hxxps://download[.]visualstudio[.]microsoft[.]com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8[.]0[.]302-win-x64[.]exe

Analysis

max time kernel
1050s
max time network
440s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/10/2024, 17:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
4928	dotnet-sdk-8.0.302-win-x64.exe
876	dotnet-sdk-8.0.302-win-x64.exe
3144	dotnet-sdk-8.0.302-win-x64.exe
5324	dotnet.exe
5036	JavaSetup8u421.exe
4460	JavaSetup8u421.exe

Loads dropped DLL 64 IoCs

pid	Process
876	dotnet-sdk-8.0.302-win-x64.exe
2736	MsiExec.exe
2736	MsiExec.exe
4504	MsiExec.exe
4504	MsiExec.exe
2920	MsiExec.exe
2920	MsiExec.exe
2920	MsiExec.exe
2920	MsiExec.exe
1372	MsiExec.exe
1372	MsiExec.exe
5060	MsiExec.exe
5060	MsiExec.exe
4328	MsiExec.exe
4328	MsiExec.exe
2920	MsiExec.exe
2920	MsiExec.exe
1272	MsiExec.exe
3012	MsiExec.exe
3012	MsiExec.exe
768	MsiExec.exe
768	MsiExec.exe
3436	MsiExec.exe
220	MsiExec.exe
1424	MsiExec.exe
2076	MsiExec.exe
4196	MsiExec.exe
2764	MsiExec.exe
224	MsiExec.exe
1432	MsiExec.exe
3724	MsiExec.exe
3812	MsiExec.exe
3140	MsiExec.exe
1732	MsiExec.exe
3672	MsiExec.exe
4532	MsiExec.exe
4560	MsiExec.exe
1484	MsiExec.exe
5292	MsiExec.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe
5324	dotnet.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{edc38f90-e61a-4ce9-b8c2-759325351312} = "\"C:\\ProgramData\\Package Cache\\{edc38f90-e61a-4ce9-b8c2-759325351312}\\dotnet-sdk-8.0.302-win-x64.exe\" /burn.runonce"	dotnet-sdk-8.0.302-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Runtime.Numerics.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevel_6_default.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\PresentationFramework-SystemXml.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\analyzers\dotnet\roslyn4.4\cs\ru\Microsoft.Extensions.Logging.Generators.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\Newtonsoft.Json.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\zh-Hans\dotnet-watch.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\it\Microsoft.CodeCoverage.IO.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.AspNetCore.Authorization.Policy.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\cs\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\NuGet.Build.Tasks.Pack\Desktop\fr\NuGet.Build.Tasks.Pack.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\zh-Hant\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Extensions\zh-Hant\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\tr\Microsoft.TestPlatform.Utilities.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\minimumMSBuildVersion	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.Extensions.Primitives.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\ref\net8.0\System.Windows.Presentation.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\analyzers\dotnet\cs\zh-Hant\System.Windows.Forms.Analyzers.CSharp.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\pt-BR\NuGet.ProjectModel.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\Microsoft.Extensions.DependencyInjection.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\fr\NuGet.Packaging.Core.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\zh-Hant\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.Extensions.ObjectPool.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\mscordaccore.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\ru\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\pl\NuGet.Packaging.Core.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_7_default_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\build\Microsoft.SourceLink.GitHub.props	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Reflection.Metadata.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\FSharp\FSharp.Core.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Xml.XmlSerializer.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\zh-Hans\Microsoft.TestPlatform.Utilities.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft.Extensions.Options.ConfigurationExtensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\MSBuild.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\FSharp\Microsoft.FSharp.NetSdk.props	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\analyzers\dotnet\cs\Microsoft.Interop.LibraryImportGenerator.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\ref\net8.0\System.Threading.AccessControl.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelsecurity_5_minimum_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net472\ko\Microsoft.Deployment.DotNet.Releases.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitLab\tools\core\zh-Hant\Microsoft.SourceLink.GitLab.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Net.WebProxy.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Linq.Queryable.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\tr\Microsoft.DotNet.Cli.Utils.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\fr\Microsoft.CodeAnalysis.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net8.0\fr\Microsoft.DotNet.ApiCompatibility.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\Microsoft.Extensions.Options.ConfigurationExtensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\wpfgfx_cor3.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Mvc.Abstractions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.workload.mono.toolchain.current\8.0.6\localize\WorkloadManifest.pt-BR.json	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\ko\Microsoft.TemplateEngine.Core.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\es\Microsoft.CodeAnalysis.VisualBasic.Features.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net472\ja\Microsoft.Deployment.DotNet.Releases.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Xml.XPath.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Security.Cryptography.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-netcore\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.deps.json	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Extensions\it\Microsoft.VisualStudio.TestPlatform.Extensions.Trx.TestLogger.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Security.Principal.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\zh-Hant\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net472\Microsoft.Deployment.DotNet.Releases.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.Extensions.FileProviders.Abstractions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_8_minimum.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft.NET.Sdk.WorkloadMSBuildSdkResolver.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Linq.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\analyzers\dotnet\cs\de\Microsoft.Interop.SourceGeneration.resources.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e594a5b.msi	msiexec.exe
File created	C:\Windows\Installer\e594a97.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF551224A2D76D2B78.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795	msiexec.exe
File created	C:\Windows\SystemTemp\~DFABD4F9CAE177F66F.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE0E50FC9CADBF5FD.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF20DF99DEC884CA1.TMP	msiexec.exe
File created	C:\Windows\Installer\e594a69.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe	msiexec.exe
File created	C:\Windows\SystemTemp\~DFADBA38B466AE71E6.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3C89AFFC6874939B.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a88.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a8d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4E16.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAED1.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA0EF8417E81F025D.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC1BE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7E37.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a51.msi	msiexec.exe
File created	C:\Windows\Installer\e594a4b.msi	msiexec.exe
File created	C:\Windows\Installer\e594a7d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA93.tmp	msiexec.exe
File created	C:\Windows\Installer\e594a19.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI829D.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFCA4E3577207E8C63.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF913F7B121E83212.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF41E26B403E12E756.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5079.tmp	msiexec.exe
File created	C:\Windows\Installer\e594a29.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9399.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA70A.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{98927287-8779-447A-919E-73028D53F719}	msiexec.exe
File created	C:\Windows\Installer\e594a73.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC6D0.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF84B2F631F530D0A5.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF04F4F6DB06FA1920.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a6f.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF761E233C24AECEEC.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6119.tmp	msiexec.exe
File created	C:\Windows\Installer\e594a55.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA8F0.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF08100B564732DCF5.TMP	msiexec.exe
File created	C:\Windows\Installer\e594a91.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF54BDB93A0D77434.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2F907B90813553E8.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6BF59E75-BE05-4C69-9C48-3532B6DE0EC5}	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0EF5DD4D-EC49-4AE7-8C9A-F64FF8B3EA58}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0194EB7579D4DC73.TMP	msiexec.exe
File created	C:\Windows\Installer\e594a4c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFAD343A130AAF410C.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF79F3CE00D21CF5D8.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB59B511638A9888A.TMP	msiexec.exe
File created	C:\Windows\Installer\e594a8c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a92.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2832CA13-6850-440C-9839-16B2D01909F7}	msiexec.exe
File created	C:\Windows\Installer\e594a18.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB3E6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a97.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9436.tmp	msiexec.exe
File created	C:\Windows\Installer\e594a5f.msi	msiexec.exe
File created	C:\Windows\Installer\e594a33.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}	msiexec.exe
File opened for modification	C:\Windows\Installer\e594a0f.msi	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\JavaSetup8u421.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JavaSetup8u421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JavaSetup8u421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 57 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C6A4C95452E91842B45B0F41F7774BE\PackageCode = "67389D2E5CE25074D99EA01219B0B19A"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_targeting_pack_64.24.15241_x64\ = "{57F33504-26E0-400A-88BF-08DE38F23925}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.6-servicing.24269.9	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.TargetingPack_x64_en_US.UTF-8,v8.0.6-servicing.24269.9\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64\Version = "17.0.8478"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\PackageName = "28c86dc0e8d71959057ea0317b3698a3-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC1DF4AA37FD7B40A39CF1AEFE31E38\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC1DF4AA37FD7B40A39CF1AEFE31E38\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64\ = "{976580F3-B710-4C76-8D12-EB1905833370}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\40533F750E62A00488FB80ED832F9352\PackageCode = "8A9CE5ADD0574C445829BEE4F5856578"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B78A30BB69F4FE44FACAF3D2F9C9DEAE\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D45436A831E8410428F1FD1A80E21C38\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D45436A831E8410428F1FD1A80E21C38\Version = "1075329887"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF1DDEAE67888DF4896AA34F93884741	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64_arm64\ = "{854B6E23-DB23-4469-94B2-24BC3BDCA96E}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.24.15241_x64	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\40533F750E62A00488FB80ED832F9352\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,8.0.100,34.0.43,x64\Version = "34.0.43"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AD4B97EC44D3D394E8CDC9AA4DC6D7FE\F_RegistryKeys	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\SourceList\PackageName = "d97ba7bc692c3aa9a96c291f6e2efe41-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\79CA3E6CD0495E64C853402947130D80	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net6,8.0.100,8.0.6,x64	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C6A4C95452E91842B45B0F41F7774BE\Version = "1075329887"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AC771D963AA520D559EF532BA65064E6\32E6B45832BD9644492B42CBB3CD9AE6	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64\DisplayName = "Microsoft.NET.Sdk.iOS.Manifest-8.0.100 (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\SourceList\PackageName = "24bb901c0e890ef24f6b95928cd093a1-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8E99F865D2F97D840AD56DC415B2A3DF\F_DependencyProvider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.Current,8.0.100,8.0.6,x64\ = "{CE79B4DA-3D44-493D-8EDC-9CAAD46C7DEF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.Current,8.0.100,8.0.6,x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_64.24.15199_x64	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF1DDEAE67888DF4896AA34F93884741\Version = "1075329887"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D881F2EC0135A4B72CA89D27FD72F577	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF1DDEAE67888DF4896AA34F93884741\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\306051AD8B00B0139BD0579A2D71805E	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3F085679017B67C4D821BE9150383307	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\InstanceType = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\40533F750E62A00488FB80ED832F9352\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27418C6A24027FE498953A9429677C84\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A6C81472-2042-4EF7-8959-A3499276C748}v32.9.36482\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBECEB62ED1345840B91B98BBEBFDB1F\F_RegistryKeys	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64\Version = "64.24.15199"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27418C6A24027FE498953A9429677C84\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\PackageCode = "A38AA39B192130A419C297BDFF571F27"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DB9E09EB14A57123299C1CD44F7E035F\0D6FE611E8EAD6E40B8DFE1F54DC54AD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.24.15199_x64	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\11D7DF398422FD84489AF8664EE54371\F_PackageContents	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E7A4BA400815AFE64F4BF07AF87EA94D\31AC23820586C0448993612B0D91907F	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{edc38f90-e61a-4ce9-b8c2-759325351312}\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\32E6B45832BD9644492B42CBB3CD9AE6\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27418C6A24027FE498953A9429677C84\Language = "1033"	msiexec.exe

