hxxps://download[.]visualstudio[.]microsoft[.]com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8[.]0[.]302-win-x64[.]exe

Analysis

max time kernel
1041s
max time network
965s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/10/2024, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 8 IoCs

pid	Process
1260	dotnet-sdk-8.0.302-win-x64.exe
3356	dotnet-sdk-8.0.302-win-x64.exe
1220	dotnet-sdk-8.0.302-win-x64.exe
3436	dotnet.exe
1492	npp.8.6.7.Installer.x64.exe
1148	notepad++.exe
4012	gup.exe
1176	notepad++.exe

Loads dropped DLL 64 IoCs

pid	Process
3356	dotnet-sdk-8.0.302-win-x64.exe
1860	MsiExec.exe
1860	MsiExec.exe
3656	MsiExec.exe
3656	MsiExec.exe
4652	MsiExec.exe
4652	MsiExec.exe
4652	MsiExec.exe
4652	MsiExec.exe
3648	MsiExec.exe
3648	MsiExec.exe
3748	MsiExec.exe
3748	MsiExec.exe
3264	MsiExec.exe
3264	MsiExec.exe
5044	MsiExec.exe
5044	MsiExec.exe
2620	MsiExec.exe
940	MsiExec.exe
940	MsiExec.exe
2280	MsiExec.exe
2280	MsiExec.exe
3924	MsiExec.exe
4728	MsiExec.exe
3656	MsiExec.exe
4848	MsiExec.exe
4392	MsiExec.exe
2108	MsiExec.exe
1492	MsiExec.exe
3952	MsiExec.exe
1644	MsiExec.exe
3036	MsiExec.exe
772	MsiExec.exe
5000	MsiExec.exe
3964	MsiExec.exe
2552	MsiExec.exe
4132	MsiExec.exe
2020	MsiExec.exe
752	MsiExec.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe
3436	dotnet.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{edc38f90-e61a-4ce9-b8c2-759325351312} = "\"C:\\ProgramData\\Package Cache\\{edc38f90-e61a-4ce9-b8c2-759325351312}\\dotnet-sdk-8.0.302-win-x64.exe\" /burn.runonce"	dotnet-sdk-8.0.302-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.Extensions.Hosting.Abstractions.dll	msiexec.exe
File created	C:\Program Files\Notepad++\autoCompletion\cpp.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\FSharp\es\FSharp.Build.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\ru\Microsoft.VisualStudio.TestPlatform.Common.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\es\Microsoft.TestPlatform.CoreUtilities.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_9_none.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\cs\NuGet.Packaging.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net472\cs\Microsoft.DotNet.ApiCompat.Task.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.Build.Tasks.Git\tools\net472\tr\Microsoft.Build.Tasks.Git.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft.NETFramework.targets	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\ref\net8.0\System.Security.Permissions.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\analyzers\dotnet\tr\System.Windows.Forms.Analyzers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\analyzers\dotnet\roslyn4.4\cs\pt-BR\Microsoft.Extensions.Options.SourceGeneration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_5_recommended.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Threading.Tasks.Extensions.dll	msiexec.exe
File created	C:\Program Files\Notepad++\functionList\python.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\batch.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_5_minimum_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Extensions\de\Microsoft.TestPlatform.Extensions.EventLogCollector.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Extensions\ja\Microsoft.TestPlatform.Extensions.BlameDataCollector.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\de\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\analyzers\dotnet\roslyn4.4\cs\fr\Microsoft.Extensions.Logging.Generators.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\de\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitLab\tools\net472\cs\Microsoft.SourceLink.GitLab.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\System.CommandLine.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\dotnet-format.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\mscorlib.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\Notepad++\functionList\powershell.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\MossyLawn.xml	npp.8.6.7.Installer.x64.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_7_minimum.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.AspNetCore.Components.Forms.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Memory.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-x64\8.0.6\runtimes\win-x64\native\nethost.h	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.Extensions.Logging.EventLog.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Localization.Routing.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\NuGet.PackageManagement.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pt-BR\Microsoft.CodeAnalysis.VisualBasic.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft\Microsoft.NET.Build.Extensions\Microsoft.NET.Build.Extensions.ConflictResolution.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Runtime.Serialization.Primitives.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tools\net8.0\System.CommandLine.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelreliability_6_recommended_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\ru\PresentationBuildTasks.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.Build.Tasks.Git\tools\core\pl\Microsoft.Build.Tasks.Git.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\fr\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\tools\core\es\Microsoft.SourceLink.GitHub.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.ComponentModel.Primitives.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-netcore\cs\Microsoft.CodeAnalysis.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\fr\Microsoft.CodeAnalysis.CSharp.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\Microsoft.NET.Sdk.WorkloadManifestReader.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.Build.Tasks.Git\tools\net472\pl\Microsoft.Build.Tasks.Git.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\targets\PublishTargets\Microsoft.NET.Sdk.Publish.Kudu.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\Microsoft.VisualStudio.TestPlatform.Client.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\ja\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Roslyn\bincore\pt-BR\Microsoft.CodeAnalysis.CSharp.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\FSharp\zh-Hans\FSharp.Core.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Reflection.Metadata.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Drawing.Primitives.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\es\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.Extensions.Options.ConfigurationExtensions.xml	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.AzureRepos.Git\tools\net472\ru\Microsoft.SourceLink.AzureRepos.Git.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\ja\PresentationBuildTasks.resources.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI740C.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{976580F3-B710-4C76-8D12-EB1905833370}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3124F2C9B6304AD3.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA449FE8782D63F93.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI147F.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB5511635963E3480.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF867E0EE1C983EE3E.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI66ED.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{98927287-8779-447A-919E-73028D53F719}	msiexec.exe
File created	C:\Windows\Installer\e5b0f58.msi	msiexec.exe
File created	C:\Windows\Installer\e5b0f66.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFBD7BF924363A60A2.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0838DE45695A1EBD.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{CE79B4DA-3D44-493D-8EDC-9CAAD46C7DEF}	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f99.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF247D2B4E86C8C254.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe	msiexec.exe
File created	C:\Windows\Installer\SourceHash{93FD7D11-2248-48DF-84A9-8F66E45E3417}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7A0D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f39.msi	msiexec.exe
File created	C:\Windows\Installer\e5b0f67.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7589D86AD4F08D65.TMP	msiexec.exe
File created	C:\Windows\Installer\e5b0f84.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0fa3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI775A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f2f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1E38.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F3AEB036-4B8A-4C25-B4D2-850944E909C4}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF25BF042094BADA6A.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC13DB0494D0AB99E.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f8a.msi	msiexec.exe
File created	C:\Windows\Installer\e5b0f8f.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD43D3ACB0856DA12.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{59C4A6C5-E254-4819-B254-0B4FF17747EB}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC1438C3E17A13E1D.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI61F6.tmp	msiexec.exe
File created	C:\Windows\Installer\e5b0f85.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8B93.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD95350BDCE23C012.TMP	msiexec.exe
File created	C:\Windows\Installer\e5b0f6c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD4D7793F8692D6D6.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFEE879A557D46151F.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0BA77C2317FB9520.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f67.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8836CB8497501540.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF4DA29CD3364825E0.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0A0D2B543B702D90.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI34EF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2168.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f62.msi	msiexec.exe
File created	C:\Windows\Installer\e5b0f75.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI21B7.tmp	msiexec.exe
File created	C:\Windows\Installer\e5b0f5d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b0f80.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0FA3B31B9CA9289D.TMP	msiexec.exe
File created	C:\Windows\Installer\e5b0fb2.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7A4E85F40DF3EDC7.TMP	msiexec.exe
File created	C:\Windows\Installer\e5b0f38.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI202E.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF3C45C9DBFC2F97F.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8BCE5B435CE0DE07.TMP	msiexec.exe
File created	C:\Windows\Installer\e5b0f39.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2E31.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openssl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ApkToolkit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aapt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openssl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	npp.8.6.7.Installer.x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 57 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D4DD5FE094CE7EA4C8A96FF48F3BAE85\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{edc38f90-e61a-4ce9-b8c2-759325351312}\ = "{edc38f90-e61a-4ce9-b8c2-759325351312}"	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D4DD5FE094CE7EA4C8A96FF48F3BAE85\ProductName = "Microsoft Windows Desktop Runtime - 8.0.6 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\PackageCode = "A9D027F246BCA7540BBE0121B59B19BE"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36FA49A2314054B34BAB6DD1F6BCB0B5	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9FB75A5BA7CF6AF4ABBE641E3789D63F\F_PackageContents	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BBECEB62ED1345840B91B98BBEBFDB1F\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E7A4BA400815AFE64F4BF07AF87EA94D\31AC23820586C0448993612B0D91907F	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\32E6B45832BD9644492B42CBB3CD9AE6\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64\Version = "64.0.5426"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\970223D1904F868349E4DA601A87601A\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.tvOS,8.0.100,17.0.8478,x64\DisplayName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.AspNetCore.SharedFramework_x64_en_US.UTF-8,v8.0.6-servicing.24269.9\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\SourceList\PackageName = "dotnet-runtime-8.0.6-win-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57E95FB650EB96C4C98453236BEDE05C\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\40533F750E62A00488FB80ED832F9352\Provider	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0 = 66003100000000004559119e10004d4f4f4b49457e312e41504b00004a0009000400efbe4559109e4559119e2e000000f7c8020000000600000000000000000000000000000032b537004d006f006f006b0069006500200032002e00610070006b0000001c000000	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63337BB296F4141479799EDBF63E89A0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBECEB62ED1345840B91B98BBEBFDB1F\F_DependencyProvider	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_8.3.224.28002_x64\ = "{2832CA13-6850-440C-9839-16B2D01909F7}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31AC23820586C0448993612B0D91907F\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{2832CA13-6850-440C-9839-16B2D01909F7}v32.8.36482\\"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A514DED0-F02D-48FA-8E38-E88652946E47}v64.24.15199\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}v8.0.3\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3F085679017B67C4D821BE9150383307\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\214F2F970A72AED3AB5BEC31D42C3CAC\8E99F865D2F97D840AD56DC415B2A3DF	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CDF4AE7DE1850E56388D296F9D16594A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\ProductName = "Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8E99F865D2F97D840AD56DC415B2A3DF\F_PackageContents	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B78A30BB69F4FE44FACAF3D2F9C9DEAE\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\11D7DF398422FD84489AF8664EE54371\F_RegistryKeys	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\782729899778A74419E93720D8357F91\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AD4B97EC44D3D394E8CDC9AA4DC6D7FE\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE79B4DA-3D44-493D-8EDC-9CAAD46C7DEF}v64.24.15199\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C6A4C95452E91842B45B0F41F7774BE\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version = "64.24.15199"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.9.36482_x64\DisplayName = "Microsoft .NET 8.0 Templates 8.0.302 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net6,8.0.100,8.0.6,x64\ = "{93FD7D11-2248-48DF-84A9-8F66E45E3417}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\40533F750E62A00488FB80ED832F9352\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\ProductName = "Microsoft.NET.Sdk.Android.Manifest-8.0.100 (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.iOS,8.0.100,17.0.8478,x64	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC1DF4AA37FD7B40A39CF1AEFE31E38\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EB50396FAFE60D54695357323703A4A1\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Android,8.0.100,34.0.43,x64\ = "{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DED415AD20FAF84E8838E682549E674\Provider	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3F085679017B67C4D821BE9150383307	msiexec.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 303988.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Mookie 2.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 679285.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5832	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2832	msedge.exe
2832	msedge.exe
1648	msedge.exe
1648	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
1552	msedge.exe
1552	msedge.exe
4624	msedge.exe
4624	msedge.exe
4448	msedge.exe
4448	msedge.exe
3160	msedge.exe
3160	msedge.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe
2120	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5832	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	2120	msiexec.exe
Token: SeCreateTokenPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLockMemoryPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeMachineAccountPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTcbPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTakeOwnershipPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLoadDriverPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemProfilePrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemtimePrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeProfSingleProcessPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncBasePriorityPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePagefilePrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePermanentPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeBackupPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeShutdownPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeDebugPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAuditPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemEnvironmentPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeChangeNotifyPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRemoteShutdownPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeUndockPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSyncAgentPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeEnableDelegationPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeManageVolumePrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeImpersonatePrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreateGlobalPrivilege	1220	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe
Token: SeRestorePrivilege	2120	msiexec.exe
Token: SeTakeOwnershipPrivilege	2120	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
5832	explorer.exe
5832	explorer.exe
5832	explorer.exe
5832	explorer.exe
5832	explorer.exe
5832	explorer.exe
5832	explorer.exe
5832	explorer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2868	MiniSearchHost.exe
1492	npp.8.6.7.Installer.x64.exe
4012	gup.exe
1148	notepad++.exe
1176	notepad++.exe
1148	notepad++.exe
1148	notepad++.exe
4364	ApkToolkit.exe
5832	explorer.exe
5832	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4560	2832	msedge.exe	79
PID 2832 wrote to memory of 4560	2832	msedge.exe	79
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 396	2832	msedge.exe	80
PID 2832 wrote to memory of 2224	2832	msedge.exe	81
PID 2832 wrote to memory of 2224	2832	msedge.exe	81
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82
PID 2832 wrote to memory of 1800	2832	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa1113cb8,0x7fffa1113cc8,0x7fffa1113cd8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7328 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:436
- C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe
  "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1260
- - C:\Windows\Temp\{2244892F-A3C7-4F9D-A799-CA434E9FD047}\.cr\dotnet-sdk-8.0.302-win-x64.exe
    "C:\Windows\Temp\{2244892F-A3C7-4F9D-A799-CA434E9FD047}\.cr\dotnet-sdk-8.0.302-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=780
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3356
  - - C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\.be\dotnet-sdk-8.0.302-win-x64.exe
      "C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\.be\dotnet-sdk-8.0.302-win-x64.exe" -q -burn.elevated BurnPipe.{55E78D21-4183-4BEF-9AF6-E91E5FA139FF} {9C623F6F-F899-422F-831A-04C3F2B7D899} 3356
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7908 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2504
- C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe
  "C:\Users\Admin\Downloads\npp.8.6.7.Installer.x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1492
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1452
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
      4⤵
      PID:2624
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
    3⤵
    PID:5116
- - C:\Program Files\Notepad++\notepad++.exe
    "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7965615868928379485,14530806805567747589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:3828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4280

