Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1041s -
max time network
965s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
05/10/2024, 19:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe
Resource
win11-20240802-en
General
-
Target
https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 8 IoCs
pid Process 1260 dotnet-sdk-8.0.302-win-x64.exe 3356 dotnet-sdk-8.0.302-win-x64.exe 1220 dotnet-sdk-8.0.302-win-x64.exe 3436 dotnet.exe 1492 npp.8.6.7.Installer.x64.exe 1148 notepad++.exe 4012 gup.exe 1176 notepad++.exe -
Loads dropped DLL 64 IoCs
pid Process 3356 dotnet-sdk-8.0.302-win-x64.exe 1860 MsiExec.exe 1860 MsiExec.exe 3656 MsiExec.exe 3656 MsiExec.exe 4652 MsiExec.exe 4652 MsiExec.exe 4652 MsiExec.exe 4652 MsiExec.exe 3648 MsiExec.exe 3648 MsiExec.exe 3748 MsiExec.exe 3748 MsiExec.exe 3264 MsiExec.exe 3264 MsiExec.exe 5044 MsiExec.exe 5044 MsiExec.exe 2620 MsiExec.exe 940 MsiExec.exe 940 MsiExec.exe 2280 MsiExec.exe 2280 MsiExec.exe 3924 MsiExec.exe 4728 MsiExec.exe 3656 MsiExec.exe 4848 MsiExec.exe 4392 MsiExec.exe 2108 MsiExec.exe 1492 MsiExec.exe 3952 MsiExec.exe 1644 MsiExec.exe 3036 MsiExec.exe 772 MsiExec.exe 5000 MsiExec.exe 3964 MsiExec.exe 2552 MsiExec.exe 4132 MsiExec.exe 2020 MsiExec.exe 752 MsiExec.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe 3436 dotnet.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{edc38f90-e61a-4ce9-b8c2-759325351312} = "\"C:\\ProgramData\\Package Cache\\{edc38f90-e61a-4ce9-b8c2-759325351312}\\dotnet-sdk-8.0.302-win-x64.exe\" /burn.runonce" dotnet-sdk-8.0.302-win-x64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\R: msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.Extensions.Hosting.Abstractions.dll msiexec.exe File created C:\Program Files\Notepad++\autoCompletion\cpp.xml npp.8.6.7.Installer.x64.exe File created C:\Program Files\dotnet\sdk\8.0.302\FSharp\es\FSharp.Build.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\ru\Microsoft.VisualStudio.TestPlatform.Common.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\es\Microsoft.TestPlatform.CoreUtilities.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_9_none.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\cs\NuGet.Packaging.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net472\cs\Microsoft.DotNet.ApiCompat.Task.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.Build.Tasks.Git\tools\net472\tr\Microsoft.Build.Tasks.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Microsoft.NETFramework.targets msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\ref\net8.0\System.Security.Permissions.xml msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\analyzers\dotnet\tr\System.Windows.Forms.Analyzers.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\analyzers\dotnet\roslyn4.4\cs\pt-BR\Microsoft.Extensions.Options.SourceGeneration.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_5_recommended.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Threading.Tasks.Extensions.dll msiexec.exe File created C:\Program Files\Notepad++\functionList\python.xml npp.8.6.7.Installer.x64.exe File created C:\Program Files\Notepad++\functionList\batch.xml npp.8.6.7.Installer.x64.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_5_minimum_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Extensions\de\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Extensions\ja\Microsoft.TestPlatform.Extensions.BlameDataCollector.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\de\System.Windows.Forms.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\analyzers\dotnet\roslyn4.4\cs\fr\Microsoft.Extensions.Logging.Generators.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\de\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitLab\tools\net472\cs\Microsoft.SourceLink.GitLab.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\System.CommandLine.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\dotnet-format.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\mscorlib.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll msiexec.exe File created C:\Program Files\Notepad++\functionList\powershell.xml npp.8.6.7.Installer.x64.exe File created C:\Program Files\Notepad++\themes\MossyLawn.xml npp.8.6.7.Installer.x64.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_7_minimum.globalconfig msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.AspNetCore.Components.Forms.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Memory.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-x64\8.0.6\runtimes\win-x64\native\nethost.h msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.Extensions.Logging.EventLog.xml msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Localization.Routing.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\NuGet.PackageManagement.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pt-BR\Microsoft.CodeAnalysis.VisualBasic.Workspaces.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Microsoft\Microsoft.NET.Build.Extensions\Microsoft.NET.Build.Extensions.ConflictResolution.targets msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll msiexec.exe File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Serialization.Primitives.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tools\net8.0\System.CommandLine.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelreliability_6_recommended_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\ru\PresentationBuildTasks.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.Build.Tasks.Git\tools\core\pl\Microsoft.Build.Tasks.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\fr\System.CommandLine.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\tools\core\es\Microsoft.SourceLink.GitHub.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.ComponentModel.Primitives.xml msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-netcore\cs\Microsoft.CodeAnalysis.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\fr\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\Microsoft.NET.Sdk.WorkloadManifestReader.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.Build.Tasks.Git\tools\net472\pl\Microsoft.Build.Tasks.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\targets\PublishTargets\Microsoft.NET.Sdk.Publish.Kudu.targets msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\Microsoft.VisualStudio.TestPlatform.Client.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\ja\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Roslyn\bincore\pt-BR\Microsoft.CodeAnalysis.CSharp.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\FSharp\zh-Hans\FSharp.Core.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Reflection.Metadata.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Drawing.Primitives.xml msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\es\System.Xaml.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.Extensions.Options.ConfigurationExtensions.xml msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.AzureRepos.Git\tools\net472\ru\Microsoft.SourceLink.AzureRepos.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\ja\PresentationBuildTasks.resources.dll msiexec.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI740C.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{976580F3-B710-4C76-8D12-EB1905833370} msiexec.exe File created C:\Windows\SystemTemp\~DF3124F2C9B6304AD3.TMP msiexec.exe File created C:\Windows\SystemTemp\~DFA449FE8782D63F93.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI147F.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFB5511635963E3480.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF867E0EE1C983EE3E.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI66ED.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{98927287-8779-447A-919E-73028D53F719} msiexec.exe File created C:\Windows\Installer\e5b0f58.msi msiexec.exe File created C:\Windows\Installer\e5b0f66.msi msiexec.exe File created C:\Windows\SystemTemp\~DFBD7BF924363A60A2.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF0838DE45695A1EBD.TMP msiexec.exe File created C:\Windows\Installer\SourceHash{CE79B4DA-3D44-493D-8EDC-9CAAD46C7DEF} msiexec.exe File opened for modification C:\Windows\Installer\e5b0f99.msi msiexec.exe File created C:\Windows\SystemTemp\~DF247D2B4E86C8C254.TMP msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe msiexec.exe File created C:\Windows\Installer\SourceHash{93FD7D11-2248-48DF-84A9-8F66E45E3417} msiexec.exe File opened for modification C:\Windows\Installer\MSI7A0D.tmp msiexec.exe File opened for modification C:\Windows\Installer\e5b0f39.msi msiexec.exe File created C:\Windows\Installer\e5b0f67.msi msiexec.exe File created C:\Windows\SystemTemp\~DF7589D86AD4F08D65.TMP msiexec.exe File created C:\Windows\Installer\e5b0f84.msi msiexec.exe File opened for modification C:\Windows\Installer\e5b0fa3.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI775A.tmp msiexec.exe File opened for modification C:\Windows\Installer\e5b0f2f.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI1E38.