df2c07e0f06ca1242e05c961dd921e5aa2781ae2e7ff25

SHA512
c2be869d96baec2018e13dcf5934dd9cf74146541e852cc2eedb4d83a8af23e2577cde7a0158fefaa11056416ff039df3a7725e320620193e9bfe72c8067c051

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\qq.apk\res\mipmap-xxxhdpi\app_icon_round.png

Filesize
58KB

MD5
a1c5388ecd48d0553fbab0bca24e0079

SHA1
58ce4637d7a816304fe7dd31c4fdf7ca88d27542

SHA256
cac3cc73a3b7b6f4af9cc78aba4ffbd6a2584cf4b935cf5255da49f50f711857

SHA512
e4de947a5235f5a8eca015a2530d6dd898e88ccf7c96879d79c1abe1163c1d9608d72d52d772b802ef4dd9daa99714664771115d2778e357dbebf53b37f5529c

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\qq.apk\smali\bitter\jnibridge\test.1

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.ini

Filesize
1KB

MD5
ca4401bc1565b8449cf37889c1271338

SHA1
2bed4bc48159590191645eec7485f8b91eb9f388

SHA256
0ec28e655c8b1e8ff16c03a4ba880cd79c429c0eb501395934d7be1df01bea55

SHA512
2b8ab800bf1e1a0afdf0085722f388aeba3ae7b97018bff5f779e012962018112a1a83c4107c922f642ab7d93eb4a5e1a55a7466933b2e78102345d38f733bd4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 438339.crdownload

Filesize
4.6MB

MD5
d401161afb56b8647202e031cec1ae78

SHA1
6eb7ed61ccdb0bd5018271a3ec24b63b913fc281

SHA256
81470eb5917705fa0df03181b8112422671842bdcec5252a7894975b38058c91

SHA512
01df1134b9f4d6bb44a8f23a9ba8191dbfb20ed1eb5f249331000955f6b340b1e3e3a6c0e237456a39a712f77d90fe85fc4b946832c88fe4617e45daea9c966b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 640608.crdownload

Filesize
20.8MB

MD5
1e005973da05e0682767b687e3501f58

SHA1
439cc1f781dd48f3a771eafec1fd1661f52b57a0

SHA256
6c5a7fb80b7a7c6433d69a6d2fd37fa4d42e97a9ca01b7ccaf4412d5f3c9aef6

SHA512
e5315da2609e163f2dd28976f4295ff081a1069256d901c368042342ffbe1cb6be1ad205fa45b8fbe28ea73c7200c039b06e0c4efd53cef55bf05048c3340885

Download Submit
C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSI2880.tmp

Filesize
244KB

MD5
60e8c139e673b9eb49dc83718278bc88

SHA1
00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

SHA256
b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

SHA512
ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

Download Submit
C:\Windows\Installer\MSI6414.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\e591c0e.msi

Filesize
26.2MB

MD5
9616c0869dffc30a2923a890d8b14a67

SHA1
174affdbc38a3c7fc15e48528c80e7168d228be0

SHA256
5b58566f0b0520d92aa9fbe75b75d6942bf1cf012d80c44d3af96ded3824c3d4

SHA512
d5252b4a86a674fcf460a65223dd3261816b6e7865f7b6c1f387b682090e8e6f92601e7b67cff57856b52c086add10e4d55189451ef26829f2a256ba621bcf24

Download Submit
C:\Windows\Installer\e591c1f.msi

Filesize
4.7MB

MD5
a9e3c7716c12c4137e7798386dc7b1f7

SHA1
83645f19a7cab29f798746cb35588e4c24a19ed0

SHA256
16aeddf4eb276de2c49c9f7e304b8d1fe3e423e42d90a9c92416f91dc0e95240

SHA512
28b010688ff10987d586c6827702e93881a2ea26100e5ac7ad4884ece0c539f52654f06468619461775797372b8a0a2fad72a3dabc7d135a55ff3896caeef0fb

Download Submit
C:\Windows\Installer\e591c3c.msi

Filesize
29.3MB

MD5
7f7a2c9903b501e6be319643903bd746

SHA1
a9701397d76ad81cb24ab9839c1f6a55fe6c53f8

SHA256
fc0dd518f516da1c1d23a7bf46872a36e2010fd34f5e1218d1bbc13982e5ce8f

SHA512
eacb67d3cb534bb87d34f57049592f164e26f3669317e0524e0ae784bb4414e63ffbde24d82a8971629c203e689a64e15631f62754feae1ad65718d772d660b2

Download Submit
C:\Windows\Installer\e591c4b.msi

Filesize
2.8MB

MD5
530cdc2131a73274841b3b252c4f25c5

SHA1
f94d26a2b5e25553f45606195e36602f99d9fd16

SHA256
6dbff1653d21d8a5abac7810e3633b19ff79c17c65b3ed923c956d94bae6911c

SHA512
bba32fc50ac3240f84f723610978c26ed721d9aa53120d0490c1c2c7a132afecae934a8d880af927ad0012e9d3bf3b51a74c84ff4995678fe317c351b6bc4121