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2120
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 19738493DEAE2C0ADF12E539386D594B
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1860
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1BCF8700CC68349B0FD28D9E4F7A4D9E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3656
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B936994B8BFDF4DCFD69EDC2BDBDAA9D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4652
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C7699EF05926307077E5DE915B8E2154
  2⤵
  - Loads dropped DLL
  PID:3648
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E39D156A5ED883F500F1F3C3BC8DAE31
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3748
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2F158E5208F622213FD67D2C2576FEDB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3264
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9559D067C8E92001845D2B69F42F07E8
  2⤵
  - Loads dropped DLL
  PID:5044
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 848A61741E6DB67711F07BF9364973D4
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2620
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0487B2D553645A95B6D6F61E6B9274EC
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:940
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 116AC22D0BEB0FD5464ADE770F79A922
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2280
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 84CB21228B68256BD026AB0A391A43D8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3924
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 719BD893CF4C1ED046F1DB8452193B18
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4728
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0D7188973504D8194B397127DFA83B41
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3656
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5FDD13520A30A4E78C08BFB5B59C2129
  2⤵
  - Loads dropped DLL
  PID:4848
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D6E6B89FBE59189F40F7DB20EA28E601
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4392
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3E5DAC645C7533414B4D8AD54D6E94EE
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BF6D643A6CCA02B00BC33B140CD518A6
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1492
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 50C205F54B2D507C01616B0C24D861B5
  2⤵
  - Loads dropped DLL
  PID:3952
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E61599BEDA74D683D36FA0C87DCCEB27
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1644
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4DD5D2EED0EEB7A0F673F4D941514AE1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3036
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 82C68F0F0331F6121ADF3F57886CD08E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:772
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 567FECEC8523638B641CCDC910489E48
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5000
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 72C6CE42CBE5D1D82D03C76F065D13C8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3964
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 748869227B0F680EEC1A411F3715A4DA
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2552
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3FDA93E13CE4E3254F46F52CAE52C54E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4132
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C7817787CA0341E96053F44E53A1F52A
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2020
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B4D6B0B242F8DCEB6006065E82DA3601 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:752
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.302\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3436
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:2900
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:1356
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:1540
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:1676
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1C05A42B3C06716D4839F1DE399AAB85
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
PID:4448

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3892
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1148
- - C:\Program Files\Notepad++\updater\gup.exe
    "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4012

C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe
"C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe"
1⤵
PID:5376