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{F3AEB036-4B8A-4C25-B4D2-850944E909C4} msiexec.exe File created C:\Windows\SystemTemp\~DF25BF042094BADA6A.TMP msiexec.exe File created C:\Windows\SystemTemp\~DFC13DB0494D0AB99E.TMP msiexec.exe File opened for modification C:\Windows\Installer\e5b0f8a.msi msiexec.exe File created C:\Windows\Installer\e5b0f8f.msi msiexec.exe File created C:\Windows\SystemTemp\~DFD43D3ACB0856DA12.TMP msiexec.exe File created C:\Windows\Installer\SourceHash{59C4A6C5-E254-4819-B254-0B4FF17747EB} msiexec.exe File created C:\Windows\SystemTemp\~DFC1438C3E17A13E1D.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI61F6.tmp msiexec.exe File created C:\Windows\Installer\e5b0f85.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI8B93.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFD95350BDCE23C012.TMP msiexec.exe File created C:\Windows\Installer\e5b0f6c.msi msiexec.exe File created C:\Windows\SystemTemp\~DFD4D7793F8692D6D6.TMP msiexec.exe File created C:\Windows\SystemTemp\~DFEE879A557D46151F.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF0BA77C2317FB9520.TMP msiexec.exe File opened for modification C:\Windows\Installer\e5b0f67.msi msiexec.exe File created C:\Windows\SystemTemp\~DF8836CB8497501540.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF4DA29CD3364825E0.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF0A0D2B543B702D90.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI34EF.tmp msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0 msiexec.exe File opened for modification C:\Windows\Installer\MSI2168.tmp msiexec.exe File opened for modification C:\Windows\Installer\e5b0f62.msi msiexec.exe File created C:\Windows\Installer\e5b0f75.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI21B7.tmp msiexec.exe File created C:\Windows\Installer\e5b0f5d.msi msiexec.exe File opened for modification C:\Windows\Installer\e5b0f80.msi msiexec.exe File created C:\Windows\SystemTemp\~DF0FA3B31B9CA9289D.TMP msiexec.exe File created C:\Windows\Installer\e5b0fb2.msi msiexec.exe File created C:\Windows\SystemTemp\~DF7A4E85F40DF3EDC7.TMP msiexec.exe File created C:\Windows\Installer\e5b0f38.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI202E.tmp msiexec.exe File created C:\Windows\SystemTemp\~DFF3C45C9DBFC2F97F.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF8BCE5B435CE0DE07.TMP msiexec.exe File created C:\Windows\Installer\e5b0f39.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI2E31.tmp msiexec.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language adb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language openssl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ApkToolkit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-8.0.302-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-8.0.302-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aapt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language openssl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-8.0.302-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language npp.8.6.7.Installer.x64.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 explorer.exe -
Modifies data under HKEY_USERS 57 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D4DD5FE094CE7EA4C8A96FF48F3BAE85\SourceList\Net msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{edc38f90-e61a-4ce9-b8c2-759325351312}\ = "{edc38f90-e61a-4ce9-b8c2-759325351312}" dotnet-sdk-8.0.302-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D4DD5FE094CE7EA4C8A96FF48F3BAE85\ProductName = "Microsoft Windows Desktop Runtime - 8.0.6 (x64)" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\PackageCode = "A9D027F246BCA7540BBE0121B59B19BE" msiexec.exe Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36FA49A2314054B34BAB6DD1F6BCB0B5 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9FB75A5BA7CF6AF4ABBE641E3789D63F\F_PackageContents msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E7A4BA400815AFE64F4BF07AF87EA94D\31AC23820586C0448993612B0D91907F msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\32E6B45832BD9644492B42CBB3CD9AE6\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64\Version = "64.0.5426" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Media\1 = ";" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\970223D1904F868349E4DA601A87601A\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\DisplayName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.6-servicing.24269.9\Dependents dotnet-sdk-8.0.302-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\SourceList\PackageName = "dotnet-runtime-8.0.6-win-x64.msi" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57E95FB650EB96C4C98453236BEDE05C\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\40533F750E62A00488FB80ED832F9352\Provider msiexec.exe Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0 = 66003100000000004559119e10004d4f4f4b49457e312e41504b00004a0009000400efbe4559109e4559119e2e000000f7c8020000000600000000000000000000000000000032b537004d006f006f006b0069006500200032002e00610070006b0000001c000000 explorer.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63337BB296F4141479799EDBF63E89A0 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBECEB62ED1345840B91B98BBEBFDB1F\F_DependencyProvider msiexec.exe Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_8.3.224.28002_x64\ = "{2832CA13-6850-440C-9839-16B2D01909F7}" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{2832CA13-6850-440C-9839-16B2D01909F7}v32.8.36482\\" msiexec.exe Set value (data) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A514DED0-F02D-48FA-8E38-E88652946E47}v64.24.15199\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}v8.0.3\\" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3F085679017B67C4D821BE9150383307\Assignment = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\214F2F970A72AED3AB5BEC31D42C3CAC\8E99F865D2F97D840AD56DC415B2A3DF msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\Clients = 3a0000000000 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CDF4AE7DE1850E56388D296F9D16594A msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\ProductName = "Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64)" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\Dependents dotnet-sdk-8.0.302-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8E99F865D2F97D840AD56DC415B2A3DF\F_PackageContents msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B78A30BB69F4FE44FACAF3D2F9C9DEAE\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\11D7DF398422FD84489AF8664EE54371\F_RegistryKeys msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\InstanceType = "0" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AD4B97EC44D3D394E8CDC9AA4DC6D7FE\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE79B4DA-3D44-493D-8EDC-9CAAD46C7DEF}v64.24.15199\\" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C6A4C95452E91842B45B0F41F7774BE\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version = "64.24.15199" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.9.36482_x64\DisplayName = "Microsoft .NET 8.0 Templates 8.0.302 (x64)" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net6,8.0.100,8.0.6,x64\ = "{93FD7D11-2248-48DF-84A9-8F66E45E3417}" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Assignment = "1" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\40533F750E62A00488FB80ED832F9352\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\ProductName = "Microsoft.NET.Sdk.Android.Manifest-8.0.100 (x64)" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC1DF4AA37FD7B40A39CF1AEFE31E38\SourceList\Net msiexec.exe Set value (int) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64 dotnet-sdk-8.0.302-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\AdvertiseFlags = "388" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,8.0.100,34.0.43,x64\ = "{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3}" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DED415AD20FAF84E8838E682549E674\Provider msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3F085679017B67C4D821BE9150383307 msiexec.exe -
NTFS ADS 7 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 303988.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Mookie 2.apk:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 679285.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5832 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2224 msedge.exe 2224 msedge.exe 2832 msedge.exe 2832 msedge.exe 1648 msedge.exe 1648 msedge.exe 1932 identity_helper.exe 1932 identity_helper.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 1552 msedge.exe 1552 msedge.exe 4624 msedge.exe 4624 msedge.exe 4448 msedge.exe 4448 msedge.exe 3160 msedge.exe 3160 msedge.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe 2120 msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5832 explorer.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs
pid Process 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeIncreaseQuotaPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeSecurityPrivilege 2120 msiexec.exe Token: SeCreateTokenPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeAssignPrimaryTokenPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeLockMemoryPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeIncreaseQuotaPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeMachineAccountPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeTcbPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeSecurityPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeTakeOwnershipPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeLoadDriverPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeSystemProfilePrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeSystemtimePrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeProfSingleProcessPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeIncBasePriorityPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeCreatePagefilePrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeCreatePermanentPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeBackupPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeRestorePrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeShutdownPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeDebugPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeAuditPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeSystemEnvironmentPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeChangeNotifyPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeRemoteShutdownPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeUndockPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeSyncAgentPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeEnableDelegationPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeManageVolumePrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeImpersonatePrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeCreateGlobalPrivilege 1220 dotnet-sdk-8.0.302-win-x64.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe Token: SeRestorePrivilege 2120 msiexec.exe Token: SeTakeOwnershipPrivilege 2120 msiexec.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 5832 explorer.exe 5832 explorer.exe 5832 explorer.exe 5832 explorer.exe 5832 explorer.exe 5832 explorer.exe 5832 explorer.exe 5832 explorer.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2868 MiniSearchHost.exe 1492 npp.8.6.7.Installer.x64.exe 4012 gup.exe 1148 notepad++.exe 1176 notepad++.exe 1148 notepad++.exe 1148 notepad++.exe 4364 ApkToolkit.exe 5832 explorer.exe 5832 explorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2832 wrote to memory of 4560 2832 msedge.exe 79 PID 2832 wrote to memory of 4560 2832 msedge.exe 79 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 396 2832 msedge.exe 80 PID 2832 wrote to memory of 2224 2832 msedge.exe 81 PID 2832 wrote to memory of 2224 2832 msedge.exe 81 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82 PID 2832 wrote to memory of 1800 2832 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa1113cb8,0x7fffa1113cc8,0x7fffa1113cd82⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:22⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:82⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 /prefetch:82⤵PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵PID:204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:12⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6356 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7328 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵PID:436
-
-
C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1260 -
C:\Windows\Temp\{2244892F-A3C7-4F9D-A799-CA434E9FD047}\.cr\dotnet-sdk-8.0.302-win-x64.exe"C:\Windows\Temp\{2244892F-A3C7-4F9D-A799-CA434E9FD047}\.cr\dotnet-sdk-8.0.302-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=7803⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3356 -
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\.be\dotnet-sdk-8.0.302-win-x64.exe"C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\.be\dotnet-sdk-8.0.302-win-x64.exe" -q -burn.elevated BurnPipe.{55E78D21-4183-4BEF-9AF6-E91E5FA139FF} {9C623F6F-F899-422F-831A-04C3F2B7D899} 33564⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1220
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6856 /prefetch:82⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:12⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:12⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7908 /prefetch:82⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:2504
-
-
C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe"C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1492 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"3⤵
- System Location Discovery: System Language Discovery
PID:1452 -
C:\Windows\system32\regsvr32.exe/s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"4⤵PID:2624
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"3⤵PID:5116
-
-
C:\Program Files\Notepad++\notepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:3828
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3296
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3216
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4280
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2120 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 19738493DEAE2C0ADF12E539386D594B2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1860
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1BCF8700CC68349B0FD28D9E4F7A4D9E2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3656
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B936994B8BFDF4DCFD69EDC2BDBDAA9D2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4652
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C7699EF05926307077E5DE915B8E21542⤵
- Loads dropped DLL
PID:3648
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E39D156A5ED883F500F1F3C3BC8DAE312⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3748
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2F158E5208F622213FD67D2C2576FEDB2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3264
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9559D067C8E92001845D2B69F42F07E82⤵
- Loads dropped DLL
PID:5044
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 848A61741E6DB67711F07BF9364973D42⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2620
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0487B2D553645A95B6D6F61E6B9274EC2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:940
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 116AC22D0BEB0FD5464ADE770F79A9222⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2280
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 84CB21228B68256BD026AB0A391A43D82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3924
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 719BD893CF4C1ED046F1DB8452193B182⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4728
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0D7188973504D8194B397127DFA83B412⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3656
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 5FDD13520A30A4E78C08BFB5B59C21292⤵
- Loads dropped DLL
PID:4848
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D6E6B89FBE59189F40F7DB20EA28E6012⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4392
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3E5DAC645C7533414B4D8AD54D6E94EE2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2108
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BF6D643A6CCA02B00BC33B140CD518A62⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1492
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 50C205F54B2D507C01616B0C24D861B52⤵
- Loads dropped DLL
PID:3952
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E61599BEDA74D683D36FA0C87DCCEB272⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1644
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4DD5D2EED0EEB7A0F673F4D941514AE12⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3036
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 82C68F0F0331F6121ADF3F57886CD08E2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:772
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 567FECEC8523638B641CCDC910489E482⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5000
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 72C6CE42CBE5D1D82D03C76F065D13C82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3964
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 748869227B0F680EEC1A411F3715A4DA2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2552
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3FDA93E13CE4E3254F46F52CAE52C54E2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4132
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C7817787CA0341E96053F44E53A1F52A2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2020
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B4D6B0B242F8DCEB6006065E82DA3601 E Global\MSI00002⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:752 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.302\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3436 -
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:2900
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:1356
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:1540
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:1676
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1C05A42B3C06716D4839F1DE399AAB852⤵
- System Location Discovery: System Language Discovery
PID:5444
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E41⤵PID:4448
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2868
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:3892