NTFS ADS 11 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\pulls.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 141722.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\JavaSetup8u421.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 546439.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ape MayHammer.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\pulls (1).htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
2316	msedge.exe
2316	msedge.exe
3052	msedge.exe
3052	msedge.exe
3328	identity_helper.exe
3328	identity_helper.exe
4772	msedge.exe
4772	msedge.exe
768	msedge.exe
768	msedge.exe
332	msiexec.exe
332	msiexec.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe
332	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	332	msiexec.exe
Token: SeCreateTokenPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLockMemoryPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeMachineAccountPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTcbPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTakeOwnershipPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLoadDriverPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemProfilePrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemtimePrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeProfSingleProcessPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncBasePriorityPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePagefilePrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePermanentPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeBackupPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeShutdownPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeDebugPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAuditPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemEnvironmentPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeChangeNotifyPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRemoteShutdownPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeUndockPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSyncAgentPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeEnableDelegationPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeManageVolumePrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeImpersonatePrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreateGlobalPrivilege	3144	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe
Token: SeRestorePrivilege	332	msiexec.exe
Token: SeTakeOwnershipPrivilege	332	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4460	JavaSetup8u421.exe
4460	JavaSetup8u421.exe
4460	JavaSetup8u421.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3084	2316	msedge.exe	78
PID 2316 wrote to memory of 3084	2316	msedge.exe	78
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 3276	2316	msedge.exe	79
PID 2316 wrote to memory of 4016	2316	msedge.exe	80
PID 2316 wrote to memory of 4016	2316	msedge.exe	80
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81
PID 2316 wrote to memory of 1604	2316	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef49e3cb8,0x7ffef49e3cc8,0x7ffef49e3cd8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7280 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe
  "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4928
- - C:\Windows\Temp\{E7760788-12D5-4B2B-9145-09D23837B0AB}\.cr\dotnet-sdk-8.0.302-win-x64.exe
    "C:\Windows\Temp\{E7760788-12D5-4B2B-9145-09D23837B0AB}\.cr\dotnet-sdk-8.0.302-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:876
  - - C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\.be\dotnet-sdk-8.0.302-win-x64.exe
      "C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\.be\dotnet-sdk-8.0.302-win-x64.exe" -q -burn.elevated BurnPipe.{FCF33558-77DA-4C40-9202-EFB2DD569CEB} {0CE42809-9CBF-4F8F-945C-479867B721E7} 876
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4392 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1928 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7608 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4756
- C:\Users\Admin\Downloads\JavaSetup8u421.exe
  "C:\Users\Admin\Downloads\JavaSetup8u421.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5036
- - C:\Users\Admin\AppData\Local\Temp\jds240887484.tmp\JavaSetup8u421.exe
    "C:\Users\Admin\AppData\Local\Temp\jds240887484.tmp\JavaSetup8u421.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8200 /prefetch:8
  2⤵
  - NTFS ADS
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7488 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17170802196859737687,10544331511733977230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
  2⤵
  PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:332
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 76BB1B7F1D883EDC8D78B066539FF36D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2736
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CFDA8B0429AFC028801D2933841627C7
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4504
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B12D6AB7D7A82A706C292A2DBFAC2CF0
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8346785E2829C57DA02ED4F229ED31DB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1372
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BDB38A68C191E8CBF0B7D0236D86CBF9
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5060
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D054EA8F8E34913287C4F29F1DC1E901
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4328
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 806BF9B0F6475A4B52147678BDF3E1EB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E209ABB5E09E9F5EE790A8D8260E8CB2
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2B3BE798FCBED2A28E934317228F08B9
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3012
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 382E81ED1CA57B6AC014FC4AD58EC55D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:768
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2DBA677F6FAF68938004A1E79D2D1126
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3436
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D2BB978A12675EDAE36F35C983204DA9
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:220
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EFEFEE8829F523CE053F3541ADD41DEB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1424
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B7A140B54CB68A905A55C6A1995317BF
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5B1FF229D478ABB18C7C784A5B40EB1F
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4196
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3259E01FC071F2E622154F2DA2C7F2EA
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2764
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8D339429E198BAFD4D62353F49AFC10B
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:224
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 40A3A180BB1EE5E747C80028289F2453
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1432
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0CF2BC785FEE4FF31C367D431DC16A9E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3724
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 606CF65C4902030D917A94466E995F83
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3812
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1BAC6B569CB0A1491089DF8460CA6B4E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3140
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AE8915E346039116EEE915BCD6101B18
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1732
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1030F6857D80F9031A8E26D1E7E6E05B
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3672
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0E6D7CD85690C5A2FB25251DF2505F75
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4532
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BFFC0A61F837AB9C763B5183CA82795A
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4560
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 29101A0A83678A7EE06FC4DF2E94EF8D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1484
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6F5A53437FF88335BECD1D2AC9E8C15B E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5292
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.302\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5324
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5512
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5516
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5720
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5740
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5888
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 999717D908B7DDC50D0B45360410049F
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e594a12.rbs

Filesize
47KB

MD5
4d34151588755e70700dfcf0dcbc5e8d

SHA1
7d8ca075c90cdf9dba4b5d9df2c73619a94df874

SHA256
0cfbfb31e8fbb76202e9464a7a2b3389dfa604be9f919074a19408aeac089756

SHA512
99679d00c5f17fda5a3b23efb8ba07efe07b9b3f2c92873a6b77974afcb0bbfb4a71c42326448698a300859fddc533f45d0ad7b2f8c74cb63addcf7b05e9d7b9

Download Submit
C:\Config.Msi\e594a17.rbs

Filesize
9KB

MD5
88d9daf33651c45415d1963314e8459b

SHA1
c7b241102c278fdd6e9fd76239ab9d891563abf6

SHA256
1f7272b181860520b0c302ec5fce87f16a20dfa4834f817fadeda1ad55967b19

SHA512
5d79c8d524bf7e1f62150f69ddd9aa8c540d049bf3bc7ff47a3fca5ac590735613c967df77c9b4de5f4b12618c685ac0b2be3cf0325a77f9d26f984d5c000fa4

Download Submit
C:\Config.Msi\e594a1c.rbs

Filesize
11KB

MD5
bea5cb29322301981cd24dee069aa527

SHA1
77e5e56db2aa9403b6111a3c1998093d52ed5eef

SHA256
adae096d231682cf9b6dbbd0db95090f71b5b8c17d7ff01571c1a6276b4c810a

SHA512
c1aeb61d09cf938f9b009c8213b66f99618582e6b55280bfc3322a23fcecaaab2e4b55e3e4beb48fd990167d182d3547837073d0a9fb80af9b5e120d457b905a

Download Submit
C:\Config.Msi\e594a21.rbs

Filesize
8KB

MD5
23693c9945946e507fa02ee80df08ec8

SHA1
5e9c1190581633b5a83cebdf2f3744155b299a8c

SHA256
7077dd97af1ad27d313404a2a368a06b46f089c56c6642c49fc201fe38c9a875

SHA512
ef5ac5c6ac626c7f1632cbd3a06edd378438e96138e78cd66b29ef1bff8c73097bd65558afa87e8b340fad218c2825310eb816773dc21d046dbc482ecaf1ceff