C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe
"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4364
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1620
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6088
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -version
  2⤵
  PID:3108
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -version
    3⤵
    PID:6104
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1932
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
    3⤵
    PID:1188
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4596
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
    3⤵
    PID:5704
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
  2⤵
  - System Location Discovery: System Language Discovery
  PID:752
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
    3⤵
    PID:1168
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5532
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
    3⤵
    PID:3892
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5944
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"
    3⤵
    PID:5212
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:32
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4256
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5756
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5884
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6008
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version
    3⤵
    PID:6072
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6092
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4556
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1824
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5912
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\Mookie 2.apk""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6104
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\Mookie 2.apk"
    3⤵
    PID:3696
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1768
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2248
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3124
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3848
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a\libil2cpp.so""
  2⤵
  PID:1032
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\armeabi-v7a\libil2cpp.so"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5444
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a\libil2cpp.so""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4940
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "lib\arm64-v8a\libil2cpp.so"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5192
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5300
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2560
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\*.sf""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5236
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\*.sf"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5436
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa"
  2⤵
  PID:784
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1540
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3892
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\Mookie 2.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\Mookie 2.apk" -aoa
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5216
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\Mookie 2.apk""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:436
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\Mookie 2.apk"
    3⤵
    PID:5244
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk" "C:\Users\Admin\Downloads\Mookie 2.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4088
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk" "C:\Users\Admin\Downloads\Mookie 2.apk"
    3⤵
    PID:32
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1468

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5b0f32.rbs

Filesize
47KB

MD5
df61177b780773d0c5bf1fd3e4770b00

SHA1
ff82e4b8c10bed03772d6d3858addb2f3dbd643e

SHA256
ac7f7a4791c3b335bf6f5d0ac4f43d090df53a0cd2b84e7e9839d57a50993433

SHA512
6808e8276f20c2a5979fba8da26d4c6c58ccbbe11fd9a3336981165d9cb7d745dedfa374c86cfd6cff1e8df5151072c272dcc3dea2888758756738ceabb53d20

Download Submit
C:\Config.Msi\e5b0f37.rbs

Filesize
9KB

MD5
f56b1f696dc2a1eda7945b8df8a02f3a

SHA1
651adffb056224dad9f0027d5eaf59e8fff489c3

SHA256
b0ca8e88a0ff9b52e7390ef33f36581ac8ca1a1a6ef763a5a1b90de0a9c8419d

SHA512
2eddf1d7bfe8384303cd2328c595310353008de1bf1cb1fa274e41e979082a3c05effd9f52edfa00286cb4588b8618b7953fab58b233ddee863ef6439576ca21

Download Submit
C:\Config.Msi\e5b0f3c.rbs

Filesize
11KB

MD5
f5e547fe1d076017b29ce00bb039fd97

SHA1
becf0e3e244d6bd42ed7fecc9e3ffcd5a94403a2

SHA256
7cfd6385bbd3d0d64f0e216837010e2ef5eb0d6d22c217783c353fd21cf2d138

SHA512
3c915fb536f1cff659dd4875ea3583f27949399b2ec855cfb92fe6087140248cb92f2c4ea0a78b0778bc2e5ccd44f00951e5ca1f608aa0808711e96ab348dd1e

Download Submit
C:\Config.Msi\e5b0f41.rbs

Filesize
8KB

MD5
b7ccca9dcefeb2ad271fb65851c39ffc

SHA1
6c706a5f8b74f0bd98a707bdd375dea28472fd2a

SHA256
70e0503da9a53724fa35b3daae72658d6aa957ab7cb9bcaffa69d6ce48840962

SHA512
58aee544a32e438f50b2ff38e5c45fbafc88d2a3ae7d1fca8a0eb97be6bd723feb123952836ae3d342efd327f72018c2ff6cbf37a34fb3a5a2bd9e20b1cbf5cc

Download Submit
C:\Config.Msi\e5b0f42.rbf

Filesize
143KB

MD5
33b4c87f18b4c49114d7a8980241657a

SHA1
254c67b915e45ad8584434a4af5e06ca730baa3b

SHA256
587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

SHA512
42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

Download Submit
C:\Config.Msi\e5b0f43.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Config.Msi\e5b0f47.rbs

Filesize
93KB

MD5
e6506d862a586cbe00eb9c8d9fb224fd

SHA1
f48630d2402b4e7ded5791110d5528ff154c50b9

SHA256
9868c850c6961aaaecb58ab1be57a910e43311b7ed6b709047c82f35e4dbdfca

SHA512
64af8851beb33ec2890e6c095f25abb5b180ddea5923f2d359f30282d87d4251411e5100d9bfda28eb9b46df089f3cde7dfd932a3ac2cfd549b4f7ccf0b39900

Download Submit
C:\Config.Msi\e5b0f4c.rbs

Filesize
11KB

MD5
95f8015df7c97bb5c7f59ccfa1f6f67d

SHA1
0a5c36fea5bec3ace2a97da105fec848ace689f1

SHA256
ac16cc0071a44a5c35d43a7f6a6f3d89d2c6c7b10ec58d8bb9c1093a9e183b8e

SHA512
72a372159bc879b27d5f7cfca0141f437d2bf36b2d30421f00922ebc825e7fab8c7ef55d4e3aa94ea7277a81f9edca4203c6da0c16a59a6f8006a321402a735b

Download Submit
C:\Config.Msi\e5b0f51.rbs

Filesize
11KB

MD5
6b1313910e653a3f8519b8eb336fe84f

SHA1
7b861e92eeb7e12bab9f35be4ca4171ce344377f

SHA256
7a856d6f20ca66c4ec0856cd668667e47ff4a93f67d8f90b9d50e46617755a60

SHA512
1318999adaaca8d54ae289082ca37f63aef10776d62cdbc1f434532847522dbcaaba482425a5822711555565ffa940d59654241a75427fcc3d716999c8b35d14

Download Submit
C:\Config.Msi\e5b0f56.rbs

Filesize
11KB

MD5
0367620f791e98d24576e32f9f7f916d

SHA1
87dceaf5d7057700c4e89fb95a3b098eafb71a32

SHA256
45365ebd2b46289b8f816cfdb919a6078a1eb73c42905bca344fb33999fb6b8a

SHA512
3d2298f3494e97e01b512bed111764f6761492309c41d5637f7926712412cd17d3c6046c7a4ed62277f0123c7bac0908ffaa6eb6e6639a2525298768b57dacee

Download Submit
C:\Config.Msi\e5b0f5b.rbs

Filesize
35KB

MD5
76fea30cb58721754d964983be09ebcb

SHA1
6491cb2c4288afb2d39e4cc76505d8b87225eea1

SHA256
8b1d4ae3969511f27937ae9aa6aa07dd2135541f965ddc58fcd027ea3a8ec5f3

SHA512
db7a45f15e3ce0a724cfdd8fb23d55a26004b35c94800fbffb23383a439f3a794dcae152f0fe6ffbada6ae57b3066ccb8ebeb04a0f3c4662b02b93d65dbbc932

Download Submit
C:\Config.Msi\e5b0f60.rbs

Filesize
87KB

MD5
305cf9d498aefef6e8b572abb129b6c0

SHA1
28848e4c06cd2c1341e6deccd148023fd1a58b4a

SHA256
c7d87dfbe72c93a2a9f8f73ccfe98c33c521bd4fea5eaeeded3d9df99e1c95a1

SHA512
e1518fef1b66ef86a717324661cb5e3a6eee320aa0da2c5976aa08b2ae78b04e700ac2ee937df730df88d9b777687b10508f952397b31b5f31dc01f9a442a383

Download Submit
C:\Config.Msi\e5b0f65.rbs

Filesize
40KB

MD5
d7d467c6b6012f0a07e1e10a5dfafe4c

SHA1
4710a94cf1e99206275aa08645ec728a97de6f38

SHA256
299a5c0f53e5b30a55d050395646fc05787caa3a518ea8f2a18431b4c67b3bff

SHA512
ef7d68d43b0dcad8a248013bd096604e3cc6d0a32e3b1c9dd93105c5493ada1edde56381e169c5cb1de193e82034ef715add9b86613f793d6b39de669c547ce7

Download Submit
C:\Config.Msi\e5b0f6a.rbs

Filesize
92KB

MD5
957fd4f351bddbab37d15fa2be2611c8

SHA1
6fd5e82b233debf71e951b772db4c1e308dfc3fb

SHA256
b8e734989fcb6f016600210a733bdc4d76274e84a10252579b4e4edd92326b0e

SHA512
70ccbb8db98a4133c2d818b7559ce0a286caaed85d8fc00699e628842690238bffd978b472117a6f78863a9b6dc5c1216bf47afd79db42eed6235cffc97ec360