-
C:\Program Files\Notepad++\notepad++.exe"C:\Program Files\Notepad++\notepad++.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148 -
C:\Program Files\Notepad++\updater\gup.exe"C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px643⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4012
-
-
-
C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe"C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe"1⤵PID:5376
-
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4364 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject"2⤵
- System Location Discovery: System Language Discovery
PID:1620 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject3⤵
- System Location Discovery: System Language Discovery
PID:6088
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -version2⤵PID:3108
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -version3⤵PID:6104
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version2⤵
- System Location Discovery: System Language Discovery
PID:1932 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version3⤵PID:1188
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version2⤵
- System Location Discovery: System Language Discovery
PID:4596 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version3⤵PID:5704
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v2⤵
- System Location Discovery: System Language Discovery
PID:752 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v3⤵PID:1168
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v2⤵
- System Location Discovery: System Language Discovery
PID:5532 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v3⤵PID:3892
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"2⤵
- System Location Discovery: System Language Discovery
PID:5944 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"3⤵PID:5212
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version"2⤵
- System Location Discovery: System Language Discovery
PID:32 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version3⤵
- System Location Discovery: System Language Discovery
PID:4256
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version"2⤵
- System Location Discovery: System Language Discovery
PID:5756 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version3⤵
- System Location Discovery: System Language Discovery
PID:5884
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version"2⤵
- System Location Discovery: System Language Discovery
PID:6008 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version3⤵PID:6072
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe""2⤵
- System Location Discovery: System Language Discovery
PID:6092 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"3⤵
- System Location Discovery: System Language Discovery
PID:4556
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version"2⤵
- System Location Discovery: System Language Discovery
PID:1824 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version3⤵
- System Location Discovery: System Language Discovery
PID:5912
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\Mookie 2.apk""2⤵
- System Location Discovery: System Language Discovery
PID:6104 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\Mookie 2.apk"3⤵PID:3696
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a""2⤵
- System Location Discovery: System Language Discovery
PID:1768 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a"3⤵
- System Location Discovery: System Language Discovery
PID:2248
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a""2⤵
- System Location Discovery: System Language Discovery
PID:3124 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a"3⤵
- System Location Discovery: System Language Discovery
PID:3848
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a\libil2cpp.so""2⤵PID:1032
-
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a\libil2cpp.so"3⤵
- System Location Discovery: System Language Discovery
PID:5444
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a\libil2cpp.so""2⤵
- System Location Discovery: System Language Discovery
PID:4940 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a\libil2cpp.so"3⤵
- System Location Discovery: System Language Discovery
PID:5192
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat""2⤵
- System Location Discovery: System Language Discovery
PID:5300 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat"3⤵
- System Location Discovery: System Language Discovery
PID:2560
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\*.sf""2⤵
- System Location Discovery: System Language Discovery
PID:5236 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\*.sf"3⤵
- System Location Discovery: System Language Discovery
PID:5436
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa"2⤵PID:784
-
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa3⤵
- System Location Discovery: System Language Discovery
PID:1540
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa"2⤵
- System Location Discovery: System Language Discovery
PID:3892 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa3⤵
- System Location Discovery: System Language Discovery
PID:5216
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\Mookie 2.apk""2⤵
- System Location Discovery: System Language Discovery
PID:436 -
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\Mookie 2.apk"3⤵PID:5244
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk" "C:\Users\Admin\Downloads\Mookie 2.apk"2⤵
- System Location Discovery: System Language Discovery
PID:4088 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk" "C:\Users\Admin\Downloads\Mookie 2.apk"3⤵PID:32
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk"2⤵
- System Location Discovery: System Language Discovery
PID:1468
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5832
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD5df61177b780773d0c5bf1fd3e4770b00
SHA1ff82e4b8c10bed03772d6d3858addb2f3dbd643e
SHA256ac7f7a4791c3b335bf6f5d0ac4f43d090df53a0cd2b84e7e9839d57a50993433
SHA5126808e8276f20c2a5979fba8da26d4c6c58ccbbe11fd9a3336981165d9cb7d745dedfa374c86cfd6cff1e8df5151072c272dcc3dea2888758756738ceabb53d20
-
Filesize
9KB
MD5f56b1f696dc2a1eda7945b8df8a02f3a
SHA1651adffb056224dad9f0027d5eaf59e8fff489c3
SHA256b0ca8e88a0ff9b52e7390ef33f36581ac8ca1a1a6ef763a5a1b90de0a9c8419d
SHA5122eddf1d7bfe8384303cd2328c595310353008de1bf1cb1fa274e41e979082a3c05effd9f52edfa00286cb4588b8618b7953fab58b233ddee863ef6439576ca21
-
Filesize
11KB
MD5f5e547fe1d076017b29ce00bb039fd97
SHA1becf0e3e244d6bd42ed7fecc9e3ffcd5a94403a2
SHA2567cfd6385bbd3d0d64f0e216837010e2ef5eb0d6d22c217783c353fd21cf2d138
SHA5123c915fb536f1cff659dd4875ea3583f27949399b2ec855cfb92fe6087140248cb92f2c4ea0a78b0778bc2e5ccd44f00951e5ca1f608aa0808711e96ab348dd1e
-
Filesize
8KB
MD5b7ccca9dcefeb2ad271fb65851c39ffc
SHA16c706a5f8b74f0bd98a707bdd375dea28472fd2a
SHA25670e0503da9a53724fa35b3daae72658d6aa957ab7cb9bcaffa69d6ce48840962
SHA51258aee544a32e438f50b2ff38e5c45fbafc88d2a3ae7d1fca8a0eb97be6bd723feb123952836ae3d342efd327f72018c2ff6cbf37a34fb3a5a2bd9e20b1cbf5cc
-
Filesize
143KB
MD533b4c87f18b4c49114d7a8980241657a
SHA1254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA51242b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9
-
Filesize
3B
MD521438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
Filesize
93KB
MD5e6506d862a586cbe00eb9c8d9fb224fd
SHA1f48630d2402b4e7ded5791110d5528ff154c50b9
SHA2569868c850c6961aaaecb58ab1be57a910e43311b7ed6b709047c82f35e4dbdfca
SHA51264af8851beb33ec2890e6c095f25abb5b180ddea5923f2d359f30282d87d4251411e5100d9bfda28eb9b46df089f3cde7dfd932a3ac2cfd549b4f7ccf0b39900
-
Filesize
11KB
MD595f8015df7c97bb5c7f59ccfa1f6f67d
SHA10a5c36fea5bec3ace2a97da105fec848ace689f1
SHA256ac16cc0071a44a5c35d43a7f6a6f3d89d2c6c7b10ec58d8bb9c1093a9e183b8e
SHA51272a372159bc879b27d5f7cfca0141f437d2bf36b2d30421f00922ebc825e7fab8c7ef55d4e3aa94ea7277a81f9edca4203c6da0c16a59a6f8006a321402a735b
-
Filesize
11KB
MD56b1313910e653a3f8519b8eb336fe84f
SHA17b861e92eeb7e12bab9f35be4ca4171ce344377f
SHA2567a856d6f20ca66c4ec0856cd668667e47ff4a93f67d8f90b9d50e46617755a60
SHA5121318999adaaca8d54ae289082ca37f63aef10776d62cdbc1f434532847522dbcaaba482425a5822711555565ffa940d59654241a75427fcc3d716999c8b35d14
-
Filesize
11KB
MD50367620f791e98d24576e32f9f7f916d
SHA187dceaf5d7057700c4e89fb95a3b098eafb71a32
SHA25645365ebd2b46289b8f816cfdb919a6078a1eb73c42905bca344fb33999fb6b8a
SHA5123d2298f3494e97e01b512bed111764f6761492309c41d5637f7926712412cd17d3c6046c7a4ed62277f0123c7bac0908ffaa6eb6e6639a2525298768b57dacee
-
Filesize
35KB
MD576fea30cb58721754d964983be09ebcb
SHA16491cb2c4288afb2d39e4cc76505d8b87225eea1
SHA2568b1d4ae3969511f27937ae9aa6aa07dd2135541f965ddc58fcd027ea3a8ec5f3
SHA512db7a45f15e3ce0a724cfdd8fb23d55a26004b35c94800fbffb23383a439f3a794dcae152f0fe6ffbada6ae57b3066ccb8ebeb04a0f3c4662b02b93d65dbbc932
-
Filesize
87KB
MD5305cf9d498aefef6e8b572abb129b6c0
SHA128848e4c06cd2c1341e6deccd148023fd1a58b4a
SHA256c7d87dfbe72c93a2a9f8f73ccfe98c33c521bd4fea5eaeeded3d9df99e1c95a1
SHA512e1518fef1b66ef86a717324661cb5e3a6eee320aa0da2c5976aa08b2ae78b04e700ac2ee937df730df88d9b777687b10508f952397b31b5f31dc01f9a442a383
-
Filesize
40KB
MD5d7d467c6b6012f0a07e1e10a5dfafe4c
SHA14710a94cf1e99206275aa08645ec728a97de6f38
SHA256299a5c0f53e5b30a55d050395646fc05787caa3a518ea8f2a18431b4c67b3bff