Download Submit
C:\Config.Msi\e594a22.rbf

Filesize
143KB

MD5
33b4c87f18b4c49114d7a8980241657a

SHA1
254c67b915e45ad8584434a4af5e06ca730baa3b

SHA256
587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

SHA512
42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

Download Submit
C:\Config.Msi\e594a23.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Config.Msi\e594a27.rbs

Filesize
93KB

MD5
12ae383d26e315a1b99d6028e90a19c5

SHA1
bdbc4873696f6fe90fb3176394317f1ccbf8a2d5

SHA256
b5addc973006dc838f8fd2fd9f50ecc5945c696fef4ce7ffb947161695960fef

SHA512
e1f8c320e248ebf07e753789b6c4c0cce4cd2aa5fae716a45c0141cc8e5d32ae0690413f3b037d6492adcc91b16e7ccf0b3d51fbbd13fe29e31fa411a3f5f866

Download Submit
C:\Config.Msi\e594a2c.rbs

Filesize
11KB

MD5
67432916b3622b9680cd46651e4b8d31

SHA1
8e8709e3cb4911251ac1dca48a81ff699a3ee7c2

SHA256
d87af8dfa50272631495cc4bf4a3efda8fb5583dd36c255d2ad4e5b56cca06a5

SHA512
aeafbf43eb5ba152cacc71694beb0f245da6acb7c9080830d1ee13c4e51d6b8b5e8e3101948cca363e092306ed2f85f36851e90d854115f94291f0059780d586

Download Submit
C:\Config.Msi\e594a31.rbs

Filesize
11KB

MD5
0255d093221c7af0613d68fb9609802f

SHA1
b326477a9c28950eeb99d51f95828cbcd41aafb1

SHA256
a338b3ce3e5efd2b654617123a125593658066dbbf53756e98d04953e77a79cf

SHA512
765022d4687e7b93dbe0f491908280642d6d254d0e09c3f8a2dda954026ed1926a1da628042b76564cdb94c7d43e92b3966497877ea0d8a2d78de21a43e32c2e

Download Submit
C:\Config.Msi\e594a36.rbs

Filesize
11KB

MD5
152adac2df3b070fc0709bab44a31716

SHA1
30fe15f8cb3ddf648111cb27d0c9245151ea9de1

SHA256
88561cead4871ece3705b4b64ec826f77dbe60c76d1be310e66f381841194b17

SHA512
15bfaf3f4ef34e65dbe675658c872997fa098644016b14b617bbb042a697555342107e723a6a109839c476416f7b341fc6cc16e45ba874f9e41c7e871d6545ee

Download Submit
C:\Config.Msi\e594a3b.rbs

Filesize
35KB

MD5
ed7f05c00229f4fe4bc3a1d7bcde7138

SHA1
0f021cdc4d710f9f8f71a7aaea196c0b2ac499e0

SHA256
32f34389477bb1983cda5fc16269b8c7c85361ceae22d5ae1a7ee2bd6c3f974e

SHA512
57f0818fb1fcfea1673967d5adea456a4a300bbb4cf184fe735421e9a1bce5e4e379de8d3bbe67612105d23a8d69238636b0baa8bfce330ba1b29300baef9a0e

Download Submit
C:\Config.Msi\e594a40.rbs

Filesize
87KB

MD5
6145bea5baef6f2c746d306f1e99914b

SHA1
60315b37dc98d358085e4fc4dbaecc0aca3bc5a3

SHA256
8441d42b2f4580fe74fc9e7d86c982d5886ac4613df9db8ae73b59ffa8542d9b

SHA512
c27e448c97546093b6117fcd3c447da88b0e1a8fb3a041f4a1af691785179fa0ec1bec21fa32dbdc31be53596d5018bcf080d6a4d9e884e063034bf45b054cde

Download Submit
C:\Config.Msi\e594a45.rbs

Filesize
40KB

MD5
d618141d945ace1729d101a3ccbf3c25

SHA1
6638b67e611ac3fb606c6ffe54cf4c01c0e0496d

SHA256
a8003984bfdacc6ac0a06648f787b218f52276f2ed526033637985394ce38998

SHA512
d8d4053621e620fae2ebb461c9673d0688bddfe785bdce829923719248b68cb7de63bde10688ed249d9f6d7847ce678084043bf8bb86537e56d371bf4b586ed2

Download Submit
C:\Config.Msi\e594a4a.rbs

Filesize
92KB

MD5
ec30bb28a993448420b5a841b104a202

SHA1
4f07b9139ef69de3404fe07320833fea83c1bf26

SHA256
5b533428bfdad4125ded863bd41cf1e99a2f7451f99a2e91e054010deb742289

SHA512
6391409620b186e54925e842aaa17e947a8faadd87ded433ee2ca5c76cc06e3cc0efde9363c11f9a8dd87dc89625d2c18e0f57cbb6b310d2a1cd68a1200f2485

Download Submit
C:\Config.Msi\e594a4f.rbs

Filesize
9KB

MD5
c12610c2a78857030f377303c14d58c6

SHA1
6d54dc64b06d0cf28db45ddcc7b9992a47b833f2

SHA256
f10161ad76a357d36eacfa36909f045b3f923e6bc0b561ad1327006a92a80bc3

SHA512
5ee7eb3327b3964298f167f9cb70e31275a269999107911c2d3ee53a90993c557c53a50679d4ee203a6f408a5a60fdc3187cee832a6bc478656310f766eda6ea

Download Submit
C:\Config.Msi\e594a54.rbs

Filesize
8KB

MD5
0a1c5e360286c6162703db827f595a99

SHA1
201f0cc2ebbf4554145c548f500aafc0c98720fc

SHA256
c216dd88efa1baf7ef72224f7a036df40a742c712aaa8b429a98e263fcba1f71

SHA512
dd5383d16e4cccb1606da417aba559e723785e0aa6a0ee81092bc7ad2378a2ec81a101e972ea08c359056815c7570bc43c7b5da3a67003214049c52633853296

Download Submit
C:\Config.Msi\e594a59.rbs

Filesize
8KB

MD5
300a57c592c636066a7797a50d103871

SHA1
dbbff681cf87c7cdbe20708eed4799e94edd6907

SHA256
c516e1f7408bf834b2ba7fe9845b44b45d185e463505fcb2b0d6693cb874279c

SHA512
7c419b72d7269747fd095743f15536bf9d2841fe3c75e2d30cafc253d07b3749da4d467f38f5052abe26ad7bdcdfb5f2b67cc3f1b1cb466ff7ac0ef309a69e1a

Download Submit
C:\Config.Msi\e594a5e.rbs

Filesize
9KB

MD5
d1dc35cc8ac538046fc613b5aad8ab76

SHA1
71aff555169c776dd52a2d822d3c908c46bdde04

SHA256
e5b688e2590672da7b2319959499596ee901af47ae4ac4d28c4cc56998a793f3

SHA512
ea04c11c12edddd85028391d4bfb645501481f228d93f4d187ad20ac12b9b28b91f87dfce73c9d8717ec155eb841d13eaf1bdfe3818e02172f602075d4061a68

Download Submit
C:\Config.Msi\e594a63.rbs

Filesize
8KB

MD5
a89277e437310a969422591de8a8f60b

SHA1
f6e246f11b5fb0db57599d9c189e18acb773b7f9

SHA256
426c046c9ec4374c590048f8413c9ec071f6e444d44e70b2b29f362dca887ecc

SHA512
51b14947c08913338691e7b54602fe300786094957065d1f03490a569bc29920c029eb6a5d0dc08b1e397171b0445dc872f3d50aeb7c1975cc0d07ebb294d7f7

Download Submit
C:\Config.Msi\e594a68.rbs

Filesize
8KB

MD5
6b5679b02b490d9e57b14a959a97d22f

SHA1
7a98896cfa933ad07998d57bdb2341f20cf144fb

SHA256
433afcaac0a5b832e703f7afcdb7ea3850f4750c090565b953bd902d9637aee8

SHA512
25a0e973272d260a6e86c48a357ea34839242519fb12cadfbd311590e7d7074b5d02655dfe1e6e20d8ac6fb04608d4b911964a411e8bc30f7460943e36fc4297

Download Submit
C:\Config.Msi\e594a6d.rbs

Filesize
8KB

MD5
a30ad19ae60964aad4fec962f0f0630f

SHA1
362bf429c27a9fe1134d94d0af25d8a3bd366dd0

SHA256
f8dad4da7af9f358f8ea34c249b290f998dfdd19a71c6ce14c1d31cf7d872b73

SHA512
29230688297fe74a9242403b33d59c89f8eef3d8a8b006e2dc40e996cfaf4505b098eab3808debb0cbbfa22a0e9bd5401fe7edef08dd05bc75ef0539f698d6be

Download Submit
C:\Config.Msi\e594a72.rbs

Filesize
14KB

MD5
536fe7dccf7d12874869beb60b40628c

SHA1
018946148285c419ae9eab77ede6ae6b535c3de2

SHA256
f96dd7a3da0d66af3d226b85762ce9f78d9de86d2de0667cb06742e8ed3067e6

SHA512
f9837c9ab3fefa40f13495e6fb2c9c1e7f140b6a794a65f831d22cf1d4d1f2c890c491630de4f8e728c0dea26b70615a6520f1d69c7a8c78d9adf1d16c1ef18d