Download Submit
C:\Windows\Installer\e591c96.msi

Filesize
9.8MB

MD5
95ef87ddde1ab91572fad2b265a1c0d7

SHA1
6ce9eec5c6dba24233f29cc790e7578e49ec6a73

SHA256
ad640d7c9a7acce17f117607b6bbff38d4d1bc4e90b8f08fe9541fcfc12f5ead

SHA512
30c796bac647b2999e354be1c4db0cf95958a97881030ced6631101c75fa6d4ddf3b60a3c40e92e61a78ad53bb8f2093786026ad857ec0a5c2365dd0e7210d5a

Download Submit
C:\Windows\Temp\{56EA83E4-4ACB-4293-A287-77EE9634846F}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{56EA83E4-4ACB-4293-A287-77EE9634846F}\.be\dotnet-sdk-8.0.302-win-x64.exe

Filesize
638KB

MD5
17d65c997840d353675b0a994998108d

SHA1
3bad1ce7d70b0858e0d15663c9bc20554e394986

SHA256
73566ff17c61e86a5b4665301e6c50f50fbd645ba5536a80a50424d209be3599

SHA512
cc367dc1a62379e0e50a0a67b6840debd049a4c20c029929795ad23bcb048b7194e0eedfa6fdad56b2f28d90ebb31616918f932f5b8a43bda24e11d62e7d7305

Download Submit
C:\Windows\Temp\{56EA83E4-4ACB-4293-A287-77EE9634846F}\windowsdesktop_targeting_pack_8.0.6_win_x64.msi

Filesize
3.7MB

MD5
3497d3c2eee3fa306123f21e9e0bfef9

SHA1
6ea031f3890cb2fc7c66c865acd33ef48532411a

SHA256
fb02994080471ff89ce238e279e86cde7180253cbb261886744d9e118916cb33

SHA512
bab4ae91fc2845fe058e8be728a46ce7192f261d70135ead064c86cae56aa1b59efd44b1299ed4de0b7b72da62ec5d1b7cf707070b4dbe8ef76852c92837a9e0

Download Submit
memory/892-8267-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8270-0x00000211C0990000-0x00000211C0991000-memory.dmp

Filesize
4KB

Download
memory/892-8266-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8264-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8265-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8291-0x00000211C0BE0000-0x00000211C0BE1000-memory.dmp

Filesize
4KB

Download
memory/892-8263-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8262-0x00000211C0D40000-0x00000211C0D41000-memory.dmp

Filesize
4KB

Download
memory/892-8261-0x00000211C0D40000-0x00000211C0D41000-memory.dmp

Filesize
4KB

Download
memory/892-8260-0x00000211C0D40000-0x00000211C0D41000-memory.dmp

Filesize
4KB

Download
memory/892-8259-0x00000211C0D40000-0x00000211C0D41000-memory.dmp

Filesize
4KB

Download
memory/892-8243-0x00000211B8750000-0x00000211B8760000-memory.dmp

Filesize
64KB

Download
memory/892-8289-0x00000211C0AD0000-0x00000211C0AD1000-memory.dmp

Filesize
4KB

Download
memory/892-8287-0x00000211C0AC0000-0x00000211C0AC1000-memory.dmp

Filesize
4KB

Download
memory/892-8276-0x00000211C0980000-0x00000211C0981000-memory.dmp

Filesize
4KB

Download
memory/892-8279-0x00000211C08C0000-0x00000211C08C1000-memory.dmp

Filesize
4KB

Download
memory/892-8273-0x00000211C0990000-0x00000211C0991000-memory.dmp

Filesize
4KB

Download
memory/892-8271-0x00000211C0980000-0x00000211C0981000-memory.dmp

Filesize
4KB

Download
memory/892-8290-0x00000211C0AD0000-0x00000211C0AD1000-memory.dmp

Filesize
4KB

Download
memory/892-8269-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8268-0x00000211C0D60000-0x00000211C0D61000-memory.dmp

Filesize
4KB

Download
memory/892-8227-0x00000211B8650000-0x00000211B8660000-memory.dmp

Filesize
64KB

Download
memory/2660-9268-0x000001D9FEFA0000-0x000001D9FEFA1000-memory.dmp

Filesize
4KB

Download
memory/2724-9246-0x0000027973640000-0x0000027973641000-memory.dmp

Filesize
4KB

Download
memory/2832-9221-0x0000022910030000-0x0000022910031000-memory.dmp

Filesize
4KB

Download
memory/2832-9219-0x0000022910030000-0x0000022910031000-memory.dmp

Filesize
4KB

Download
memory/3836-9235-0x000001C98F6C0000-0x000001C98F6C1000-memory.dmp

Filesize
4KB

Download
memory/3836-9232-0x000001C98F6C0000-0x000001C98F6C1000-memory.dmp

Filesize
4KB

Download
memory/4696-9257-0x0000023624AB0000-0x0000023624AB1000-memory.dmp

Filesize
4KB

Download
memory/4748-9280-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4748-9278-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4748-9094-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4748-10507-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4804-9208-0x000001C896770000-0x000001C896771000-memory.dmp

Filesize
4KB

Download