SHA512ef7d68d43b0dcad8a248013bd096604e3cc6d0a32e3b1c9dd93105c5493ada1edde56381e169c5cb1de193e82034ef715add9b86613f793d6b39de669c547ce7
-
Filesize
92KB
MD5957fd4f351bddbab37d15fa2be2611c8
SHA16fd5e82b233debf71e951b772db4c1e308dfc3fb
SHA256b8e734989fcb6f016600210a733bdc4d76274e84a10252579b4e4edd92326b0e
SHA51270ccbb8db98a4133c2d818b7559ce0a286caaed85d8fc00699e628842690238bffd978b472117a6f78863a9b6dc5c1216bf47afd79db42eed6235cffc97ec360
-
Filesize
9KB
MD5a71140af5a5c98276dd0d35573f06e23
SHA185f9462e0bfea385ae6fe26ef7ac2f16ab79362c
SHA256a9a54d87358c3a4c3189c1399f0d54f5a2cdf0ab1061933d51fa09661f477a85
SHA51286b6e178bff83afdc41f62aa93665d483241805cfd0186e317c0c0560a84b3950eb7c662b03b5ac359af9557edfc60a3f407a890484ae60a4e4ab4767eaac034
-
Filesize
8KB
MD5c8891109b597ffc06f704dc9e8fe3b3c
SHA1214d11562060770ab7b317b55ad353efcbdaabad
SHA25672f0ebdfc487a3e81ffb6d9eac745d6f28be405c42bb122247115bb8653b2636
SHA512728206e95eb4d1da3af67a015f24c4944778aeaaf9cc0198fc7f2e2c34f5b1da0f9856f2566bb4b866ec79086c938e8c99eb341201c77db8d2a8ead6044b4726
-
Filesize
8KB
MD5001eef1afc058b5989c31dbaa67c40ac
SHA1e70302a59862cb38c66835eaef2bbf9709a7de30
SHA25606a8f4251b7dd7b8042a1fafcaa4e06297d69c009dbe913733fa2c3b71bd99f3
SHA5122df0a504bb1343a983f318b256aff991f1562665fe2c1dd8434ecce58185d8abf5f790c82082a4067d13d4e49cc4305859a8a88f69cf2db641ced8aaa93475a7
-
Filesize
9KB
MD509a91fad8588b6e4f564496992b7e508
SHA1e812ae01c707ca5da2bb71526a118e7a0bd90b01
SHA256d18112f7b34c45c22277924af4b553f17b700fc7986bc66e95c3b2997ab3ec2f
SHA512519d0e2c7fdb279e4da02b0f990d38e324902ba80b3bd96fc2af270335be602e79d8e816d7c539ca1d6e037477fe7b882ea588d7241aa19b5438d36c393e187c
-
Filesize
8KB
MD55d4d8056537906733a9d67e8f4ac83f9
SHA10102b86389b579c7062914784d09a15ab115e462
SHA2561a5cb64afd5d1dac72954e93bc0715d2c35446e9ee202780e3fa5e133b425fc3
SHA512da7f7998d6003e8ca43be7fbd6d6bae2f558a9cd9cba41e0ff273d3610286ae6ce5a1afccbdd3bf474bc551b67d1b4eb2d44839782a9090b6ee2c0e74f7c2868
-
Filesize
8KB
MD599ef91827f68d5025919307adbc3abf4
SHA17b3a2c641c615f55aa2d2187310798e6eec18974
SHA256ad6e9b813d5dbeb977e76fd959f96400e46d48248f61cb3a3e5bb6161e9542ab
SHA512fb62b1feb533671ecb458d731369a5a2eed1755379a57217c453e332952d0d0ebb27d0db5f321b2490cf8304524065914dd01f320f2f7fb9fbbd28b32c0c9692
-
Filesize
8KB
MD596da067143c2eda7d140007690b36510
SHA12dd7e4865a9582a0884b9cc60fab229a4a7ad15a
SHA25633c75a5f5afd8e86c63ea979a8a915ed9fc37cdeccb810cb6fec21a065442d9e
SHA512bb115b32072fe819b6cf2dd3a1c07176f47299d3e22a26748847ef2e00f660a15493b80037306a2dc73fa67c6483f59efd18f61ce0808616303c219de8881f11
-
Filesize
14KB
MD5784668676d9d34407c352517681b5c52
SHA13a476270ec0f28da3106a586f01d7c402b1213ae
SHA25663ad3aa272e026f9faa45201a57ded70cc6890b64b80b19202d87fa99af47da3
SHA512eaca49d6a5eeea33c4cbf6fb97fad568431ea094bfb98fab5d1e474985ea1a6dbc4d568305df90c6452bea3313a5e9f56495a6927612f53dd70c10d45f85b3da
-
Filesize
10KB
MD5bca2fae948eb1a93dae484163abfaae7
SHA138550ef3c0758b6bfab642eb256c17f006266f7b
SHA256e846389c0bb4cac12b508984189b0e4fd8d8e5526231635c2f0f70acfadaee2d
SHA512e73b578b4de789f8369cfb09b9273565c677ab0a387fcc14b9f9739fe8b1db16ef60d49f67f93868e58da895ba3dbb2269cc5f5244f62ef85672bc3ff59d241b
-
Filesize
10KB
MD5ec3448a362d7c486dfe08372afd3d234
SHA1caba566342c5567152b36b2ce3c3388a5ed86376
SHA2569c059ec2e152b03645fa2d2ce9e1930f689239a227aac4d4f38fcd262e0e4f9d
SHA512a5590b0443a004737048a470ec03d515f8900a92ccd90a7b341a26938e586761faf7f750344f30feb8d6d90b215fc2899351e9f142574e8bfdf69dedf9047db3
-
Filesize
10KB
MD53bb28a0b9bdbed3bec6ad5cde2ead9d3
SHA11069ceae258f8ccd3d534a353ddac9404436360d
SHA2569ef090338326ef75960be96b9ca7384e155a471a9fe7bc573dc523e030fc3e37
SHA51220d7493a9c6108936d63d8081b2e94d1e0000945f4cf997903c6e15e12113ccb6e4e01dd7ffc961e08f09b7a67f76852f30ddec88c88b42d132f187905af8f8a
-
Filesize
13KB
MD5e0ad6002847b4a1ffbadc5c0fa9ba285
SHA1be30b304f897a11fdade4c26ebfbb8361230bc0f
SHA256f37517cba79d32aa3c403b3028906964d71e0151917334a91482ff55f069123a
SHA512c226eba4fc2e9694be9589138c0436552635f7da7e23c6ac06446a9427688a667ee81f77c16b7fc71a7e17ae8fb57744d94d712a2f5c6e6f96ca9ac616874252
-
Filesize
13KB
MD53794a596cbcd06cd204fc56cbb624af4
SHA10b6616cbd311c93edd1519231d4a1456c36eeb1a
SHA256e2c92be16167724c1ba8cb13c98bbed7a50222163ca19c9b027503111b7fc9f5
SHA5128f47ee87f0ad52e9148b7efa5587b65298d2355186529335407acf7a611ca1961ebda255a6dc6f04cd9e3296d0c8653209e7b8049112f04593aab2525ec533d3
-
Filesize
9KB
MD5ae7b4e7728321d4fd3bf34a6a3c5c205
SHA15c9c4fb5daffe7b0e9c70249248f2cf7a93507da
SHA2565e78049ef82842cfea49fe2de3f7299f23c92d0b8a438c1157ecd94a6dcdd056
SHA512984aab7bf9093a44a329c5b9314a05f0f20203937685b49eed27d8c428c3b84eff713a380d0225ef7321541610a362c31612a577547a7abd156a0cdf8630b3e9
-
Filesize
1.0MB
MD58096c11cc163a77a879fab8dcc2b1c7b
SHA1170db3f09b4168f292129eff943725a529cb4d2c
SHA2560f4f0b4018367d00930af99672d83add721c35005b394757aa6a10ec6c4907fb
SHA512180be29eae84812031d5ead463d13aa8870866ac6668ae35a30bd1b48ed51bb6a23d48b860a28a42365905783fa8d43bb5e473afc197e2ac8ff90f029bbacd24
-
Filesize
40KB
MD585b70b91cf62d01ffc5e90d6d198043b
SHA1ee0bf274b2ab0307086f80004a6118b8010b27fe
SHA25665eab59bfea012841c43c1939e2d023cafc4597d16b15c02489254137a2e122f
SHA51209f4d271855dcb6d39769ada4951944705953eeebcb6f80cfaf1bc2fc6017ea8664f412fffd49ccc7d4b98f06fe15f9a5ce57856f09ab4b1dc26057dbd935c3e
-
Filesize
143KB
MD54209ac83bdc20a053470a48c3ce2719c
SHA19e8608f8a6cc1ee04f350f66b16f3481e81e9262
SHA256c6e330c1e3895deab7b47b725822a4453e50dd0b79a148dceaf8ba3a749f8412
SHA512944aabf043890cf92a05ba6641d77c8289639f0aab802f9d8c8a73fc18d8a94529a86ae1ec0ad70af3158cb6cf72835370d5695dd8ed7d42987af244521a164d
-
Filesize
19KB
MD5aa8eeb801d74a4e562fd8c044e03fa8c
SHA18653841bd62dc74f605f608ed8f354dd692faaa2
SHA2567ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b
SHA512388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3
-
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\zh-Hant\System.CommandLine.resources.dll
Filesize18KB
MD59101e8227a7ab83cafd27e4ec222ba10
SHA13a80807f7cd695bd9258eaaadf8b2d7dccefc125
SHA2568508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e
SHA512e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412
-
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll
Filesize17KB
MD5c610e828b54001574d86dd2ed730e392
SHA1180a7baafbc820a838bbaca434032d9d33cceebe
SHA25637768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396
-
Filesize
19KB
MD54e92ced559ff6f26d238fc5393dab39f
SHA1400983302371c5a7ba38e3dba8fbc4c5f8192018
SHA25637ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471
SHA5120c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3
-
Filesize
19KB
MD55d26652b0f420ca6ba2bfa00b84eea38
SHA18dc1d2a7cb6b857344c120544f842fccdaa97e79
SHA256654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c
SHA5125e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419
-
Filesize
18KB
MD5c7f0f7e0a7562225d7b60b88459bde92
SHA196c432044ecf7d346e09c6c46f5ca163396d97f8
SHA256516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353
SHA51205cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999
-
Filesize
18KB
MD5c9c8df325a05d227bc32a5d854713c4a
SHA1cf9ea69ccebd1ef0bd46beff01254a02c5fb0131
SHA2567a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf
SHA512fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97
-
Filesize
18KB
MD5e771e643a2f47b5d527aa4dd1e857aed
SHA1ddb6ebbdc354122989c67ed9cc2555da640b16e5
SHA2568c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15
SHA51214d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9
-
Filesize
19KB
MD5ea1fc85ccabec5aa1ae22452afbafac1
SHA18ea9da27d9335f80c76867837688218b78311148
SHA256f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483
SHA51242a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479
-
Filesize
18KB
MD53f14df8e4be6100673090c43eb3c3476
SHA161c1e35aeb6cb477077416f050c344fb18f5f87b
SHA25609eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2
SHA5127988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c
-
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\zh-Hans\System.CommandLine.resources.dll
Filesize18KB
MD5c182eebde556be386ca5b656974993fa
SHA1864aab5c6e71bc3537612c2541e7737d02e6f4c0
SHA256d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd
SHA5123613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52
-
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-user-secrets\8.0.6-servicing.24269.9\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json
Filesize340B
MD5db8f50afa10272bdd9c658a08ee151f6
SHA1be0fb5b4d6a013e2a9f024a11a2e87e827bf6ea7
SHA2569930b35481aeac719b7c7e90c5a3b55019be2017f11b0a1e83b4b3199f67e368
SHA5124f237d5c266101e6f58073767bf02642f035271cb960297c693ab79a94792cf0a0f8364035c7a210ead4529976bd8634d11b7a9ef04f48a05ed8bb2225729d30
-
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Numerics.Vectors.dll
Filesize113KB
MD5aaa2cbf14e06e9d3586d8a4ed455db33
SHA13d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA2561d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA5120b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
-
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll
Filesize25KB
MD5e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA12242627282f9e07e37b274ea36fac2d3cd9c9110
SHA2564f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
-
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\cs\System.CommandLine.resources.dll