Download Submit
C:\Config.Msi\e594a77.rbs

Filesize
10KB

MD5
ffd5c230549b67d826ef2d0a702656b4

SHA1
742e2353ab9da91f6262ea220ea2474936d4b089

SHA256
ca11dbd37c9cfd63f85e7848738d65055743b687da6167eb69aabbace5fec9f4

SHA512
74af6bcb96a420f0d5b2310be1d9b58fb604a8d9f77088fef52480bff6fe18bd376c5dcb4a61c8b07f893a6fbcef5ee2abf4a0961315ac5d19678d9478de4934

Download Submit
C:\Config.Msi\e594a7c.rbs

Filesize
10KB

MD5
dce5fc123a7a745c1cc6f0f3a783ea29

SHA1
383adea9b1cf56e8572a172b0365791f5ab342d3

SHA256
45154e3f1e1063098d042c0d90493a335da8c4924555b281d9b530eeaa550157

SHA512
ce182308c12bf163469c529a467ccc00759856bb4db412b0505110ca8d792d2a3cdbaf9c8a9ade24acea6faf52456f1e6120dde7a867c160cd1fb9fc0dd2c75c

Download Submit
C:\Config.Msi\e594a81.rbs

Filesize
10KB

MD5
ab2c28b8c2cb22b88b4fa1dd43dcdbeb

SHA1
13a297f7a6c682a086aa28c6e0f90f8f5ed76758

SHA256
bdcd68161214143ff4488f9c7a128a25efe72434f2ab6673d6a17b2eddfe53d4

SHA512
5f6a7807059ce75d42043447679c5ef97511ff4fca9231a977a1141346d376d5179d6581e7a732151e382a9a572f9ab24f8f2fa4ef0a4347595be44489970bef

Download Submit
C:\Config.Msi\e594a86.rbs

Filesize
13KB

MD5
ddbb559df2da9358ca5afe23a5c45f15

SHA1
567ecb3f1a82f289856c3e8b62cfe6ebada50992

SHA256
39c63ef25adc3af11cdcc9fa7d39765ab8656904a8d6e99e9dcc21a6b484c70c

SHA512
b4ef62a1fdc6eb9694db0d76d45a6d50a78b601cad80f6d8c5d3e2eac44c6b3c3abcd3c6f523d497239ee0fc8b05e73b2793da1a930eb1ec1a9373f77b82b67c

Download Submit
C:\Config.Msi\e594a8b.rbs

Filesize
13KB

MD5
240b7f34c9321d522a0b9438c3af4b59

SHA1
f5eaf5538649c555bbf7db6571d8df04e4851e15

SHA256
b4e5599a22f20355fd73e804c8819858375ae2914bf044baa07e818722110978

SHA512
0915514a79ba41aeeff47e461eed2c0596ddeb1b113c2c9cce422afd8ac69b5bbd9a65d684f326aa8eeecc004292667adbdd17dd483cef78201fd84228afc000

Download Submit
C:\Config.Msi\e594a90.rbs

Filesize
9KB

MD5
4e8fbfa53cf8ec25a9195c827bef6494

SHA1
34519023f353c600464aa9286ff436801ebf84f3

SHA256
8f451037cc215c7c5dd818c608d9d5bce72f92443117c732ea5224236380cb3e

SHA512
e95812a33c63578ba9ef53cef091f83b458d7c67a75f2cdf460087b723bc2de4934aa8afa56bec99951071ea4d42632eb0165b13b62f14b6402bad91b4e8357b

Download Submit
C:\Config.Msi\e594a95.rbs

Filesize
1.0MB

MD5
0a612532febce2dd504cdac0bb0aadd7

SHA1
89a39cb08f79a88b375a2e66e5470cf09a18fca0

SHA256
e761fb020c056ed2444ce7caafb792eeba95a35508b5aac1059c8ae0e5eb7e27

SHA512
7331b0c55d521daa4adbfb439596a072ed893616cd7598a4d8d7a136f3ee7cac99c2b1e82daac50b5fdfb1731c27098d556b1ee902d8de71d193953a4ebf7fc0

Download Submit
C:\Config.Msi\e594a9a.rbs

Filesize
40KB

MD5
3e06df789f16bddcab69743e54c3084c

SHA1
711f257cfd8d9a6260e448797227e40dee46e7ba

SHA256
3794bff45ec8bb0068ef34a179740b0c8a99ab179e6b277eb343562cfa14d360

SHA512
c0bb9085ce7d3c957162a1d3af232a64c28a5ffff818c29e009f581f9b3f26c1d880e82dbebe3ae934766806c7413e37b797eb08edcf8365856535627b6cebfd

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
143KB

MD5
4209ac83bdc20a053470a48c3ce2719c

SHA1
9e8608f8a6cc1ee04f350f66b16f3481e81e9262

SHA256
c6e330c1e3895deab7b47b725822a4453e50dd0b79a148dceaf8ba3a749f8412

SHA512
944aabf043890cf92a05ba6641d77c8289639f0aab802f9d8c8a73fc18d8a94529a86ae1ec0ad70af3158cb6cf72835370d5695dd8ed7d42987af244521a164d

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\fr\System.CommandLine.resources.dll

Filesize
19KB

MD5
aa8eeb801d74a4e562fd8c044e03fa8c

SHA1
8653841bd62dc74f605f608ed8f354dd692faaa2

SHA256
7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b

SHA512
388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\zh-Hant\System.CommandLine.resources.dll

Filesize
18KB

MD5
9101e8227a7ab83cafd27e4ec222ba10

SHA1
3a80807f7cd695bd9258eaaadf8b2d7dccefc125

SHA256
8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e

SHA512
e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\it\System.CommandLine.resources.dll

Filesize
19KB

MD5
4e92ced559ff6f26d238fc5393dab39f

SHA1
400983302371c5a7ba38e3dba8fbc4c5f8192018

SHA256
37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471

SHA512
0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\ja\System.CommandLine.resources.dll

Filesize
19KB

MD5
5d26652b0f420ca6ba2bfa00b84eea38

SHA1
8dc1d2a7cb6b857344c120544f842fccdaa97e79

SHA256
654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c

SHA512
5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\pt-BR\System.CommandLine.resources.dll

Filesize
18KB

MD5
c7f0f7e0a7562225d7b60b88459bde92

SHA1
96c432044ecf7d346e09c6c46f5ca163396d97f8

SHA256
516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353

SHA512
05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\tr\System.CommandLine.resources.dll

Filesize
18KB

MD5
c9c8df325a05d227bc32a5d854713c4a

SHA1
cf9ea69ccebd1ef0bd46beff01254a02c5fb0131

SHA256
7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf

SHA512
fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\de\System.CommandLine.resources.dll

Filesize
18KB

MD5
e771e643a2f47b5d527aa4dd1e857aed

SHA1
ddb6ebbdc354122989c67ed9cc2555da640b16e5

SHA256
8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15

SHA512
14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

Filesize
19KB

MD5
ea1fc85ccabec5aa1ae22452afbafac1

SHA1
8ea9da27d9335f80c76867837688218b78311148

SHA256
f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483

SHA512
42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

Filesize
18KB

MD5
3f14df8e4be6100673090c43eb3c3476

SHA1
61c1e35aeb6cb477077416f050c344fb18f5f87b

SHA256
09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2

SHA512
7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\zh-Hans\System.CommandLine.resources.dll

Filesize
18KB

MD5
c182eebde556be386ca5b656974993fa

SHA1
864aab5c6e71bc3537612c2541e7737d02e6f4c0

SHA256
d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd

SHA512
3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-user-secrets\8.0.6-servicing.24269.9\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json

Filesize
340B

MD5
db8f50afa10272bdd9c658a08ee151f6

SHA1
be0fb5b4d6a013e2a9f024a11a2e87e827bf6ea7

SHA256
9930b35481aeac719b7c7e90c5a3b55019be2017f11b0a1e83b4b3199f67e368

SHA512
4f237d5c266101e6f58073767bf02642f035271cb960297c693ab79a94792cf0a0f8364035c7a210ead4529976bd8634d11b7a9ef04f48a05ed8bb2225729d30

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Numerics.Vectors.dll

Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\cs\System.CommandLine.resources.dll

Filesize
18KB

MD5
2f679e46823cf54660405eda0dbf0842

SHA1
29fdcbd753e36022b6308425dad9323e5f3472fb

SHA256
6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf

SHA512
f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\System.CommandLine.resources.dll

Filesize
19KB

MD5
7717b3eae55b3ec74f40699c1b9896c0

SHA1
1483166af6059633de2e20545bc3f3cb6f035304

SHA256
8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02

SHA512
c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
ff34978b62d5e0be84a895d9c30f99ae