Download Submit
C:\Config.Msi\e5b0f6f.rbs

Filesize
9KB

MD5
a71140af5a5c98276dd0d35573f06e23

SHA1
85f9462e0bfea385ae6fe26ef7ac2f16ab79362c

SHA256
a9a54d87358c3a4c3189c1399f0d54f5a2cdf0ab1061933d51fa09661f477a85

SHA512
86b6e178bff83afdc41f62aa93665d483241805cfd0186e317c0c0560a84b3950eb7c662b03b5ac359af9557edfc60a3f407a890484ae60a4e4ab4767eaac034

Download Submit
C:\Config.Msi\e5b0f74.rbs

Filesize
8KB

MD5
c8891109b597ffc06f704dc9e8fe3b3c

SHA1
214d11562060770ab7b317b55ad353efcbdaabad

SHA256
72f0ebdfc487a3e81ffb6d9eac745d6f28be405c42bb122247115bb8653b2636

SHA512
728206e95eb4d1da3af67a015f24c4944778aeaaf9cc0198fc7f2e2c34f5b1da0f9856f2566bb4b866ec79086c938e8c99eb341201c77db8d2a8ead6044b4726

Download Submit
C:\Config.Msi\e5b0f79.rbs

Filesize
8KB

MD5
001eef1afc058b5989c31dbaa67c40ac

SHA1
e70302a59862cb38c66835eaef2bbf9709a7de30

SHA256
06a8f4251b7dd7b8042a1fafcaa4e06297d69c009dbe913733fa2c3b71bd99f3

SHA512
2df0a504bb1343a983f318b256aff991f1562665fe2c1dd8434ecce58185d8abf5f790c82082a4067d13d4e49cc4305859a8a88f69cf2db641ced8aaa93475a7

Download Submit
C:\Config.Msi\e5b0f7e.rbs

Filesize
9KB

MD5
09a91fad8588b6e4f564496992b7e508

SHA1
e812ae01c707ca5da2bb71526a118e7a0bd90b01

SHA256
d18112f7b34c45c22277924af4b553f17b700fc7986bc66e95c3b2997ab3ec2f

SHA512
519d0e2c7fdb279e4da02b0f990d38e324902ba80b3bd96fc2af270335be602e79d8e816d7c539ca1d6e037477fe7b882ea588d7241aa19b5438d36c393e187c

Download Submit
C:\Config.Msi\e5b0f83.rbs

Filesize
8KB

MD5
5d4d8056537906733a9d67e8f4ac83f9

SHA1
0102b86389b579c7062914784d09a15ab115e462

SHA256
1a5cb64afd5d1dac72954e93bc0715d2c35446e9ee202780e3fa5e133b425fc3

SHA512
da7f7998d6003e8ca43be7fbd6d6bae2f558a9cd9cba41e0ff273d3610286ae6ce5a1afccbdd3bf474bc551b67d1b4eb2d44839782a9090b6ee2c0e74f7c2868

Download Submit
C:\Config.Msi\e5b0f88.rbs

Filesize
8KB

MD5
99ef91827f68d5025919307adbc3abf4

SHA1
7b3a2c641c615f55aa2d2187310798e6eec18974

SHA256
ad6e9b813d5dbeb977e76fd959f96400e46d48248f61cb3a3e5bb6161e9542ab

SHA512
fb62b1feb533671ecb458d731369a5a2eed1755379a57217c453e332952d0d0ebb27d0db5f321b2490cf8304524065914dd01f320f2f7fb9fbbd28b32c0c9692

Download Submit
C:\Config.Msi\e5b0f8d.rbs

Filesize
8KB

MD5
96da067143c2eda7d140007690b36510

SHA1
2dd7e4865a9582a0884b9cc60fab229a4a7ad15a

SHA256
33c75a5f5afd8e86c63ea979a8a915ed9fc37cdeccb810cb6fec21a065442d9e

SHA512
bb115b32072fe819b6cf2dd3a1c07176f47299d3e22a26748847ef2e00f660a15493b80037306a2dc73fa67c6483f59efd18f61ce0808616303c219de8881f11

Download Submit
C:\Config.Msi\e5b0f92.rbs

Filesize
14KB

MD5
784668676d9d34407c352517681b5c52

SHA1
3a476270ec0f28da3106a586f01d7c402b1213ae

SHA256
63ad3aa272e026f9faa45201a57ded70cc6890b64b80b19202d87fa99af47da3

SHA512
eaca49d6a5eeea33c4cbf6fb97fad568431ea094bfb98fab5d1e474985ea1a6dbc4d568305df90c6452bea3313a5e9f56495a6927612f53dd70c10d45f85b3da

Download Submit
C:\Config.Msi\e5b0f97.rbs

Filesize
10KB

MD5
bca2fae948eb1a93dae484163abfaae7

SHA1
38550ef3c0758b6bfab642eb256c17f006266f7b

SHA256
e846389c0bb4cac12b508984189b0e4fd8d8e5526231635c2f0f70acfadaee2d

SHA512
e73b578b4de789f8369cfb09b9273565c677ab0a387fcc14b9f9739fe8b1db16ef60d49f67f93868e58da895ba3dbb2269cc5f5244f62ef85672bc3ff59d241b

Download Submit
C:\Config.Msi\e5b0f9c.rbs

Filesize
10KB

MD5
ec3448a362d7c486dfe08372afd3d234

SHA1
caba566342c5567152b36b2ce3c3388a5ed86376

SHA256
9c059ec2e152b03645fa2d2ce9e1930f689239a227aac4d4f38fcd262e0e4f9d

SHA512
a5590b0443a004737048a470ec03d515f8900a92ccd90a7b341a26938e586761faf7f750344f30feb8d6d90b215fc2899351e9f142574e8bfdf69dedf9047db3

Download Submit
C:\Config.Msi\e5b0fa1.rbs

Filesize
10KB

MD5
3bb28a0b9bdbed3bec6ad5cde2ead9d3

SHA1
1069ceae258f8ccd3d534a353ddac9404436360d

SHA256
9ef090338326ef75960be96b9ca7384e155a471a9fe7bc573dc523e030fc3e37

SHA512
20d7493a9c6108936d63d8081b2e94d1e0000945f4cf997903c6e15e12113ccb6e4e01dd7ffc961e08f09b7a67f76852f30ddec88c88b42d132f187905af8f8a

Download Submit
C:\Config.Msi\e5b0fa6.rbs

Filesize
13KB

MD5
e0ad6002847b4a1ffbadc5c0fa9ba285

SHA1
be30b304f897a11fdade4c26ebfbb8361230bc0f

SHA256
f37517cba79d32aa3c403b3028906964d71e0151917334a91482ff55f069123a

SHA512
c226eba4fc2e9694be9589138c0436552635f7da7e23c6ac06446a9427688a667ee81f77c16b7fc71a7e17ae8fb57744d94d712a2f5c6e6f96ca9ac616874252

Download Submit
C:\Config.Msi\e5b0fab.rbs

Filesize
13KB

MD5
3794a596cbcd06cd204fc56cbb624af4

SHA1
0b6616cbd311c93edd1519231d4a1456c36eeb1a

SHA256
e2c92be16167724c1ba8cb13c98bbed7a50222163ca19c9b027503111b7fc9f5

SHA512
8f47ee87f0ad52e9148b7efa5587b65298d2355186529335407acf7a611ca1961ebda255a6dc6f04cd9e3296d0c8653209e7b8049112f04593aab2525ec533d3

Download Submit
C:\Config.Msi\e5b0fb0.rbs

Filesize
9KB

MD5
ae7b4e7728321d4fd3bf34a6a3c5c205

SHA1
5c9c4fb5daffe7b0e9c70249248f2cf7a93507da

SHA256
5e78049ef82842cfea49fe2de3f7299f23c92d0b8a438c1157ecd94a6dcdd056

SHA512
984aab7bf9093a44a329c5b9314a05f0f20203937685b49eed27d8c428c3b84eff713a380d0225ef7321541610a362c31612a577547a7abd156a0cdf8630b3e9