Filesize18KB
MD52f679e46823cf54660405eda0dbf0842
SHA129fdcbd753e36022b6308425dad9323e5f3472fb
SHA2566c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf
SHA512f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5
-
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\System.CommandLine.resources.dll
Filesize19KB
MD57717b3eae55b3ec74f40699c1b9896c0
SHA11483166af6059633de2e20545bc3f3cb6f035304
SHA2568a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02
SHA512c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b
-
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\Microsoft.Bcl.AsyncInterfaces.dll
Filesize26KB
MD5ff34978b62d5e0be84a895d9c30f99ae
SHA174dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA25680678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA5127f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28
-
Filesize
20KB
MD5ecdfe8ede869d2ccc6bf99981ea96400
SHA12f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA5125fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
-
Filesize
138KB
MD5f09441a1ee47fb3e6571a3a448e05baf
SHA13c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA5120199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6
-
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Encodings.Web.dll
Filesize77KB
MD5fa9d0d182c63c49a4c567f7c1652b6e6
SHA155ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc
SHA256e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84
SHA51258f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7
-
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll
Filesize627KB
MD563f1d0b53ce47b0ac3216281c8bcaf24
SHA1090cb7392ed07a94d237b5aa2175689faaf49b7b
SHA256de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb
SHA512386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521
-
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.ValueTuple.dll
Filesize24KB
MD523ee4302e85013a1eb4324c414d561d5
SHA1d1664731719e85aad7a2273685d77feb0204ec98
SHA256e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA5126b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32
-
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.props
Filesize295B
MD5a5dcc9e5bf323d748b26652e11956905
SHA17f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA2562ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA51279d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae
-
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets
Filesize297B
MD55725a6d47308db618d015c3e55dd499c
SHA19b3e1ac8d62d522505f57fee89a249ac33325edd
SHA25661af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798
-
Filesize
4KB
MD5a22cdd3374234d3a50c2ace2dc33a63f
SHA1d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA51271d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61
-
Filesize
19KB
MD579e57433e70b5a0a300303dfc5d759b4
SHA1cfe5862964f3b389cbac01e157e9ade0031e45ef
SHA256b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8
SHA5128f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4
-
Filesize
152B
MD5302c3de891ef3a75b81a269db4e1cf22
SHA15401eb5166da78256771e8e0281ca2d1f471c76f
SHA2561d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58
SHA512da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33
-
Filesize
152B
MD5c9efc5ba989271670c86d3d3dd581b39
SHA13ad714bcf6bac85e368b8ba379540698d038084f
SHA256c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3
SHA512c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD5929b1f88aa0b766609e4ca5b9770dc24
SHA1c1f16f77e4f4aecc80dadd25ea15ed10936cc901
SHA256965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074
SHA512fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
27KB
MD517b6743977bcc7a7bb29fafc37f142d5
SHA1a06d514d3d380b8c28696bba059c62cfc54deaa2
SHA2567475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3
SHA5121696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9
-
Filesize
63KB
MD5a5cc79fbd666432c461daec09604f082
SHA19a3df93d85aca657c5c8b60f9b4063128319647e
SHA2569a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279
SHA512f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62
-
Filesize
95KB
MD54be089bfbdee326fd6f17a0fc2e632fd
SHA1106f03810af3dcf08497b763282c1e04a2940025
SHA256c25f68a49df2d09416f7abde84a7d65d1778ecea6e1603ad2e16ada727ae3b23
SHA512f5ad18a47d4f1576dc179edf0b71e5dbfa1bc3193054184b0599b002f89f98c74e653aed1d5d04bf3720280a6758619daaecd5ebf4677981d0bee08f04b4087b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD57dcbe81411407e0ac5a0dc070b5c47e0
SHA100882818927fff1971f10eed25f54bdcf9698f9b
SHA25644658d8b0902577472ffc3beb49a06f49bf2e7986e44d29cba0e05d5317df73d
SHA512dbad2dcc569a30de7bd2474fb86cd0c0dbcdb793a02a694072d6241bc3e341a339627c99ef82750db92f901bbbfd377420cec419dd779a3ee4baa9f1a0571a2e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD59e906fd8162f51cddd2a07f91611ac39
SHA1971094e4746079d32ccdf6039c626fb8143bbe4c
SHA256176078f810c0b509ba95a9a910afd2f33850a19992039fa0324c5350e82471d4
SHA512cd2814dc5c100df23162ccb05a16f95501bbd7b0a23de15e987d9981a33c2448da4f16247443af9f47a54215944353352909517a695d59f4cd2378ffaa733886
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD550405a68fd9e9c921e162ca72afdec65
SHA180062094ba3db56e940e26e9469e153ba0bd7525
SHA256bd68607fc371351d01a549fd4d282bf4083df4d11c3990fde7c91b59712e31d5
SHA51257368fed9b21b160cff41c1be86435ad007e3509d39fd88366ded9cd74caaaa9d9b95a61a14929437ea9dbd478bc3994d81ea31c73129a599f577e406e83deda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD583532bd62a34da9c5ad1d7679838ad6f
SHA1aa69838527941c24be521fb4359ac6ae1d9356bf
SHA256c66d7644cabd196a6e7e93dc20199ed1e9b7035231c566ece5b0bff0ead32e6a
SHA51208a3a416ef074f9a506ce3161f21d14f1080e965c9aaae71389753bc19df69ff759983888959104affa3041e741bb74dddcf8e684e2f6026b2c1c2b9408099d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD552bff2021e0962b9443a0954c930dd10
SHA1f4350af76148c2d079435f547c9475ba54bbb3cd
SHA25602228abb4bb9d108d9942449ba396d4279997e783ed2ef70bfba573203f08fc6
SHA512a74eba53755e9d3eec34c719a8b557b3c14388695d3bfe6da5bd6c7f4e9229b0c4d2ad37226099358da9d674e7f0d777a58d95fda14199ea46e6f9a7bb24fe39
-
Filesize
10KB
MD5f144a0b165c6a6d477dd3633243fd208
SHA16f3b9ea0d6baf3f8c3f7a7642907d61b05858ef9
SHA256cfe7f63195ba76bb665670a45789b22087f38dcbacce2687e162a9171a37326c
SHA5123e603cc90fcfdb95645de2b252795f69231e2b14ee807c0420a436e0ec37a5529fc33db0bd6fd6f2264a9618530cb088ff14027002a19a9239088ecddcc997ac
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
705B
MD5f50accbcb221676923d8822262c423b1
SHA1983bc24ddd705b5f23f7d82c6f08282389e4e0b7
SHA2564599df84b3df92da62189751a9bca60fd9e0423dde2b16ec1ab7bb9695eb6c5b
SHA512434ceadc4f0d305ab5622049c2d9ed5c1c264c981ecb7f22ab565cac9a008b615fb3cc1e52df3290626874e4035b93e31e1512149a76600a5276adc5c658978f
-
Filesize
9KB
MD50a3394ee2dcd9b0dd52ab81541dd3f3c
SHA1085238facc442d2c590a6e60d046b93e3158b89b
SHA256ca3182f713e0c4abb75005443571feab4e25b1c8176892d6a7fd9a143f08de11
SHA512706687db2493406fe90900894d59b1307ed159cb3ca08163caf265064523a6c61ef8950333fb40b50767df47bd8bbfc9eab279e05ed4c253f98ad817ff3eb910
-
Filesize
5KB
MD548afb5e172d4386be5955cada5e48cf5
SHA1e4f33cb4b43137d3361209f1e12e1ff6c5ed6ab3
SHA2569aba28f6c6c928bf12e006264baf90e9bd69d997562cc7ee74d6cb806179479c
SHA512f32d70006ac79cabab5d23be5eb4caed7b7563d73b2b986555b0a6267f456a5f3c26d81680a4709fe6ad9b6d12a4bb89561f61945b4caf823fb352b4d912b537
-
Filesize
6KB
MD577a051b9d5f478c2c0cd25399c0553bf
SHA1172a127fb75d7d7b0acd0d3ed31d0b0681db8d3f
SHA256b6b15d409ae61afcd0ea2db366c163d8ca3e64e5e13f47744ab976e623eb66d9
SHA512ac6c4a0b425d8f4f9ef3b8615811b270b2aa3bdc5c09030eb7b2e149d9bb5368c6bef63183b63a63a84d19578323f46ff9d592b62c007c8bd30fb6fb9704c5e1
-
Filesize
12KB
MD5fbea35590f36b796c0d1c4051912f79b
SHA1144ef43f6818657b28f01b44979ba627939758ae
SHA256b2e14358f78264c0a8ac8654155f6710e79a7cbee8f9a84ffbc87694234a2d44
SHA5120abc1df3e2796de3fff134b50e4d6922dba00b248e0dd8664b00efbbfe0353455e5b3fa68f90936c214f1797196aa327e1f812d2ed0ffefa12b1e11eded61caf
-
Filesize
12KB
MD53bc682c1632775042a3a31d584f8cc33
SHA169b8262cc32275b43c7f378b81dd9ae13d28dcba
SHA25637e300b28be08dde82fe531376cd69c85ec34bd06cdba1087ec925c1f7c4bbf3
SHA512761f800515be8511c684bd06669b11392fcaf70cd6506c274f7832caab1b17eb7d061ddc2f28eec88670e32c203d437935baf77c1de071a5aca15dad4232b9ae
-
Filesize
12KB
MD516a9e3a8ee9a6eb6f95130012990771f
SHA12c690ef9744c1c48ce04f0ddceef682952aa9790
SHA256c0e3b8470babb9d879f7c4abf8d9a6c9fc7371f6d61181b9346f92132d371369
SHA512d0a7b0f12f04a66ef385f84854ef92cdc7c6053002d63591655b18073df981a3cb537a2c17a32289c50d8d2cf284a4ac43450957715c40418dc14d99c062a01d
-
Filesize
11KB
MD580222cedc3322a3952b6efbefc2ecedf
SHA102b6dab671f0705e417fcf27d96443a8d4ad6a20
SHA256f26c7b6745048ae4837860dacda6978031dc47dc99d012ccc768f17a71234ca2
SHA512acc964ca3c0654e698d9f3b7ea756f7938ebc5acc4f509571734b0f15675ff2d90d51a214f3d81481ab18c4b1142cea5b3b3700ef48d9c06ae27b0b3890eb448
-
Filesize
6KB
MD5bccbff7fa18f7b46dfcd50b4f43164bd
SHA13e5f129ddcdbe284e79c472296dcf3689dd0c114
SHA256c965af68311a662aa9b1cd53b40d45b76056f875779466b8e80faa807d40595f
SHA512ac1809a3794ea7362614025b4e96f0680e57dee13bb1e04fdd144081384ed87018349088d0190f23b04be6497a5eaf597f6dd4b1d99a4fdff36608ce937acf88
-
Filesize
13KB
MD5a4dda6542d8d4e3ca2f1e6c5cad7e3b6
SHA1ea7bdfa88407f5fa3eeb9469f96f4ac4e0f6c94b
SHA25661cb3744f2d612444915a692be326ee0a3c5e4b8315819304ba8444039aa0f4e