SHA1
74dc07a8cccee0ca3bf5cf64320230ca1a37ad85

SHA256
80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc

SHA512
7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Encodings.Web.dll

Filesize
77KB

MD5
fa9d0d182c63c49a4c567f7c1652b6e6

SHA1
55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc

SHA256
e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84

SHA512
58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll

Filesize
627KB

MD5
63f1d0b53ce47b0ac3216281c8bcaf24

SHA1
090cb7392ed07a94d237b5aa2175689faaf49b7b

SHA256
de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb

SHA512
386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.ValueTuple.dll

Filesize
24KB

MD5
23ee4302e85013a1eb4324c414d561d5

SHA1
d1664731719e85aad7a2273685d77feb0204ec98

SHA256
e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

SHA512
6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.props

Filesize
295B

MD5
a5dcc9e5bf323d748b26652e11956905

SHA1
7f8c7a2523d1f4600e0f8bf347d10564cef36780

SHA256
2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c

SHA512
79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets

Filesize
297B

MD5
5725a6d47308db618d015c3e55dd499c

SHA1
9b3e1ac8d62d522505f57fee89a249ac33325edd

SHA256
61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1

SHA512
ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\testhost.net472.exe.config

Filesize
4KB

MD5
a22cdd3374234d3a50c2ace2dc33a63f

SHA1
d71bb2417cb805c3da21ebcc0e1ae5a102823c9b

SHA256
b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874

SHA512
71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\es\System.CommandLine.resources.dll

Filesize
19KB

MD5
79e57433e70b5a0a300303dfc5d759b4

SHA1
cfe5862964f3b389cbac01e157e9ade0031e45ef

SHA256
b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8

SHA512
8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

Download Submit
C:\Users\Admin\.dotnet\TelemetryStorageService\20241005172435_4ed528b134ce4c6f995235b3b7db7663.trn

Filesize
988B

MD5
93117a1d237c93f4f321af920c9cfae0

SHA1
99426113e698e1de7c42d0b51d4c4544c8f025b2

SHA256
5a3c1dab5fd4c9f082dbac1f9f8220dc2ab3645d4173223e259bee5f30df18fc

SHA512
3dc959c7f0a8f38416ae0a7535cc7f5b446294d7328ada1961eaa14352e2b77f2e32fe372e4c7637d8435ff4b7c9c7a472aea046eb7d527f8022ff854cf46184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
2.3MB

MD5
1d8060e1141d99a121ee491dd3120d5a

SHA1
6a341d7d7ee1b913c2baf18cd9b50debccc6a336

SHA256
e924ff6d5a50e9396a6ad943027ae55c6c9355558b6bdc7d0b2bead0daf88c1e

SHA512
24817b2a4832ca9255e2de59114ef1cc6413cf4fdcba7fb847c1d50df9aab33a6d6fbb6e600254bb4219037e33f442099ce94f3453f0ac821302112f19e47a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
50c8ce2ad0607e7636da249ec9beb43b

SHA1
413327bdee5859a8e44bb22061aef0704a91bbd4

SHA256
79d1af78009fc7f3afae03c23ef1bdf2d8bd36e20c7a79c0f22284b31fac2846

SHA512
01836cc567a3d0bd5394113d773e1a8f7718d409819ad49edecb8ffa170b488cb581bbcd4297f1658e5f82f0dfc1d990c6fb239a958beb5a262bd6823b83a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aa592db1f87f8281c3ba8c5ab7409ec1

SHA1
e9084240bc9e0dcee6b4497d1f038e5a5f66c351

SHA256
a80f58a511eb5823bea72e4b809ad2e25b30ac50bb09bf766381674b63d83ff6

SHA512
4ca9dc34a6bee43770f819d14a8f931b47c8622f9f8777a6fa4024ec2055358bc009d841819d402292ba93953703e62ccc4800d3132df1d2eaedacba3cc0257f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
2811974e558315df93a5ec9b364c4e10

SHA1
f35666ab079e7b326e12c6463c13b3cf0084ae89

SHA256
2e52fc9fad78908ae943c1655f2ac4535553ce6fe31d863a769f8be6dd72c330

SHA512
37eb6af2fea27f41ad6837f12d3a6cdc09d3a5d86e1778d7da6873034f188b3d2b1480afbd835b1ae431450ecdc8c1b0049612d45ae2a2d03f7d5a87fe7aff87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4e35af82f48d38b0877c0cf2b6015c23

SHA1
7a4b4956924ffe12290ac0ba30e6c14912c008df

SHA256
9de1086b3c907a2a1caf2bfaa9f9030d3a7ac3ad50fcf1fbc0463962d6ee90a4

SHA512
4987b9542c54bea7c3a67a52bbad98c1df46663c1424fec5036309f1a9923e8ba23042ec75667c57eb817724114a53e728077ae64f3c839b287579b079476482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
85702a30e81032a616915b6f42e27e43

SHA1
ecce314f9ce04c0822c8e6d67d8c765ef17c1419

SHA256
b1107c1c56dd7e8d25c27829929da056472938e8958d7c346aca67af7623a7fb

SHA512
7b8ac98dd9db0e6d1d57842a4b6cee5bbb3bef8d6fa6b4c57fb76d951e453ee3d66407eefa7ddba9a355203a82ca613d13fa1e0808d81f1b40963eaf4d996aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
f6044ae4bf1dfb4c25aa938fe71f51e7

SHA1
a7116f26c52b5127cd04f3b7e6a26f515b2ee15c

SHA256
db83262a3f0288ce1bc43b2a36a9320748db8f0f96f755a49dddff78ae2e4ff4

SHA512
aedb046d0bd3cffba99dd4d6709c5bf186e909b0c7cede7f1f30bea0a10c0c512259ddcc2487fe62af25ec0eee8d0cd783e2b80bbc70932449964f4608de9786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
fb6cd191f0d07d4a94d682d95c4c4c00

SHA1
d1ed35a7b7a358abfa1910f946a2d8429a9fdc4f

SHA256
9028e1e7467d9337df37b9118d722a7124b9c87208d2e71bc3733c4a9fc00255

SHA512
3776cf068741410c9262cce19a746e35f665073ff5defd97badf0a712bae84a16b78d0ca7eda11dade68e472bf8a76dde75e6fbf039609fd19a8f4dbf35b0ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
857B

MD5
b85bf88eff04f0ef4e48ba3aeaec9c7e

SHA1
c4ee41ecc3e2baa99344dc53b1e737ac9b363f4e

SHA256
446be787fa97b015761693f87a5ca28d6178a3ab3f61b3058a571a9a451dc682

SHA512
1bf4b0a7b6569ed261c0f74590be18b515754f18370181db8fdd8cb792d9c5f83f1c54cefb575e0330af1b40acdb8f34bb29c223e3fadb94559e64fbac8160e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
dcf39e64f4ac8c8263c52772da1cfbf2

SHA1
6fd3b76066222395d38aa4fd6fd44def6b1096a6

SHA256
9b736f67a3cc5c6375ab7860efb4ebd51b5b0f8644434d61a77c54af04e4ab1d

SHA512
2cc62c9f9d6ffafbdca633182e51356052291e2b4ee961c927b52261d8554ef468938ac3f2f4806505f713d7bcd5fd995e4bc0e63821789d0d7deccbd4a08a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a88e20618eebcb0c2b11c86db70e39a

SHA1
c02f071e2e00568d5e3091c603737f298fa1bdd9

SHA256
735da462b72bd74786c9f927fced0134f0bbf5c5eff1f54fc312da92fd740874

SHA512
9f5a6f73cdfc030cdf5ab4a43c30b7904bbccd829e832c69c53609c9b0d96620d78bc0c13949971fce1ad2066eaee58405f3fc05fdaa22930cc58aa1a9a50ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8395ec0fb4c7c5a5f2fdb3d1c85d3d66

SHA1
690b3cbf83b134a7f8d5d0a1f8fd0f562ee685d1

SHA256
012647e67ad6190f46e5a907a8cec4e34e12b2c3b67c7ad3ac4b07fbe87bc241

SHA512
2740fba9a7b481ab38a89d69290ce224479b2fd56a23707ebabd5f636185480ef910afd1403934c091998091fa75b0507ef402f73199594fa0840aaa70b5531c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
46066e6915a0bacf9e9bb0985fa7afbd

SHA1
f2e5abb45ba416fbe92a18edd0c19bdcb2ee5021

SHA256
fc4dcba6f8a9945a5c172a93ff31c1d34b1795301653c9bb7c6a49e6577823d2

SHA512
70ccc8a17c45e73759923b6d7e4439ecc6aae8ff5a9befa7ffaf2ff0270f8e6294cef78d5b8c91073c628bde2dbff2f9f1e84fbe5e2882e31d26a84c0f44b971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0d304225638876ad6423b8009249aec8

SHA1
c505c51d4165a600acd0510b6421df151271b38a

SHA256
ed0236c1d5de2b8be1b91ef310f2bce06694d37bc68cd8b04cf24cbe15389789

SHA512
42a1514c0dc963e9e23b4e8fabfac6953de8f3d22016176bb94b456de2050c2407721cc477c5d5c616ef70a787988b39c928ec339adc8c280a06051027264062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
287871964653cc7b22dc15455ccae2ad

SHA1
657e1f089d7916a38962b6c8b468d350f80d2f6a

SHA256
c52901eafa2befd75864c609073ebd29722b8d1e72462fa7c02f72431d9ac98a

SHA512
bddff25566c8b496566dc85e155f510da7073764b1cb34ee7fb03fb1f10c6296ab017a64222f39460de965b2ffc7c8cc7cedacdb37b98bfc538a3a4d40d86e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33171b59c84c283f34468a33c2a04eba