Download Submit
C:\Config.Msi\e5b0fb5.rbs

Filesize
1.0MB

MD5
8096c11cc163a77a879fab8dcc2b1c7b

SHA1
170db3f09b4168f292129eff943725a529cb4d2c

SHA256
0f4f0b4018367d00930af99672d83add721c35005b394757aa6a10ec6c4907fb

SHA512
180be29eae84812031d5ead463d13aa8870866ac6668ae35a30bd1b48ed51bb6a23d48b860a28a42365905783fa8d43bb5e473afc197e2ac8ff90f029bbacd24

Download Submit
C:\Config.Msi\e5b0fba.rbs

Filesize
40KB

MD5
85b70b91cf62d01ffc5e90d6d198043b

SHA1
ee0bf274b2ab0307086f80004a6118b8010b27fe

SHA256
65eab59bfea012841c43c1939e2d023cafc4597d16b15c02489254137a2e122f

SHA512
09f4d271855dcb6d39769ada4951944705953eeebcb6f80cfaf1bc2fc6017ea8664f412fffd49ccc7d4b98f06fe15f9a5ce57856f09ab4b1dc26057dbd935c3e

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
143KB

MD5
4209ac83bdc20a053470a48c3ce2719c

SHA1
9e8608f8a6cc1ee04f350f66b16f3481e81e9262

SHA256
c6e330c1e3895deab7b47b725822a4453e50dd0b79a148dceaf8ba3a749f8412

SHA512
944aabf043890cf92a05ba6641d77c8289639f0aab802f9d8c8a73fc18d8a94529a86ae1ec0ad70af3158cb6cf72835370d5695dd8ed7d42987af244521a164d

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\fr\System.CommandLine.resources.dll

Filesize
19KB

MD5
aa8eeb801d74a4e562fd8c044e03fa8c

SHA1
8653841bd62dc74f605f608ed8f354dd692faaa2

SHA256
7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b

SHA512
388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\zh-Hant\System.CommandLine.resources.dll

Filesize
18KB

MD5
9101e8227a7ab83cafd27e4ec222ba10

SHA1
3a80807f7cd695bd9258eaaadf8b2d7dccefc125

SHA256
8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e

SHA512
e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\it\System.CommandLine.resources.dll

Filesize
19KB

MD5
4e92ced559ff6f26d238fc5393dab39f

SHA1
400983302371c5a7ba38e3dba8fbc4c5f8192018

SHA256
37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471

SHA512
0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\ja\System.CommandLine.resources.dll

Filesize
19KB

MD5
5d26652b0f420ca6ba2bfa00b84eea38

SHA1
8dc1d2a7cb6b857344c120544f842fccdaa97e79

SHA256
654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c

SHA512
5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\pt-BR\System.CommandLine.resources.dll

Filesize
18KB

MD5
c7f0f7e0a7562225d7b60b88459bde92

SHA1
96c432044ecf7d346e09c6c46f5ca163396d97f8

SHA256
516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353

SHA512
05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\tr\System.CommandLine.resources.dll

Filesize
18KB

MD5
c9c8df325a05d227bc32a5d854713c4a

SHA1
cf9ea69ccebd1ef0bd46beff01254a02c5fb0131

SHA256
7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf

SHA512
fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\de\System.CommandLine.resources.dll

Filesize
18KB

MD5
e771e643a2f47b5d527aa4dd1e857aed

SHA1
ddb6ebbdc354122989c67ed9cc2555da640b16e5

SHA256
8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15

SHA512
14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

Filesize
19KB

MD5
ea1fc85ccabec5aa1ae22452afbafac1

SHA1
8ea9da27d9335f80c76867837688218b78311148

SHA256
f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483

SHA512
42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

Filesize
18KB

MD5
3f14df8e4be6100673090c43eb3c3476

SHA1
61c1e35aeb6cb477077416f050c344fb18f5f87b

SHA256
09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2

SHA512
7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\zh-Hans\System.CommandLine.resources.dll

Filesize
18KB

MD5
c182eebde556be386ca5b656974993fa

SHA1
864aab5c6e71bc3537612c2541e7737d02e6f4c0

SHA256
d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd

SHA512
3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-user-secrets\8.0.6-servicing.24269.9\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json

Filesize
340B

MD5
db8f50afa10272bdd9c658a08ee151f6

SHA1
be0fb5b4d6a013e2a9f024a11a2e87e827bf6ea7

SHA256
9930b35481aeac719b7c7e90c5a3b55019be2017f11b0a1e83b4b3199f67e368

SHA512
4f237d5c266101e6f58073767bf02642f035271cb960297c693ab79a94792cf0a0f8364035c7a210ead4529976bd8634d11b7a9ef04f48a05ed8bb2225729d30

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Numerics.Vectors.dll

Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\cs\System.CommandLine.resources.dll

Filesize
18KB

MD5
2f679e46823cf54660405eda0dbf0842

SHA1
29fdcbd753e36022b6308425dad9323e5f3472fb

SHA256
6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf

SHA512
f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\System.CommandLine.resources.dll

Filesize
19KB

MD5
7717b3eae55b3ec74f40699c1b9896c0

SHA1
1483166af6059633de2e20545bc3f3cb6f035304

SHA256
8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02

SHA512
c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
ff34978b62d5e0be84a895d9c30f99ae

SHA1
74dc07a8cccee0ca3bf5cf64320230ca1a37ad85

SHA256
80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc

SHA512
7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Encodings.Web.dll

Filesize
77KB

MD5
fa9d0d182c63c49a4c567f7c1652b6e6

SHA1
55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc

SHA256
e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84

SHA512
58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll

Filesize
627KB

MD5
63f1d0b53ce47b0ac3216281c8bcaf24

SHA1
090cb7392ed07a94d237b5aa2175689faaf49b7b

SHA256
de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb

SHA512
386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.ValueTuple.dll

Filesize
24KB

MD5
23ee4302e85013a1eb4324c414d561d5

SHA1
d1664731719e85aad7a2273685d77feb0204ec98

SHA256
e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

SHA512
6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.props

Filesize
295B

MD5
a5dcc9e5bf323d748b26652e11956905

SHA1
7f8c7a2523d1f4600e0f8bf347d10564cef36780

SHA256
2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c

SHA512
79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets

Filesize
297B

MD5
5725a6d47308db618d015c3e55dd499c

SHA1
9b3e1ac8d62d522505f57fee89a249ac33325edd

SHA256
61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1

SHA512
ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\testhost.net472.exe.config

Filesize
4KB

MD5
a22cdd3374234d3a50c2ace2dc33a63f

SHA1
d71bb2417cb805c3da21ebcc0e1ae5a102823c9b

SHA256
b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874

SHA512
71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\es\System.CommandLine.resources.dll

Filesize
19KB

MD5
79e57433e70b5a0a300303dfc5d759b4

SHA1
cfe5862964f3b389cbac01e157e9ade0031e45ef

SHA256
b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8

SHA512
8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
27KB

MD5
17b6743977bcc7a7bb29fafc37f142d5

SHA1
a06d514d3d380b8c28696bba059c62cfc54deaa2

SHA256
7475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3

SHA512
1696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
63KB

MD5
a5cc79fbd666432c461daec09604f082

SHA1
9a3df93d85aca657c5c8b60f9b4063128319647e

SHA256
9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279

SHA512
f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
95KB

MD5
4be089bfbdee326fd6f17a0fc2e632fd

SHA1
106f03810af3dcf08497b763282c1e04a2940025

SHA256
c25f68a49df2d09416f7abde84a7d65d1778ecea6e1603ad2e16ada727ae3b23

SHA512
f5ad18a47d4f1576dc179edf0b71e5dbfa1bc3193054184b0599b002f89f98c74e653aed1d5d04bf3720280a6758619daaecd5ebf4677981d0bee08f04b4087b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7dcbe81411407e0ac5a0dc070b5c47e0

SHA1
00882818927fff1971f10eed25f54bdcf9698f9b

SHA256
44658d8b0902577472ffc3beb49a06f49bf2e7986e44d29cba0e05d5317df73d

SHA512
dbad2dcc569a30de7bd2474fb86cd0c0dbcdb793a02a694072d6241bc3e341a339627c99ef82750db92f901bbbfd377420cec419dd779a3ee4baa9f1a0571a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9e906fd8162f51cddd2a07f91611ac39

SHA1
971094e4746079d32ccdf6039c626fb8143bbe4c

SHA256
176078f810c0b509ba95a9a910afd2f33850a19992039fa0324c5350e82471d4

SHA512
cd2814dc5c100df23162ccb05a16f95501bbd7b0a23de15e987d9981a33c2448da4f16247443af9f47a54215944353352909517a695d59f4cd2378ffaa733886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
50405a68fd9e9c921e162ca72afdec65