SHA512356527352aa1ef97af4f186e57275b0c1616894c93abc3cc9ef21df4258c40b5929f4aae2c73e0d08971cc04ee8ede6c6c5c2e58d03d8e38202520794b69e7e9
-
Filesize
10KB
MD50d81bcf01cda02710225d4dd8df55793
SHA1e96bc8ebf98b3d7f5a6f0adb94283c5f2748ddc8
SHA256e390d342d7b9d887cdc3072e8db424a360f8767e59db5c774d18173baf2b665b
SHA512fd9909588a133d89a0175f590e10736f77bd7b7889d105f5cf09932c98ad3fe17fbca2f6aad2b9278ce11ad77303a89ed1113ac64987c8b1ecf0de3842f52607
-
Filesize
9KB
MD57ffbe61fc1be8e56c08ea3bef6a7a9f5
SHA1cd00c5659784eaee0c4d492641b4261de25a4eea
SHA256f966b703791a9a2f643b54e0ec7d459b89e4babd6bf5b84c7a8c94bb31a6a0e1
SHA5123111473082641ca1f48e4ff4c99035d12ea4b718d30e101775b4deabbccef9f1496187c6f14d3243175c31c952dac567ea51da8327dd198b6b8174f15175f45d
-
Filesize
6KB
MD5079849b417d7bbcd386452badacb96c0
SHA12a36c9200c30d98728b332be1e6a87e5750582e0
SHA256aeff61943c2eea9a7c0cbbb1db053d3f7954509ce451654f59157e0bba06b0f7
SHA512a1d6ded55b58b9734f57a88f148dab28b4f0b82cba4a85f364a973e9a91fc89466d5d5a2399e8b0d4b6f051609b009258f55b012ce5bc1c965e9ea599669b40b
-
Filesize
12KB
MD576e687a67ea0df0fe13e6baa3eb4a1e4
SHA14c7c7b965df40ba225975136de34c301b7e40dc1
SHA2565c33a1377fa443b0c3733fd9e1abcfcc4c0476b9d56fdd78cd7b5999e75d4fdd
SHA512300583e736aaf4ee03484fd17b35dea66828f2b4315048f50bbf091035903726601ac2b9a5dcf3f7b14342ca0c07efa62a79896d4a99bc44284bd3abb0382282
-
Filesize
12KB
MD5638c3ceea629e5140f6c71e09f30666b
SHA17563d507caab233f3d92279eb5e27e46e3a58cbe
SHA25637c10efa4c4521f67cb830b26ca182ddb9a045f12f0abe1b47b3f74db3840b64
SHA512556f55c83089a1106dfb206d3478d359c0404eb145b17db0bf20e13f45503bb287cb7936053bda8998cd272d73ec9a62886ddbec4b5f5e8518a34416f98fc6e4
-
Filesize
2KB
MD5f1088422c8592102e7c3e1c4b86d9b44
SHA1b022e16a2152e771a997dfffe17378c0373a66c8
SHA2560fdc1bb0b8f3eef6e8b9fb914e37800290a58ea4a58d20bd1e26100d7f21c50a
SHA51285cf150cce1a308b9b5ffa26052bd7d34a0db0d78b28caf413d6c1cd930aec9fa2e7176293c56f03a57f07fffb5c2d946ba24cb6c65aca76805f671c914cd49b
-
Filesize
2KB
MD59c4367847d5f099aa2650a3ee82b0771
SHA16bfd40a15c92ec662c64fce86b5d2a72c5ae450d
SHA2564faba03709df2a59105e490caf2aed7ee2938c41ebd539ef2bde7f7800d91e07
SHA512b821725234b67f23d2a275d8b9cd73208b50d90fb90f4b5348b4d2eda3abfb5026338575b2410866b2cf3e8b14472fa476d90ea0a1781677f1656741f4184984
-
Filesize
2KB
MD58f975172dfae70e13c0db92b62a9032e
SHA1171515912fea30ede9fa3b9931572ff6a2c6aae4
SHA2564011c1fef0e09abbb89dc0e6aba59d2e826f13e253168ed5c0144a314b739d9d
SHA51298be8439b6788c7ffdd8bef3295bd0446c93aa6d74ecdda3a3158e9c649ca630cd331d0b0f4626192e5a6ead02611a93f326eb51fc14de4450eff031aebe513e
-
Filesize
2KB
MD5f6b49dfb8a14eedb971d06712ced514f
SHA10cb8bc2e658931565f0d3c29a0018a18be63b465
SHA256662740236bbb55cc1570a7f1995596e4ee0a898b445a3944ff9644527ffcfca6
SHA5127825c683ef1025f4ab03b94c5f1b82a69d1d90c61d8d8baef0d80fc326e17d40edea47d98ea4458c1ee69cc1167383e456bb58492538dcd89bd004b25b8f3cde
-
Filesize
2KB
MD5c0a48ed8f635cb67af9b3a0b9777b66e
SHA1815104b29959f85e19ad907c489f6009ae9f4531
SHA256529c31bd9a35d7d1778d5f401133d9cd5cc488509da9d7fc39a2f2f00a87ec42
SHA512fb7079ac55d22e7ec5c5f248d4ce24bcba5ef7ccf7e3943ecb5a24011d2ea8a73588a951433d229062f1fb047ab6013a14050a920b2b99d9649b11fe52170d63
-
Filesize
2KB
MD515a9426b51ad6c26331e615a8b6255b8
SHA1110c3ea5772c3de1e1dbcfb520dc535f45fb1cd8
SHA256793b4e0328acd3786c7715c17256fde5621e4c30d48937d933841acd6e06301e
SHA5121008bc3fae4e5a4a006d44c8cb6a40e81a4294f8bea538ad28e5d608d3f8cbc1bde4fd9ee21a76ac87cc9a5c26f304660065e09b164e3883ad54659ce6326d48
-
Filesize
2KB
MD527257f3e2b95e0700faaa08000bda524
SHA1700a420db89159038d965793f260e38da167c696
SHA2560fe72c98ae4a3f9319b4d1896332702b52def67b16bd3bc96510b6f844c07dd9
SHA5121213fcaaf4fa777923c2e243762339c4d5c2ae47b308615dd42dbe5562db6ff268259aa12dfe397ae03218a0808a1f88f74e40dbf876a2ae277038375248e569
-
Filesize
1KB
MD5ad81cd49dea406baf514fba112346848
SHA1249948f5ff883c861922b66a264ac3704c310a1f
SHA256c0fd84974accec7d8bad18d7a14727d1f9c8d2367fb2e0b65a746c0e33cebe7e
SHA512400c9cfe4b63ba1b502199b54ae538b1d4b841ceda39ff292c89203ff4104b3dda7477a3c9da08980dcc5c039296024892a08c8e93174512ff4c79bccfbb05c0
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5ee8c601c06899301802fab88de0bfc2e
SHA1acce6a3444d92d4670bb046691f77ef265fde158
SHA25608ea7754f819b8c9c8f65c6bde13627b0584065415302729da1ea82cb8f51f36
SHA512115d3516d0ca516454df9eea9a704712634d002e3ac04146a496c1d8e81cc79d29f909031787d3114a6d5114fd8c0e414d2e3f2df0b75ab7ac1a7efcec97f300
-
Filesize
11KB
MD5571d453d7fd4e84c69db58d55b77affd
SHA1864919a40772d54d09bb57c7ee500fb41328460a
SHA2563737db19c75d2cd5c83367169c08359a8c9ef6cc5f3d7eda7058ef5423b32426
SHA5124bb258cfeece8d05c4819618791bd4253731e0086bf64b9e5bf6e2973405315db9359efa745fea8d104b36d0eb4f7ab0ae918351c7ac327beecf7c24d7d26dea
-
Filesize
11KB
MD5c5f94e9dfc313c41c97b27a40e23ffbb
SHA159340660546e6fa1692a32da00b12bf20c5f13cd
SHA256018795fe4e297065dffc76e8e5c31760f70d79caa66a4ec42e2f53c49272c1bb
SHA5124b6323917a202293cc6a21623012c72d45b49075d0b62e084181970ca5878697d605f5dc3068415f430490fb182b5ecb77be6d049c120efc52a9103ae3736d01
-
Filesize
11KB
MD532db77c52bd6ab96677bcc47167e991a
SHA16b1fad7adff558e09261799fb457ac1022c1afac
SHA2560535f2e9b552b149d62d9fc43a13abacdd2a609dd120505d535870fb0e228147
SHA512601340dda54e937354ac1e057b1513348b005832a8fe780b358f0c4d9ffa878837bf9bff7e16c96e3cff24919f1acdb0d00cfab8f095d05cb779d6e28d205876
-
Filesize
11KB
MD5b99aba411224daab24e44b994a75657c
SHA1b28e9dff40b8a8f93c64066928ffb1d3b9171d0f
SHA25666377acdb755070ee84c460280fd6ca0bb4cac369221012a9a5b1f4bdd5a41ab
SHA512567abbea53034149a9c4860dde31986e8d21c2ee2ee983079465c6fb31c83d0e215bf8636d73e5bfa207aa04496eaf9dc78aacfb03d4a2e2a86d618d885dfdea
-
Filesize
11KB
MD54052986e8effbf8bf7ad6c4fd6f141e8
SHA126e9072d84023a4d27aca2f7f5421f628362f72a
SHA2565dace61efacec4e296e5550eee7aded2c008e87828cd198b59e1e211407ba6f7
SHA5129d461933b9d8622d30f99b0d4d54fe9a4ab2d23cc40a089baedc6586f778c1873e7e0785f0bc8107f44908c92968777189c62581f8f91d565803781257d1ce74
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5eed1599235b9dd933e13cbd5751d7eec
SHA1d461f7edc8bdb31b672f97b18d34e38bb7c96c4b
SHA25613ee96f0fd8b45de1603cea7aa86ddaa749ea580989d6cb806d944f3547fbf43
SHA5129679690676ef1ede8030e26359381a092eaec7cb671d51e91d8cd446006301bcb98518b977fd5d475e777baa11dd28e69135c517e3b3d74475134bfed4e8da9e
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.302_(x64)_20241005194600_000_dotnet_runtime_8.0.6_win_x64.msi.log
Filesize3KB
MD52f92ef92cacd83999f942c5b1e90fefc
SHA18a7ed19e84d8e5979d7042f0271d20d95cff79c3
SHA256d3b1e583039586ecc064f92556e0b4e90f535ab7753c0d6a4c3a1eb9bf6db0bd
SHA5128d50d5b4236ec7061ed043869b9883f86a4c5457691ec98aec88e44dbce897204b386eb3d1ca34eb1dec9098b36887e1aa0dfe63373dacd30666940ed5196f00
-
Filesize
15KB
MD5d095b082b7c5ba4665d40d9c5042af6d
SHA12220277304af105ca6c56219f56f04e894b28d27
SHA256b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
SHA51261fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
-
Filesize
5KB
MD550016010fb0d8db2bc4cd258ceb43be5
SHA144ba95ee12e69da72478cf358c93533a9c7a01dc
SHA25632230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
SHA512ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
Filesize
12KB
MD54add245d4ba34b04f213409bfe504c07
SHA1ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA2569111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA5121bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
Filesize
4KB
MD5d458b8251443536e4a334147e0170e95
SHA1ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3
SHA2564913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7
SHA5126ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1
-
Filesize
1KB
MD51d60d79e953b1c4467a15aad8092ea3a
SHA1ef50fd7ee268abf029b066e84cbc4e1a328085ff
SHA2564241d9083afa9fd33967ced97022bb57c20dd158f525cab378bf97e3d397dbce
SHA5125d9ddecb3b25c98cf7febbfd345f2b5fbb1ef1315d6c0345268cae43ecaafa5890351565f08361c869527a03d4d3a759b13ba93d12c46718d6294fd2e616e69c
-
Filesize
1KB
MD55d8c32fc7ef563823715eaf7b33bba6c
SHA1bc364055939e3adc75677903838a63939b291f16
SHA256aff738fe39394e675af719b5c8a2e8cde8b863ef99bbd8d3efb578155976b10e
SHA51246d9f35a48b7eca2ec84f17c694281cc44c82df13fd19bf161be4fd43d93d9f3e694a2351d5e718e5fe7cc5914343697509023894e43a0217dc28d85964fa91c
-
Filesize
1KB
MD528767a1ab776cd278e1e42b375811a12
SHA16e5dfd7e6d20bb5b885211830248c967ca6a298b
SHA25637180af33f10cc28b4a03639d98fe041c67622c9468da2a1dad143c442b6b2ec
SHA512355db003eec63998d6184dd916c7cf263db421c73f04133448346f4274d3709fd458b89fffaa4f14bad0b7ce3cf5209a8a9f6b49f8a302bd70323a29b40ec606
-
Filesize
1KB
MD5854bff0b1ff068615fb2748e4c72b0d9
SHA1755eb32becd504ab7d95d348789bf508e56e2546
SHA25656cb78dbc3875389abd57a6934f6f14993f565c147e51fa8dcf3027a69bf1bf3
SHA512e4b3764fbf60095cdfe478b272c3d67fa583a58da2bf7afcf3bf5a28369b2ab9beb54ceea25a3b84e8a11982df02d5bbf6570150a3c2ed175d64852e286e8d06
-
Filesize
9KB
MD51d8f01a83ddd259bc339902c1d33c8f1
SHA19f7806af462c94c39e2ec6cc9c7ad05c44eba04e
SHA2564b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
SHA51228bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize12KB
MD5f2e41b29c1c78e6a1ab2fb9fd3ae351b
SHA13d5c78244a926e3e4c96426a0d97918b80534867
SHA2566530df8f426fb0900b586d9da527beea6734819df45181e8b7a0a214962a2fa9
SHA512ae4cd826dfa57a1b45e56ef66572483773d64cb4f004eac938730215bd3072f7e45013c281d1216882f0528b84678928740e6c42312b8b4b999543e9aff104db