SHA1
a05b078da054eb4096c200ff3585d56c7c9814ff

SHA256
dae59a3cb84b0ad9077b9d532d0fbe555ce987f25ce09dd29bcf47fdbb48db8d

SHA512
f36e732e970a0a71973d2f186ec23297d35facdc67ecc0af7a1511b379428bf0c1017f74d05914c8dd72021753c50796135bf3943197b8f3490499d6e64bde80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
5e7360df767b1c5d64836ff7d7e5a765

SHA1
76bb8df2521bd3a961049d1fe342ba2d83f525ee

SHA256
9fb5e0e4c5bb9a258f94f7d40c7e49b5aace348e3d57f2eab33a73bf73825d6c

SHA512
05006fd785e8cd0f5a5340b08115e84db0fa4abd94c8e24b45b7ad1049f57d9f8684dc7ae72fa4b7a99f95c72f4ba0e8fa7b98b54b4181a919f652f9daca6ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4b15c32694d3f8455a6925a46dcafa82

SHA1
fa31f9ad58292cba687e3968894d2533b5fe5d72

SHA256
c29a6786a3d4608ddacaa4045cf8a227c60b8489df0ca4dfab409ff7c379fd8e

SHA512
9021b41c35ff614ced9833d9efc38dd6fca9a8feec1961d0d8d552de38a75a4d68de9f473a56f5e73fc28f21c6c7585565c6a8c6cbe9cce5c6bd08c77ebfbf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6afc7f4be3f82392866580fa29f4de91

SHA1
2426ab0ee1712dc8a82c7d42276016d4df9cbe73

SHA256
ec86e5fc2126c4f761d83a95549352938acc0017fb322d00757ca7b9d123ed13

SHA512
8cb18a07b5142c24bc83add77f204c2d97937f531a1aa4db947d53b18f1229a0c661b8101bd14036e4708ebb8b71125420aef58dae1150a6c1e8cb030fdeedeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
fec3ea27eb7a4cdc8e17e82f6809a201

SHA1
ed474b6656122b12590ad41e70537668be73a0d0

SHA256
8779c22073938c97a7d59c6eac98a14734fe21605e19b7272872343203b76a0a

SHA512
39fccdf7275dfbdb171caafd8d96e0cb93460dbd547a8a717d9b31e5b79b9fb160cc8ba0e9744a4506408d8fab02a0e48c38c9f5d8c6269665c50a477b4f20f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a36b329e82f3c744f425033e8358991e

SHA1
5c7152e5067ec65fb2c4c46f9d2d0bc6cb7a1851

SHA256
aa7bf10b5cb0fc7909c80fad6b533ef4396b441ef2a56012ce5422132ddc0e20

SHA512
dc80b98da0e213729a2337319f26ea4517504d8fe18a08d93b42cc09b9ddcc943c24795edc77d5579b944105bb054e6f3c9dcac62fca2d007e54e3c760d73456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8c1c7f7b26c4412611b87a462e328194

SHA1
62aa4b684da918ed72d7452dff240aadcaced529

SHA256
eb62f812d911d20f3f5d40464d82540e41f05dcb2e0a7b55b92bd353afb2c480

SHA512
19ebc71de030b59f5bb84ca3435a29664bc1a3f07c4aea7577d899387d0fc9d59c0b14d5aca0235979e3d9765e283621d63566ab4b8aabb7e857b51028eefdcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6532e0c2cc4fd10bbda57b5d9968934e

SHA1
8951249dfc24db68393f2a58ce8c0d7cec52b68d

SHA256
e47ac5f418e8b83b386b023ae228656de5c076388711ba183da4facd6a92fa31

SHA512
f19b2384997362356cae426d66b3af0ac44a1a7847ef7d25a7175120814dc350071fa514f9f5c716031f49bd6220760055b9429eb5b5177af3f2a9c999129ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3e2efb891b9a960998ecd3b948b7ae97

SHA1
f09c3b9de2d05c9c4ff2d1a052e4651d13908e4b

SHA256
6fdda5ce60e6176735658676effcb8db4b2bbcd2751513432d0f35d89751e528

SHA512
65d0b6a93643264fc52397d22e7261310a7308cbb02142549f220511dd4cf052eb2080355c54b18f63288e63122168ae18cd49b60278249a5cb495495b3a1ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b0dc564d762ca1e42bc046fd45306cbb

SHA1
db081edd2186a486c102ec9fc7dee0754ce7d080

SHA256
a5c1d16ae3316d156c8207c094994835631ef9640a9a1382152300eefb2f6d29

SHA512
fca97a39ba0f74865971c43ea18b7bc418ae508b3b66f92e8d415378669f4baa4f9dbf4ef625f73df328696c6a096877e94b2d6006f1a18ba3a99eb653514e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6f25c730936e8ca0172c2bbf649f2df9

SHA1
72a03b43962ecf5f4617d5ad3444c3aa0cf2ef2b

SHA256
9af12b3c69c055fc591483cb75c3a46c5207dc05332d6b222dd1fea066ff4807

SHA512
95d4d6a8ad77c6aad23e0abc901e0f3c812e5382ec7fbc5ee2ea762bf6800b9e0445c74e52281b1e066fc05af0a1f4c245da6ed78b2dab1c6abe7cb14e27f1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e96ad2f23af5139a134b9c1a97a41b90

SHA1
bdbff71c4c59643b3f28345be599e793ce9a2d5d

SHA256
a6c95731ec62ee6af2e1d9a44266d04d4e9cee5f3bf0c7968fd7482b9eb7a46a

SHA512
b8bf6ab69789ed3bbe43f4745a058f3a69e700c5301d5f1324a852bd743aff3b0ff4ad862ae1e502bc4cd1a70fef805e22061b2a61de693fbb8be1e0182c1c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5bf92317d4d89e97ad1ee773a629af9e

SHA1
f5fc8017f5cf69c9b1b80ca9df1286c5ce6ed00a

SHA256
142f6e7b8ad36dfeea73db7ea53fb7a15bab329b4a073f18a0e6272e1cd47a23

SHA512
3af40dea288822d57755aa946031d1604a81a3bdf55b1f2734dda98d1f701641fa7b9ecc76466b1ce16392d8ef618706ad93e2093561982a41fefd13ac72a1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
34715494ff6b2b45f50e21ab9fa6f6be

SHA1
b86ffc6142a531e35a34f314a002fa15b13a7754

SHA256
95efd5848b97c03fea3484de72a040cab9d96f6287b0492aabebb02fcbfcde0c

SHA512
9d1ded51aaf5b705557cc51e84f67b9c08c2eb513ddfbd013155e308afba118190085539ef20ba103bc7e6f73a3fd59ee00eb6c1e19febdac681d01b9b43e064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a7d4b52f2f536457c4e406be4dfd472a

SHA1
0bdebcfbd29ebcc957d44ad2f46407bcda354c3e

SHA256
c706eb8e53a2234948b2d050395e0fdb710c7d8981c0ec265996e5cfa4f35f27

SHA512
0e9066842fbd467231288a09fd5c9f7a2e920ba3b7a393f0f0275a2b1e5bc1a5b2d99f6800e82c1a9eb3f681a575012fa9f13f07f89323a4eef3a529fa74a239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
19ce445ee2c4448b772018fe9f420f5f

SHA1
22110517e18050c9532b9b632c1c1e873f90a8b6

SHA256
2c166d15b889903bdf8ce7eaf377993e5585d0e78d16e165b56fc21d48240960

SHA512
9d823738b797f08dace2585bbe029dbfe2250144624da9e33c5d4e2e626844690acaf72cfa99a8b5d706a036afc45c429238d2c6921977c9339a791b50970d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23ec906df0fb7a8c2191473b68f402ce

SHA1
7ecaeddb817cc8d978aabca69526893d3796a7b9

SHA256
94a7fd25bee29902b7ccbee1660bd22e9395d994a2440316156440f526f53ba5

SHA512
2cd083ad05d42de2e0d1acf6e673141bc50f9233796b9548e0652bb65940c3c706c27d823ade5edb732f25f2b5439f68ec747774f1e8ce30281676da2eab4cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dcf588b0416e428802aef24dc87b7eb0

SHA1
3ab05a3471866bb18c680a4270e729b2c556fef2

SHA256
88ea2f766fd675709af231a4d6335fd4a4d8633e6a3ea82fd2003be4b6ccc6f0

SHA512
af98c8d97cbc4db337c364321ac4040f919aa422e505676b07d282dde7e6c26f281d8e056ce94f400bba14c44ab29da1a5399ba62d8d8379458ed981e643e451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e5bb746fbf9fc1442d0076090a1823bb

SHA1
5a68c1ef5b92944d4716e328151a010876a206e6

SHA256
894c189735f9be7c46f5f1bdba202c4d72c5bd19608b3ab1a035b110e362e461

SHA512
ac25f93b17f15fe7048b6f070f40ff881a19580d971ab260139fe72ca61bb5f4807fd7743b2cc7320055db84ac1dabac1c34fb2b55299075dc9725d6a1f95aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f54d.TMP