SHA1
80062094ba3db56e940e26e9469e153ba0bd7525

SHA256
bd68607fc371351d01a549fd4d282bf4083df4d11c3990fde7c91b59712e31d5

SHA512
57368fed9b21b160cff41c1be86435ad007e3509d39fd88366ded9cd74caaaa9d9b95a61a14929437ea9dbd478bc3994d81ea31c73129a599f577e406e83deda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
83532bd62a34da9c5ad1d7679838ad6f

SHA1
aa69838527941c24be521fb4359ac6ae1d9356bf

SHA256
c66d7644cabd196a6e7e93dc20199ed1e9b7035231c566ece5b0bff0ead32e6a

SHA512
08a3a416ef074f9a506ce3161f21d14f1080e965c9aaae71389753bc19df69ff759983888959104affa3041e741bb74dddcf8e684e2f6026b2c1c2b9408099d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
52bff2021e0962b9443a0954c930dd10

SHA1
f4350af76148c2d079435f547c9475ba54bbb3cd

SHA256
02228abb4bb9d108d9942449ba396d4279997e783ed2ef70bfba573203f08fc6

SHA512
a74eba53755e9d3eec34c719a8b557b3c14388695d3bfe6da5bd6c7f4e9229b0c4d2ad37226099358da9d674e7f0d777a58d95fda14199ea46e6f9a7bb24fe39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
f144a0b165c6a6d477dd3633243fd208

SHA1
6f3b9ea0d6baf3f8c3f7a7642907d61b05858ef9

SHA256
cfe7f63195ba76bb665670a45789b22087f38dcbacce2687e162a9171a37326c

SHA512
3e603cc90fcfdb95645de2b252795f69231e2b14ee807c0420a436e0ec37a5529fc33db0bd6fd6f2264a9618530cb088ff14027002a19a9239088ecddcc997ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
705B

MD5
f50accbcb221676923d8822262c423b1

SHA1
983bc24ddd705b5f23f7d82c6f08282389e4e0b7

SHA256
4599df84b3df92da62189751a9bca60fd9e0423dde2b16ec1ab7bb9695eb6c5b

SHA512
434ceadc4f0d305ab5622049c2d9ed5c1c264c981ecb7f22ab565cac9a008b615fb3cc1e52df3290626874e4035b93e31e1512149a76600a5276adc5c658978f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
0a3394ee2dcd9b0dd52ab81541dd3f3c

SHA1
085238facc442d2c590a6e60d046b93e3158b89b

SHA256
ca3182f713e0c4abb75005443571feab4e25b1c8176892d6a7fd9a143f08de11

SHA512
706687db2493406fe90900894d59b1307ed159cb3ca08163caf265064523a6c61ef8950333fb40b50767df47bd8bbfc9eab279e05ed4c253f98ad817ff3eb910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48afb5e172d4386be5955cada5e48cf5

SHA1
e4f33cb4b43137d3361209f1e12e1ff6c5ed6ab3

SHA256
9aba28f6c6c928bf12e006264baf90e9bd69d997562cc7ee74d6cb806179479c

SHA512
f32d70006ac79cabab5d23be5eb4caed7b7563d73b2b986555b0a6267f456a5f3c26d81680a4709fe6ad9b6d12a4bb89561f61945b4caf823fb352b4d912b537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77a051b9d5f478c2c0cd25399c0553bf

SHA1
172a127fb75d7d7b0acd0d3ed31d0b0681db8d3f

SHA256
b6b15d409ae61afcd0ea2db366c163d8ca3e64e5e13f47744ab976e623eb66d9

SHA512
ac6c4a0b425d8f4f9ef3b8615811b270b2aa3bdc5c09030eb7b2e149d9bb5368c6bef63183b63a63a84d19578323f46ff9d592b62c007c8bd30fb6fb9704c5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fbea35590f36b796c0d1c4051912f79b

SHA1
144ef43f6818657b28f01b44979ba627939758ae

SHA256
b2e14358f78264c0a8ac8654155f6710e79a7cbee8f9a84ffbc87694234a2d44

SHA512
0abc1df3e2796de3fff134b50e4d6922dba00b248e0dd8664b00efbbfe0353455e5b3fa68f90936c214f1797196aa327e1f812d2ed0ffefa12b1e11eded61caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3bc682c1632775042a3a31d584f8cc33

SHA1
69b8262cc32275b43c7f378b81dd9ae13d28dcba

SHA256
37e300b28be08dde82fe531376cd69c85ec34bd06cdba1087ec925c1f7c4bbf3

SHA512
761f800515be8511c684bd06669b11392fcaf70cd6506c274f7832caab1b17eb7d061ddc2f28eec88670e32c203d437935baf77c1de071a5aca15dad4232b9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
16a9e3a8ee9a6eb6f95130012990771f

SHA1
2c690ef9744c1c48ce04f0ddceef682952aa9790

SHA256
c0e3b8470babb9d879f7c4abf8d9a6c9fc7371f6d61181b9346f92132d371369

SHA512
d0a7b0f12f04a66ef385f84854ef92cdc7c6053002d63591655b18073df981a3cb537a2c17a32289c50d8d2cf284a4ac43450957715c40418dc14d99c062a01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
80222cedc3322a3952b6efbefc2ecedf

SHA1
02b6dab671f0705e417fcf27d96443a8d4ad6a20

SHA256
f26c7b6745048ae4837860dacda6978031dc47dc99d012ccc768f17a71234ca2

SHA512
acc964ca3c0654e698d9f3b7ea756f7938ebc5acc4f509571734b0f15675ff2d90d51a214f3d81481ab18c4b1142cea5b3b3700ef48d9c06ae27b0b3890eb448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bccbff7fa18f7b46dfcd50b4f43164bd

SHA1
3e5f129ddcdbe284e79c472296dcf3689dd0c114

SHA256
c965af68311a662aa9b1cd53b40d45b76056f875779466b8e80faa807d40595f

SHA512
ac1809a3794ea7362614025b4e96f0680e57dee13bb1e04fdd144081384ed87018349088d0190f23b04be6497a5eaf597f6dd4b1d99a4fdff36608ce937acf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a4dda6542d8d4e3ca2f1e6c5cad7e3b6

SHA1
ea7bdfa88407f5fa3eeb9469f96f4ac4e0f6c94b

SHA256
61cb3744f2d612444915a692be326ee0a3c5e4b8315819304ba8444039aa0f4e

SHA512
356527352aa1ef97af4f186e57275b0c1616894c93abc3cc9ef21df4258c40b5929f4aae2c73e0d08971cc04ee8ede6c6c5c2e58d03d8e38202520794b69e7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0d81bcf01cda02710225d4dd8df55793

SHA1
e96bc8ebf98b3d7f5a6f0adb94283c5f2748ddc8

SHA256
e390d342d7b9d887cdc3072e8db424a360f8767e59db5c774d18173baf2b665b

SHA512
fd9909588a133d89a0175f590e10736f77bd7b7889d105f5cf09932c98ad3fe17fbca2f6aad2b9278ce11ad77303a89ed1113ac64987c8b1ecf0de3842f52607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7ffbe61fc1be8e56c08ea3bef6a7a9f5

SHA1
cd00c5659784eaee0c4d492641b4261de25a4eea

SHA256
f966b703791a9a2f643b54e0ec7d459b89e4babd6bf5b84c7a8c94bb31a6a0e1

SHA512
3111473082641ca1f48e4ff4c99035d12ea4b718d30e101775b4deabbccef9f1496187c6f14d3243175c31c952dac567ea51da8327dd198b6b8174f15175f45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
079849b417d7bbcd386452badacb96c0

SHA1
2a36c9200c30d98728b332be1e6a87e5750582e0

SHA256
aeff61943c2eea9a7c0cbbb1db053d3f7954509ce451654f59157e0bba06b0f7

SHA512
a1d6ded55b58b9734f57a88f148dab28b4f0b82cba4a85f364a973e9a91fc89466d5d5a2399e8b0d4b6f051609b009258f55b012ce5bc1c965e9ea599669b40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
76e687a67ea0df0fe13e6baa3eb4a1e4