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize14KB
MD5dc6545e4b4929c864de2b961e2fcb30a
SHA114f80cd0435b2c3c1daf7a40674a9fd068e0fd51
SHA2566fcbd351ad9975aeab8647f6b2d5a5b0737ca8b5c02af2fde02544ac966bbdc0
SHA512dfe662e8582983350bab3d955b8d7c4a493b1e0bd5f78997252357280d121b421bcf942e2c0d11644dce0e0598dd6ef5a33846f2203a6d42b9a28f9f93f4f4c7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize14KB
MD59c6b87595f08f3bc68321e9d1038bf94
SHA1c55fb9969c28900981dfbd61c4025faf44a32c56
SHA256f591edb2e2c67e6c2f92412ca2f856f5d9d196b002b0f9056435c92656db6251
SHA5123d1b0e7954250a6a6b416904c9caf3acc20d0c3c2519498bea61fb15547332423eb2dcd158048f7e2b77535e7fdb1b5b3932c97f5c42affc0acd1e9bb243f20a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize16KB
MD5085d59636a6d4211775ae419e6213585
SHA11f0b21588f23395b4a739b9806821c10bed5006a
SHA2564a747e2b2ee2d4d40d164cbbb10dbd9d5ee460db77b8bf0318020752b27d9a14
SHA512d8f53460de44b84768bcfbcec1e86db6fe303da6aa5c5287a0bd38c008518927977b004c9392281b3edf8dbb03346556c65085422804362c6213e91486fdb69f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize16KB
MD59f48f72ba555cc5a7ac556eb607b3114
SHA1f5ed41636068894f0477e6179012f2f63224c6fd
SHA2569ea4ae60df2a5f9ee503fa45fa4f6eb19df1745183bde34315ba893a6bd774a6
SHA51234faeb4f583a6989c5a39d95c64572e7d6c3ced0c846dd5725e9f7943be89b626506905343a01209fb604f47d0d23459720a379fe4ec18e0e076dccdfd3b4545
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5fc96045cb74bc7f177a683876a1f5c40
SHA1a7dc8738ba602c8aefbd81a2015dd0e81981b3a7
SHA25658d3c281cdafb453ea4071ad477750faf54adb14fd56a6f38033c31ac298b439
SHA5125f439187c41806f1d1aa6008ec098e58b09c112c28f72eb53d99d8125cebdaa280a90300cef54773b78afb2150ad17038067bd45fe9893a229f4bd33b94c20f4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5ca626262016f08361966b1b578848b3c
SHA1aa9c8cef79dd117c0f557d8c4873bd921246a0bb
SHA256805e9817bc2dd5c287446e53fe4ce4f566183d6516fcd9d1167e7f3a4b08a9a5
SHA512f48e507102258d601d114feccf4356abc0726bc78fd56c0400c4c6fe94639e0e66ed4c42715fb53a16ed6850a8e81745e6580922ab17fa6680cd4ba3e161fbaa
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5efb1028a7e6159c2e0a2bd41257c2105
SHA111873cbfc504ad2ab08c9682e8e6cafd0b184a68
SHA256ff48b8bf355ed5a983d67f8159d9824f3c019e8513ab6116decbc7f0e40b410a
SHA5121a93b5a6767ef611a2dbe0bed575d31994bd7c0c57c72f5c9197c9c7edc0a3cbc707ffa5c1cbfdacd5ddafb86909025b8338f6e2705f5f81d56080fb1e69b258
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5a4eee825899ebc778c07b9f2aaaf9359
SHA1cd1f87ee8b6f24ee5f417c7335015d5b684ceec9
SHA256e01da27cdd84ce43ba8762bd77999d41176619372c185551b346f8319d50d853
SHA512c73eb948cd54837f7fbfdb95a9a68075419a3c81000394f0f1e2594be3dd668bc7cb5f987d281900d21a92483d2d815cb8f71126f444781d77b4aa9d5fa73ebd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD513a894154ce2ea0344a54d8941613173
SHA120cd2867c5805814a7563f24e508e3aea74b1746
SHA256bc5f530615ea275abe72b8ae1f97266c99dae10b7877547acaeeb5db876cf1ef
SHA512236f795af0d4f544b1f60188db65e563fbf9499c082dca560adf729d8bfb0baf8953860167acd4624ad581ef9b88543d2e11e95b000b621b58d358780c89a857
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
Filesize9KB
MD5232acb0132e773df26ba00bae2c104b9
SHA165bcc6dc2072be89c8ba28d03f91450c6cdc5fe7
SHA25636e93abce798bb6cfc1ef01037ca56799988e79bb63529f03c9fc7e08497a9af
SHA5124fb82bee0a143bfcc9755269e0460bc618b8591aa8e140626ea04a2f493c8efd127badb1f36132acec336a59276e96dc1286a55e0cfcf3504e7fad47b25f722a
-
Filesize
646B
MD5f07150054a6afff4d8e9d58899167722
SHA1e092cd960ab728667d91b37d64a02d7f6821518b
SHA2565b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0
SHA5128c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9
-
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk\res\mipmap-xxxhdpi\app_icon.png
Filesize25KB
MD523ebb44f8e6c793d4435d060f36fbbfd
SHA1aab038dbc244f91d307c31594b2a6474f359477f
SHA256eedd41a8ff61128d9860820c28730e5b670a65fde2d95d11864a08ff816c10a2
SHA512c3752bb519618290fb2b46d1530ad6194a688248ab817b78f2c156e3c4cbb7b5f8744f7776de14210521decb78b514962c393a0ac34c658e4677bb4b19e2a7bc
-
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk\smali\bitter\jnibridge\test.1
Filesize4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
20.8MB
MD51e005973da05e0682767b687e3501f58
SHA1439cc1f781dd48f3a771eafec1fd1661f52b57a0
SHA2566c5a7fb80b7a7c6433d69a6d2fd37fa4d42e97a9ca01b7ccaf4412d5f3c9aef6
SHA512e5315da2609e163f2dd28976f4295ff081a1069256d901c368042342ffbe1cb6be1ad205fa45b8fbe28ea73c7200c039b06e0c4efd53cef55bf05048c3340885
-
Filesize
4.6MB
MD5d401161afb56b8647202e031cec1ae78
SHA16eb7ed61ccdb0bd5018271a3ec24b63b913fc281
SHA25681470eb5917705fa0df03181b8112422671842bdcec5252a7894975b38058c91
SHA51201df1134b9f4d6bb44a8f23a9ba8191dbfb20ed1eb5f249331000955f6b340b1e3e3a6c0e237456a39a712f77d90fe85fc4b946832c88fe4617e45daea9c966b
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
244KB
MD560e8c139e673b9eb49dc83718278bc88
SHA100a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103
-
Filesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
Filesize
29.3MB
MD57f7a2c9903b501e6be319643903bd746
SHA1a9701397d76ad81cb24ab9839c1f6a55fe6c53f8
SHA256fc0dd518f516da1c1d23a7bf46872a36e2010fd34f5e1218d1bbc13982e5ce8f
SHA512eacb67d3cb534bb87d34f57049592f164e26f3669317e0524e0ae784bb4414e63ffbde24d82a8971629c203e689a64e15631f62754feae1ad65718d772d660b2
-
Filesize
2.8MB
MD5530cdc2131a73274841b3b252c4f25c5
SHA1f94d26a2b5e25553f45606195e36602f99d9fd16
SHA2566dbff1653d21d8a5abac7810e3633b19ff79c17c65b3ed923c956d94bae6911c
SHA512bba32fc50ac3240f84f723610978c26ed721d9aa53120d0490c1c2c7a132afecae934a8d880af927ad0012e9d3bf3b51a74c84ff4995678fe317c351b6bc4121
-
Filesize
9.8MB
MD595ef87ddde1ab91572fad2b265a1c0d7
SHA16ce9eec5c6dba24233f29cc790e7578e49ec6a73
SHA256ad640d7c9a7acce17f117607b6bbff38d4d1bc4e90b8f08fe9541fcfc12f5ead
SHA51230c796bac647b2999e354be1c4db0cf95958a97881030ced6631101c75fa6d4ddf3b60a3c40e92e61a78ad53bb8f2093786026ad857ec0a5c2365dd0e7210d5a
-
Filesize
638KB
MD517d65c997840d353675b0a994998108d
SHA13bad1ce7d70b0858e0d15663c9bc20554e394986
SHA25673566ff17c61e86a5b4665301e6c50f50fbd645ba5536a80a50424d209be3599
SHA512cc367dc1a62379e0e50a0a67b6840debd049a4c20c029929795ad23bcb048b7194e0eedfa6fdad56b2f28d90ebb31616918f932f5b8a43bda24e11d62e7d7305
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
215KB
MD5f68f43f809840328f4e993a54b0d5e62
SHA101da48ce6c81df4835b4c2eca7e1d447be893d39
SHA256e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e
SHA512a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1
-
Filesize
170KB
MD538f91969ff82209c624d004795e14066
SHA1786c2aa3ca0b2f9845e377b480dc9cb06045dc70
SHA256da912e5cb5b749cd65b67c650808400db80a3401b32dae74c3561d034e4e2cce
SHA512f597c1066d8296a8812531e24d8d9614f0db4136f30e941d0526ff62da319c16db88476492d2584827c6d3f5ecd73533b5ea74a110d63ce5b1edcc9dd0784a9f
-
Filesize
4.6MB
MD53a859c59aff2bf33f8e2d9c0db02896d
SHA19a7b6c27076a7ca196937664ede41dc53340d823
SHA256c1756025a4bbd7f6c0004c29c700c88c1e1f3b2c0d705ec210ec0e75d23596cb
SHA5129680b79a079a59db8a30ec2eb8f122e7302a70f2099819802e0efe288661166dc2f587f7be68e8b9cf2a94fde7415e5d3d13b87b713a6e5e300f622c56b3f8c1
-
Filesize
4.3MB
MD544fb621ea4f6a6928e727b327b89e6f2
SHA1dbf48dbbd16b20b1bf1e7bad2e5379068abd3ba3
SHA256d66f8bf0592028ee30749a6a76ebde5faeaca99672fd853993f906b7da0618f3
SHA512656c8e8b882a53990a47141e7ea9a417b6bb9fadcb36865e59c2ea127da9daf1341316ed8a2ac9e0bc121b6a08bb8e1e61672ac45d7919ff32aad10794fabd63
-
Filesize
4.0MB
MD5665944ffd740fd6a3be01598a10ef391
SHA1622ceedccb1a06595ef2bba2d199571dfaba2f0a
SHA256f0b811f806869beaa54e84c898cb80fd5ec20efe613b6b6b3f8f1a9b1bd558a9
SHA5124c5dc8113a968ef81377ad04a2c8fc991d9ea76afe5a2afd200a7953ecf40cdc75c83a3b3a6e792b56e63f57a4e5e8fc071df5613733a3548d4804b6137bfdab
-
Filesize
780KB
MD598b6ac90f0e0a7f43e3c88f9099ad70c
SHA1564ee5e09f06404a37c9ef685f2336e5d86a44f7
SHA256cdb9f64aa7845a05713ba42ece610a18c3db1aeb9b11dd33d8ad010c2c0fbd8d
SHA5125feeebaa78617f46b424c4e3e17ff9ea65ec226c8e0a79d8434df3d92aa9e131f96909a64956569c36e1d23f0b9b2c6abb245ca3c89ce3c07b7c93d149028cdd
-
Filesize
848KB
MD5357c01acfdb40c0d8fe9be487170da5d
SHA1eeaf7b56b79013f8ddb1b9d90421f2e03378d81b
SHA2564952b61ca4cd19c4690a24f30f1f437cb416d06756330345e3fa821b9b90f44f
SHA512152556764f958e8c3a9096e0e87ce4893ff93358be279a9a2ad9ada58f011a99a7fd4342ab0685998b0e90673a341e02fb18bc92d8ce0d5dcf7156eb70c4aec7
-
Filesize
26.2MB
MD59616c0869dffc30a2923a890d8b14a67
SHA1174affdbc38a3c7fc15e48528c80e7168d228be0
SHA2565b58566f0b0520d92aa9fbe75b75d6942bf1cf012d80c44d3af96ded3824c3d4
SHA512d5252b4a86a674fcf460a65223dd3261816b6e7865f7b6c1f387b682090e8e6f92601e7b67cff57856b52c086add10e4d55189451ef26829f2a256ba621bcf24
-
Filesize
4.7MB
MD5a9e3c7716c12c4137e7798386dc7b1f7
SHA183645f19a7cab29f798746cb35588e4c24a19ed0
SHA25616aeddf4eb276de2c49c9f7e304b8d1fe3e423e42d90a9c92416f91dc0e95240
SHA51228b010688ff10987d586c6827702e93881a2ea26100e5ac7ad4884ece0c539f52654f06468619461775797372b8a0a2fad72a3dabc7d135a55ff3896caeef0fb
-
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\windowsdesktop_targeting_pack_8.0.6_win_x64.msi
Filesize3.7MB
MD53497d3c2eee3fa306123f21e9e0bfef9
SHA16ea031f3890cb2fc7c66c865acd33ef48532411a
SHA256fb02994080471ff89ce238e279e86cde7180253cbb261886744d9e118916cb33
SHA512bab4ae91fc2845fe058e8be728a46ce7192f261d70135ead064c86cae56aa1b59efd44b1299ed4de0b7b72da62ec5d1b7cf707070b4dbe8ef76852c92837a9e0