Filesize
1KB

MD5
d6cdf225ac54fadd84a332ea3a553840

SHA1
bdf873885e59515ea7cd1358cc7c61d9ea7aea93

SHA256
92140eb9f6d80cb769ba4c7c932958ed45ec904edc28dc8c7d6d13ec32c4a877

SHA512
0487b6001a2a62f28f6e4b7c4831c4524b25ce863df2fafa495a31e2f1dccf0331dea2b30bf35f76fa84761fb2d12bf66dafe6891426855236dd115da2dc36cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cfa828ed2f1a2642eea001f154f10d9d

SHA1
db3afc588868056d421e191d36d71c49347fa17a

SHA256
27f1986caff232b763bf36988d6e99f56d11e3d2b397210cab603d69bf4a74c5

SHA512
f8fb1a4c9e107532da195650837fd5b9b15e81ec244ac504803c4acadbfb0d3ea48df8bca2759dcb64aa73a600289dc57f0e95e83a2bd42c4bd4e4d250021015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2b708a5818b15d4fb91251a336ce5a6

SHA1
8b3b248b2b4e07021d7d73202e9273488ecddc67

SHA256
c0059651ffa7eeee2aabfd4d2d45a73aaa20b7eab689ae5daf3e7ee9430569cc

SHA512
8412599f2a32fb5d3e7ad1611aae3cc0f76b0648033eda85268f38fd5095de3786afa83a0e777aeca81a5e6d923367c05e74f4d097729528e7fb4ff5ae8c6acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a36b32959e47efb0febc0e3bcc1b8487

SHA1
43559cfcdb062f22a955aa4444245d0adc3df701

SHA256
67f519bac18968c18422efacd8b18f6492f90abf62afde5f9e682e8669952eb1

SHA512
a20bab7f6f7e2c84586a6e59374c4825ba65e81d3577b4b4966e90c1f410deb76112564f3a7b68cb472b7433998d45dcb6949d58391bdfa8a29dd3816162a201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
73f371ccd5468d312b035f9a09542608

SHA1
891d7adfa1034c6223aca292aaf892a1c3ffdaa1

SHA256
ad8e9979816c35ab6837e5e75164683a433a45dcc4a38cc90b3300cea602c43e

SHA512
118fb9f5c880e21a9393d49e3f749fd37bb316bec750f131bd5a188e4d489a28458e25c3ca396a1583339c7343c0609e23de645da6f0ed4678d14d474c4ca414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
43ff596d3b15eeca7321c43647dc8196

SHA1
3b506fd36c3c295047d0e8dd846c9dcc9a12b088

SHA256
8a8a517dd877619cce045bd93e8da3b7473e31665426fb1980418c2051237443

SHA512
129963cffcdf78e238f30fd56cd1155eef8521ce7369c6df047852fca1ccee573fb2359a4fc56754bc365ce493e696a48cf85e1e2f16b792554b7b6a605c2c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4216764e6e3b35617c8254a2d5388133

SHA1
45f47709782af37f5efa1ed040e6e9e031606544

SHA256
c2bb3f5334f3ae6299c7130d58041dc26e797d83096c1b66125b0e51d57336e5

SHA512
bdb3a431599010f5ed33f8555e075e6231a33bf995ff8e46f2e83d436614e563fbb6edfd96c207b7410e6141fc128b97943bff97f2f5ecc76232167f09fd735c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d41a7a7b379c490b1314fc44da4cd74

SHA1
71a7316373183ed0bb2890e3e6c7d8efe6febd79

SHA256
2c848db97aad5d3950a5da44d5da3d9ff660c4e711586ffc2067446a9d868d18

SHA512
e3f9bedf62b2b2d62dce86155b15c6fd835aa8d806f82931c29dde785fb19a5dac0aa7d2a041d7d8fbbbf36c7dead44348b73fd784d723c517c5dc7e5c2e2e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.302_(x64)_20241005172330_000_dotnet_runtime_8.0.6_win_x64.msi.log

Filesize
3KB

MD5
c8aced380c7af0da580d8225379a0fd6

SHA1
e5052c3b1eb4ea2e5e436c7bbf8456883d64b013

SHA256
5372baa041ffa050c0bd14be78c736e182195c897ea967ed1853a7106af7ccb5

SHA512
780de98f28b46db5b8a48ea9caedc6a88c4751a1fa541185a6ac2b8108cf301224356fef4f379b78d1f918a2f2e4529e913cb3adaf541f60c48900a3ea69e451

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
164KB

MD5
022413c8c60a5fe0e25cc6781b102c93

SHA1
754bab9e5e3e22f9dd62060c64fdebab55cf31c3

SHA256
dcba44f0aae425207f7a04de5e0f129f45ba764fb2be14723f3c204998dc2866

SHA512
1dd0f15d29445d8c909fbaa840e44c3a4361fbaa6ea9b0e15308e4a5fb327fabd0487a0df4db37b21aabb9b217c0fe33485e82b6a02a70fc86f7c067ff1f4029

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 675101.crdownload

Filesize
202KB

MD5
99fdf82a749238ffadf6d30fe3d26235

SHA1
8cdf649c14cf2214d123f9d0825c276be1ebaec6

SHA256
075285e528c7fc025d1da70408b239c0ec90ac571b469abf8a4c70d5bdcaead0

SHA512
241431c8085726fa3b2a7b8b74040e946d9dbe669c70fb1fa224a685de02ee7d895c58cbfd44448e1e80e68fdd096dc0778159adc003552656ae195b7c76c1a1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 988339.crdownload

Filesize
20.8MB

MD5
1e005973da05e0682767b687e3501f58

SHA1
439cc1f781dd48f3a771eafec1fd1661f52b57a0

SHA256
6c5a7fb80b7a7c6433d69a6d2fd37fa4d42e97a9ca01b7ccaf4412d5f3c9aef6

SHA512
e5315da2609e163f2dd28976f4295ff081a1069256d901c368042342ffbe1cb6be1ad205fa45b8fbe28ea73c7200c039b06e0c4efd53cef55bf05048c3340885

Download Submit
C:\Users\Admin\Downloads\ce12713e-07ad-46be-95d2-2c5eb18bda40.tmp

Filesize
1.9MB

MD5
0c55e11ab5b855b4fcb639ff9ab353d3

SHA1
be5585cd8d89641aafc6f4fed724256845b0e0fb

SHA256
9afb45aadbc2bd59dc7bf42549d4f91e1026befc39714c876e7ac91803124f06

SHA512
02832153e3c0b47ea6c44917efa154af68dce2c77a85e5bd5f1773ecebbe2a453bf6fa9efde4d4d2b22711c8ac637b0fcd3480c8ad84a7fb67bb18fd5203dbfd

Download Submit
C:\Users\Admin\Downloads\pulls (1).htm:Zone.Identifier

Filesize
129B

MD5
d7f7f880cb1cade832216d840f77738a

SHA1
584f8bfaf58f8cdaf148ccc5378c9981c538eb3e

SHA256
f3c20d0f7490922d46a7446bb41f50e164ec7b52f6b60d03b37efd8bc7d0c6e3

SHA512
58467d502dbafeb50692fb2830d40088ac8f4ef3600cdc3415850606cb97bb0422eb2d1cf5671c350832bb55e466b6bc9dabab6a1d4596d29eb9a946f488a156

Download Submit
C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSI5DC9.tmp

Filesize
244KB

MD5
60e8c139e673b9eb49dc83718278bc88

SHA1
00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

SHA256
b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

SHA512
ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

Download Submit
C:\Windows\Installer\MSIA65D.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\e594a9b.msi

Filesize
9.8MB

MD5
95ef87ddde1ab91572fad2b265a1c0d7

SHA1
6ce9eec5c6dba24233f29cc790e7578e49ec6a73

SHA256
ad640d7c9a7acce17f117607b6bbff38d4d1bc4e90b8f08fe9541fcfc12f5ead

SHA512
30c796bac647b2999e354be1c4db0cf95958a97881030ced6631101c75fa6d4ddf3b60a3c40e92e61a78ad53bb8f2093786026ad857ec0a5c2365dd0e7210d5a

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\.ba\wixstdba.dll

Filesize
215KB

MD5
f68f43f809840328f4e993a54b0d5e62

SHA1
01da48ce6c81df4835b4c2eca7e1d447be893d39

SHA256
e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

SHA512
a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\Finalizer

Filesize
170KB

MD5
38f91969ff82209c624d004795e14066

SHA1
786c2aa3ca0b2f9845e377b480dc9cb06045dc70

SHA256
da912e5cb5b749cd65b67c650808400db80a3401b32dae74c3561d034e4e2cce

SHA512
f597c1066d8296a8812531e24d8d9614f0db4136f30e941d0526ff62da319c16db88476492d2584827c6d3f5ecd73533b5ea74a110d63ce5b1edcc9dd0784a9f

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\_28c86dc0e8d71959057ea0317b3698a3_x64.msi

Filesize
648KB

MD5
3ea7f9002dc67772f53cab2171f5c0fe

SHA1
a3415d16bc84f975fff7e1427029866f4e9da7b8

SHA256
cf4841ed6b2f95cc994246506264bb60afc00ae837e5636df2263cc1ea6c364d

SHA512
0f8f9ecacd29ffba5315797db55e3ac8f290d6e22a0220ce7a6ed662ef8b90e33ef3e948cdf04cd8d038da9c051ee54a7ccd04a07fa530ab8feac976744233db