SHA1
4c7c7b965df40ba225975136de34c301b7e40dc1

SHA256
5c33a1377fa443b0c3733fd9e1abcfcc4c0476b9d56fdd78cd7b5999e75d4fdd

SHA512
300583e736aaf4ee03484fd17b35dea66828f2b4315048f50bbf091035903726601ac2b9a5dcf3f7b14342ca0c07efa62a79896d4a99bc44284bd3abb0382282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
638c3ceea629e5140f6c71e09f30666b

SHA1
7563d507caab233f3d92279eb5e27e46e3a58cbe

SHA256
37c10efa4c4521f67cb830b26ca182ddb9a045f12f0abe1b47b3f74db3840b64

SHA512
556f55c83089a1106dfb206d3478d359c0404eb145b17db0bf20e13f45503bb287cb7936053bda8998cd272d73ec9a62886ddbec4b5f5e8518a34416f98fc6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f1088422c8592102e7c3e1c4b86d9b44

SHA1
b022e16a2152e771a997dfffe17378c0373a66c8

SHA256
0fdc1bb0b8f3eef6e8b9fb914e37800290a58ea4a58d20bd1e26100d7f21c50a

SHA512
85cf150cce1a308b9b5ffa26052bd7d34a0db0d78b28caf413d6c1cd930aec9fa2e7176293c56f03a57f07fffb5c2d946ba24cb6c65aca76805f671c914cd49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9c4367847d5f099aa2650a3ee82b0771

SHA1
6bfd40a15c92ec662c64fce86b5d2a72c5ae450d

SHA256
4faba03709df2a59105e490caf2aed7ee2938c41ebd539ef2bde7f7800d91e07

SHA512
b821725234b67f23d2a275d8b9cd73208b50d90fb90f4b5348b4d2eda3abfb5026338575b2410866b2cf3e8b14472fa476d90ea0a1781677f1656741f4184984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8f975172dfae70e13c0db92b62a9032e

SHA1
171515912fea30ede9fa3b9931572ff6a2c6aae4

SHA256
4011c1fef0e09abbb89dc0e6aba59d2e826f13e253168ed5c0144a314b739d9d

SHA512
98be8439b6788c7ffdd8bef3295bd0446c93aa6d74ecdda3a3158e9c649ca630cd331d0b0f4626192e5a6ead02611a93f326eb51fc14de4450eff031aebe513e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f6b49dfb8a14eedb971d06712ced514f

SHA1
0cb8bc2e658931565f0d3c29a0018a18be63b465

SHA256
662740236bbb55cc1570a7f1995596e4ee0a898b445a3944ff9644527ffcfca6

SHA512
7825c683ef1025f4ab03b94c5f1b82a69d1d90c61d8d8baef0d80fc326e17d40edea47d98ea4458c1ee69cc1167383e456bb58492538dcd89bd004b25b8f3cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0a48ed8f635cb67af9b3a0b9777b66e

SHA1
815104b29959f85e19ad907c489f6009ae9f4531

SHA256
529c31bd9a35d7d1778d5f401133d9cd5cc488509da9d7fc39a2f2f00a87ec42

SHA512
fb7079ac55d22e7ec5c5f248d4ce24bcba5ef7ccf7e3943ecb5a24011d2ea8a73588a951433d229062f1fb047ab6013a14050a920b2b99d9649b11fe52170d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
15a9426b51ad6c26331e615a8b6255b8

SHA1
110c3ea5772c3de1e1dbcfb520dc535f45fb1cd8

SHA256
793b4e0328acd3786c7715c17256fde5621e4c30d48937d933841acd6e06301e

SHA512
1008bc3fae4e5a4a006d44c8cb6a40e81a4294f8bea538ad28e5d608d3f8cbc1bde4fd9ee21a76ac87cc9a5c26f304660065e09b164e3883ad54659ce6326d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
27257f3e2b95e0700faaa08000bda524

SHA1
700a420db89159038d965793f260e38da167c696

SHA256
0fe72c98ae4a3f9319b4d1896332702b52def67b16bd3bc96510b6f844c07dd9

SHA512
1213fcaaf4fa777923c2e243762339c4d5c2ae47b308615dd42dbe5562db6ff268259aa12dfe397ae03218a0808a1f88f74e40dbf876a2ae277038375248e569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59f071.TMP

Filesize
1KB

MD5
ad81cd49dea406baf514fba112346848

SHA1
249948f5ff883c861922b66a264ac3704c310a1f

SHA256
c0fd84974accec7d8bad18d7a14727d1f9c8d2367fb2e0b65a746c0e33cebe7e

SHA512
400c9cfe4b63ba1b502199b54ae538b1d4b841ceda39ff292c89203ff4104b3dda7477a3c9da08980dcc5c039296024892a08c8e93174512ff4c79bccfbb05c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ee8c601c06899301802fab88de0bfc2e

SHA1
acce6a3444d92d4670bb046691f77ef265fde158

SHA256
08ea7754f819b8c9c8f65c6bde13627b0584065415302729da1ea82cb8f51f36

SHA512
115d3516d0ca516454df9eea9a704712634d002e3ac04146a496c1d8e81cc79d29f909031787d3114a6d5114fd8c0e414d2e3f2df0b75ab7ac1a7efcec97f300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
571d453d7fd4e84c69db58d55b77affd

SHA1
864919a40772d54d09bb57c7ee500fb41328460a

SHA256
3737db19c75d2cd5c83367169c08359a8c9ef6cc5f3d7eda7058ef5423b32426

SHA512
4bb258cfeece8d05c4819618791bd4253731e0086bf64b9e5bf6e2973405315db9359efa745fea8d104b36d0eb4f7ab0ae918351c7ac327beecf7c24d7d26dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5f94e9dfc313c41c97b27a40e23ffbb

SHA1
59340660546e6fa1692a32da00b12bf20c5f13cd

SHA256
018795fe4e297065dffc76e8e5c31760f70d79caa66a4ec42e2f53c49272c1bb

SHA512
4b6323917a202293cc6a21623012c72d45b49075d0b62e084181970ca5878697d605f5dc3068415f430490fb182b5ecb77be6d049c120efc52a9103ae3736d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32db77c52bd6ab96677bcc47167e991a

SHA1
6b1fad7adff558e09261799fb457ac1022c1afac

SHA256
0535f2e9b552b149d62d9fc43a13abacdd2a609dd120505d535870fb0e228147

SHA512
601340dda54e937354ac1e057b1513348b005832a8fe780b358f0c4d9ffa878837bf9bff7e16c96e3cff24919f1acdb0d00cfab8f095d05cb779d6e28d205876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b99aba411224daab24e44b994a75657c

SHA1
b28e9dff40b8a8f93c64066928ffb1d3b9171d0f

SHA256
66377acdb755070ee84c460280fd6ca0bb4cac369221012a9a5b1f4bdd5a41ab

SHA512
567abbea53034149a9c4860dde31986e8d21c2ee2ee983079465c6fb31c83d0e215bf8636d73e5bfa207aa04496eaf9dc78aacfb03d4a2e2a86d618d885dfdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4052986e8effbf8bf7ad6c4fd6f141e8

SHA1
26e9072d84023a4d27aca2f7f5421f628362f72a

SHA256
5dace61efacec4e296e5550eee7aded2c008e87828cd198b59e1e211407ba6f7

SHA512
9d461933b9d8622d30f99b0d4d54fe9a4ab2d23cc40a089baedc6586f778c1873e7e0785f0bc8107f44908c92968777189c62581f8f91d565803781257d1ce74

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed1599235b9dd933e13cbd5751d7eec

SHA1
d461f7edc8bdb31b672f97b18d34e38bb7c96c4b

SHA256
13ee96f0fd8b45de1603cea7aa86ddaa749ea580989d6cb806d944f3547fbf43

SHA512
9679690676ef1ede8030e26359381a092eaec7cb671d51e91d8cd446006301bcb98518b977fd5d475e777baa11dd28e69135c517e3b3d74475134bfed4e8da9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.302_(x64)_20241005194600_000_dotnet_runtime_8.0.6_win_x64.msi.log

Filesize
3KB

MD5
2f92ef92cacd83999f942c5b1e90fefc

SHA1
8a7ed19e84d8e5979d7042f0271d20d95cff79c3

SHA256
d3b1e583039586ecc064f92556e0b4e90f535ab7753c0d6a4c3a1eb9bf6db0bd

SHA512
8d50d5b4236ec7061ed043869b9883f86a4c5457691ec98aec88e44dbce897204b386eb3d1ca34eb1dec9098b36887e1aa0dfe63373dacd30666940ed5196f00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\UserInfo.dll