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\aspnetcore_targeting_pack_8.0.6_servicing.24269.9_win_x64.msi

Filesize
3.1MB

MD5
51bec6387c22427585a773064a181c1d

SHA1
7ea6f55eb5f2daf71b10e591dd791135d18aa82e

SHA256
b01f14d91ad145f524f402d6c583e521b7c57a52b6d7efb0b8131ef4b042fcec

SHA512
3c90b32fb79ef44b63117b64426da1bf337ff9910cf224fd26a75f3daa1159b0f87cf33ad760ee2055990b189aa500b657cf5458a01118bf71a28afea1e0ddee

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_80templates_8.0.302_servicing.24280.2_win_x64.msi

Filesize
2.8MB

MD5
530cdc2131a73274841b3b252c4f25c5

SHA1
f94d26a2b5e25553f45606195e36602f99d9fd16

SHA256
6dbff1653d21d8a5abac7810e3633b19ff79c17c65b3ed923c956d94bae6911c

SHA512
bba32fc50ac3240f84f723610978c26ed721d9aa53120d0490c1c2c7a132afecae934a8d880af927ad0012e9d3bf3b51a74c84ff4995678fe317c351b6bc4121

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_apphost_pack_8.0.6_win_x64.msi

Filesize
4.6MB

MD5
3a859c59aff2bf33f8e2d9c0db02896d

SHA1
9a7b6c27076a7ca196937664ede41dc53340d823

SHA256
c1756025a4bbd7f6c0004c29c700c88c1e1f3b2c0d705ec210ec0e75d23596cb

SHA512
9680b79a079a59db8a30ec2eb8f122e7302a70f2099819802e0efe288661166dc2f587f7be68e8b9cf2a94fde7415e5d3d13b87b713a6e5e300f622c56b3f8c1

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_apphost_pack_8.0.6_win_x64_arm64.msi

Filesize
4.3MB

MD5
44fb621ea4f6a6928e727b327b89e6f2

SHA1
dbf48dbbd16b20b1bf1e7bad2e5379068abd3ba3

SHA256
d66f8bf0592028ee30749a6a76ebde5faeaca99672fd853993f906b7da0618f3

SHA512
656c8e8b882a53990a47141e7ea9a417b6bb9fadcb36865e59c2ea127da9daf1341316ed8a2ac9e0bc121b6a08bb8e1e61672ac45d7919ff32aad10794fabd63

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_apphost_pack_8.0.6_win_x64_x86.msi

Filesize
4.0MB

MD5
665944ffd740fd6a3be01598a10ef391

SHA1
622ceedccb1a06595ef2bba2d199571dfaba2f0a

SHA256
f0b811f806869beaa54e84c898cb80fd5ec20efe613b6b6b3f8f1a9b1bd558a9

SHA512
4c5dc8113a968ef81377ad04a2c8fc991d9ea76afe5a2afd200a7953ecf40cdc75c83a3b3a6e792b56e63f57a4e5e8fc071df5613733a3548d4804b6137bfdab

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_host_8.0.6_win_x64.msi

Filesize
780KB

MD5
98b6ac90f0e0a7f43e3c88f9099ad70c

SHA1
564ee5e09f06404a37c9ef685f2336e5d86a44f7

SHA256
cdb9f64aa7845a05713ba42ece610a18c3db1aeb9b11dd33d8ad010c2c0fbd8d

SHA512
5feeebaa78617f46b424c4e3e17ff9ea65ec226c8e0a79d8434df3d92aa9e131f96909a64956569c36e1d23f0b9b2c6abb245ca3c89ce3c07b7c93d149028cdd

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_hostfxr_8.0.6_win_x64.msi

Filesize
848KB

MD5
357c01acfdb40c0d8fe9be487170da5d

SHA1
eeaf7b56b79013f8ddb1b9d90421f2e03378d81b

SHA256
4952b61ca4cd19c4690a24f30f1f437cb416d06756330345e3fa821b9b90f44f

SHA512
152556764f958e8c3a9096e0e87ce4893ff93358be279a9a2ad9ada58f011a99a7fd4342ab0685998b0e90673a341e02fb18bc92d8ce0d5dcf7156eb70c4aec7

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_runtime_8.0.6_win_x64.msi

Filesize
26.2MB

MD5
9616c0869dffc30a2923a890d8b14a67

SHA1
174affdbc38a3c7fc15e48528c80e7168d228be0

SHA256
5b58566f0b0520d92aa9fbe75b75d6942bf1cf012d80c44d3af96ded3824c3d4

SHA512
d5252b4a86a674fcf460a65223dd3261816b6e7865f7b6c1f387b682090e8e6f92601e7b67cff57856b52c086add10e4d55189451ef26829f2a256ba621bcf24

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\dotnet_targeting_pack_8.0.6_win_x64.msi

Filesize
4.7MB

MD5
a9e3c7716c12c4137e7798386dc7b1f7

SHA1
83645f19a7cab29f798746cb35588e4c24a19ed0

SHA256
16aeddf4eb276de2c49c9f7e304b8d1fe3e423e42d90a9c92416f91dc0e95240

SHA512
28b010688ff10987d586c6827702e93881a2ea26100e5ac7ad4884ece0c539f52654f06468619461775797372b8a0a2fad72a3dabc7d135a55ff3896caeef0fb

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\ef05a2a0a7cab4628b9a106ebdf303e5_x64.msi

Filesize
648KB

MD5
29f7392910c762efe35b377a04a597f2

SHA1
2d27b60016c73ba78c21cb855dc4bd36eb4a6863

SHA256
bdff5aaf36e5bb360544eb9ab5215349b4382eb7a85b635071696d190cd5a88f

SHA512
e559853fd522fc78ffb7c7d487eb28101320970087cab18cda659866584567e20300aa4b85b33176f3cb7f8519b45aa7c6645c993eeaf7c411f67448ee466afd

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\f0a38d69b91da2c9cf4812140d614380_x64.msi

Filesize
648KB

MD5
cfc309a4204e3f624713dc31bec04f40

SHA1
01db09bcd7a646d119f04fd32b41bb1bf3a1c585

SHA256
6a7fe022da4fd9d66caa8bf8d06bb546ab1d160ad274b862d45ead2789ee46a7

SHA512
29fe7b0ad2ffc1d317a926ab67522343691d54e58e191b7f873d99c479ac3f36399d42a6c42f7c5214832fd1eba2430a50b2b99c53a4a9e38288d46b1e9c381a

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\netstandard_targeting_pack_2.1.0_win_x64.msi

Filesize
2.2MB

MD5
8362325b2e5c9644bd465f6e09cf9d30

SHA1
e3798d259fb08300fd75819e2a5e88ae0626fc5f

SHA256
72417b4ab38e548714fa1113ac629bb7c1fa1c11e6002a87ae2d7361cfe71456

SHA512
de2134e22341e63496f3173ae390b28d6d6ee0f17145584c372a65e295c222035aed0839ac70c55c91c7bad1b9503b6c7b88614ff3c3dfd025cf11c49bd8d4f8

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\windowsdesktop_runtime_8.0.6_win_x64.msi

Filesize
29.3MB

MD5
7f7a2c9903b501e6be319643903bd746

SHA1
a9701397d76ad81cb24ab9839c1f6a55fe6c53f8

SHA256
fc0dd518f516da1c1d23a7bf46872a36e2010fd34f5e1218d1bbc13982e5ce8f

SHA512
eacb67d3cb534bb87d34f57049592f164e26f3669317e0524e0ae784bb4414e63ffbde24d82a8971629c203e689a64e15631f62754feae1ad65718d772d660b2

Download Submit
C:\Windows\Temp\{06F8AF0E-1441-41C1-8411-AB25A9215610}\windowsdesktop_targeting_pack_8.0.6_win_x64.msi

Filesize
3.7MB

MD5
3497d3c2eee3fa306123f21e9e0bfef9

SHA1
6ea031f3890cb2fc7c66c865acd33ef48532411a

SHA256
fb02994080471ff89ce238e279e86cde7180253cbb261886744d9e118916cb33

SHA512
bab4ae91fc2845fe058e8be728a46ce7192f261d70135ead064c86cae56aa1b59efd44b1299ed4de0b7b72da62ec5d1b7cf707070b4dbe8ef76852c92837a9e0

Download Submit
C:\Windows\Temp\{E7760788-12D5-4B2B-9145-09D23837B0AB}\.cr\dotnet-sdk-8.0.302-win-x64.exe

Filesize
638KB

MD5
17d65c997840d353675b0a994998108d

SHA1
3bad1ce7d70b0858e0d15663c9bc20554e394986

SHA256
73566ff17c61e86a5b4665301e6c50f50fbd645ba5536a80a50424d209be3599

SHA512
cc367dc1a62379e0e50a0a67b6840debd049a4c20c029929795ad23bcb048b7194e0eedfa6fdad56b2f28d90ebb31616918f932f5b8a43bda24e11d62e7d7305

Download Submit