Filesize
4KB

MD5
d458b8251443536e4a334147e0170e95

SHA1
ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

SHA256
4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

SHA512
6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\ioSpecial.ini

Filesize
1KB

MD5
1d60d79e953b1c4467a15aad8092ea3a

SHA1
ef50fd7ee268abf029b066e84cbc4e1a328085ff

SHA256
4241d9083afa9fd33967ced97022bb57c20dd158f525cab378bf97e3d397dbce

SHA512
5d9ddecb3b25c98cf7febbfd345f2b5fbb1ef1315d6c0345268cae43ecaafa5890351565f08361c869527a03d4d3a759b13ba93d12c46718d6294fd2e616e69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\ioSpecial.ini

Filesize
1KB

MD5
5d8c32fc7ef563823715eaf7b33bba6c

SHA1
bc364055939e3adc75677903838a63939b291f16

SHA256
aff738fe39394e675af719b5c8a2e8cde8b863ef99bbd8d3efb578155976b10e

SHA512
46d9f35a48b7eca2ec84f17c694281cc44c82df13fd19bf161be4fd43d93d9f3e694a2351d5e718e5fe7cc5914343697509023894e43a0217dc28d85964fa91c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\ioSpecial.ini

Filesize
1KB

MD5
28767a1ab776cd278e1e42b375811a12

SHA1
6e5dfd7e6d20bb5b885211830248c967ca6a298b

SHA256
37180af33f10cc28b4a03639d98fe041c67622c9468da2a1dad143c442b6b2ec

SHA512
355db003eec63998d6184dd916c7cf263db421c73f04133448346f4274d3709fd458b89fffaa4f14bad0b7ce3cf5209a8a9f6b49f8a302bd70323a29b40ec606

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\ioSpecial.ini

Filesize
1KB

MD5
854bff0b1ff068615fb2748e4c72b0d9

SHA1
755eb32becd504ab7d95d348789bf508e56e2546

SHA256
56cb78dbc3875389abd57a6934f6f14993f565c147e51fa8dcf3027a69bf1bf3

SHA512
e4b3764fbf60095cdfe478b272c3d67fa583a58da2bf7afcf3bf5a28369b2ab9beb54ceea25a3b84e8a11982df02d5bbf6570150a3c2ed175d64852e286e8d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn539.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
f2e41b29c1c78e6a1ab2fb9fd3ae351b

SHA1
3d5c78244a926e3e4c96426a0d97918b80534867

SHA256
6530df8f426fb0900b586d9da527beea6734819df45181e8b7a0a214962a2fa9

SHA512
ae4cd826dfa57a1b45e56ef66572483773d64cb4f004eac938730215bd3072f7e45013c281d1216882f0528b84678928740e6c42312b8b4b999543e9aff104db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
dc6545e4b4929c864de2b961e2fcb30a

SHA1
14f80cd0435b2c3c1daf7a40674a9fd068e0fd51

SHA256
6fcbd351ad9975aeab8647f6b2d5a5b0737ca8b5c02af2fde02544ac966bbdc0

SHA512
dfe662e8582983350bab3d955b8d7c4a493b1e0bd5f78997252357280d121b421bcf942e2c0d11644dce0e0598dd6ef5a33846f2203a6d42b9a28f9f93f4f4c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
9c6b87595f08f3bc68321e9d1038bf94

SHA1
c55fb9969c28900981dfbd61c4025faf44a32c56

SHA256
f591edb2e2c67e6c2f92412ca2f856f5d9d196b002b0f9056435c92656db6251

SHA512
3d1b0e7954250a6a6b416904c9caf3acc20d0c3c2519498bea61fb15547332423eb2dcd158048f7e2b77535e7fdb1b5b3932c97f5c42affc0acd1e9bb243f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
085d59636a6d4211775ae419e6213585

SHA1
1f0b21588f23395b4a739b9806821c10bed5006a

SHA256
4a747e2b2ee2d4d40d164cbbb10dbd9d5ee460db77b8bf0318020752b27d9a14

SHA512
d8f53460de44b84768bcfbcec1e86db6fe303da6aa5c5287a0bd38c008518927977b004c9392281b3edf8dbb03346556c65085422804362c6213e91486fdb69f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
9f48f72ba555cc5a7ac556eb607b3114

SHA1
f5ed41636068894f0477e6179012f2f63224c6fd

SHA256
9ea4ae60df2a5f9ee503fa45fa4f6eb19df1745183bde34315ba893a6bd774a6

SHA512
34faeb4f583a6989c5a39d95c64572e7d6c3ced0c846dd5725e9f7943be89b626506905343a01209fb604f47d0d23459720a379fe4ec18e0e076dccdfd3b4545

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
fc96045cb74bc7f177a683876a1f5c40

SHA1
a7dc8738ba602c8aefbd81a2015dd0e81981b3a7

SHA256
58d3c281cdafb453ea4071ad477750faf54adb14fd56a6f38033c31ac298b439

SHA512
5f439187c41806f1d1aa6008ec098e58b09c112c28f72eb53d99d8125cebdaa280a90300cef54773b78afb2150ad17038067bd45fe9893a229f4bd33b94c20f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
ca626262016f08361966b1b578848b3c

SHA1
aa9c8cef79dd117c0f557d8c4873bd921246a0bb

SHA256
805e9817bc2dd5c287446e53fe4ce4f566183d6516fcd9d1167e7f3a4b08a9a5

SHA512
f48e507102258d601d114feccf4356abc0726bc78fd56c0400c4c6fe94639e0e66ed4c42715fb53a16ed6850a8e81745e6580922ab17fa6680cd4ba3e161fbaa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
efb1028a7e6159c2e0a2bd41257c2105

SHA1
11873cbfc504ad2ab08c9682e8e6cafd0b184a68

SHA256
ff48b8bf355ed5a983d67f8159d9824f3c019e8513ab6116decbc7f0e40b410a

SHA512
1a93b5a6767ef611a2dbe0bed575d31994bd7c0c57c72f5c9197c9c7edc0a3cbc707ffa5c1cbfdacd5ddafb86909025b8338f6e2705f5f81d56080fb1e69b258

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
a4eee825899ebc778c07b9f2aaaf9359

SHA1
cd1f87ee8b6f24ee5f417c7335015d5b684ceec9

SHA256
e01da27cdd84ce43ba8762bd77999d41176619372c185551b346f8319d50d853

SHA512
c73eb948cd54837f7fbfdb95a9a68075419a3c81000394f0f1e2594be3dd668bc7cb5f987d281900d21a92483d2d815cb8f71126f444781d77b4aa9d5fa73ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
13a894154ce2ea0344a54d8941613173

SHA1
20cd2867c5805814a7563f24e508e3aea74b1746

SHA256
bc5f530615ea275abe72b8ae1f97266c99dae10b7877547acaeeb5db876cf1ef

SHA512
236f795af0d4f544b1f60188db65e563fbf9499c082dca560adf729d8bfb0baf8953860167acd4624ad581ef9b88543d2e11e95b000b621b58d358780c89a857

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
232acb0132e773df26ba00bae2c104b9

SHA1
65bcc6dc2072be89c8ba28d03f91450c6cdc5fe7

SHA256
36e93abce798bb6cfc1ef01037ca56799988e79bb63529f03c9fc7e08497a9af

SHA512
4fb82bee0a143bfcc9755269e0460bc618b8591aa8e140626ea04a2f493c8efd127badb1f36132acec336a59276e96dc1286a55e0cfcf3504e7fad47b25f722a

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini

Filesize
646B

MD5
f07150054a6afff4d8e9d58899167722

SHA1
e092cd960ab728667d91b37d64a02d7f6821518b

SHA256
5b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0

SHA512
8c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk\res\mipmap-xxxhdpi\app_icon.png

Filesize
25KB

MD5
23ebb44f8e6c793d4435d060f36fbbfd

SHA1
aab038dbc244f91d307c31594b2a6474f359477f

SHA256
eedd41a8ff61128d9860820c28730e5b670a65fde2d95d11864a08ff816c10a2

SHA512
c3752bb519618290fb2b46d1530ad6194a688248ab817b78f2c156e3c4cbb7b5f8744f7776de14210521decb78b514962c393a0ac34c658e4677bb4b19e2a7bc

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\Mookie 2.apk\smali\bitter\jnibridge\test.1

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 168304.crdownload

Filesize
20.8MB

MD5
1e005973da05e0682767b687e3501f58

SHA1
439cc1f781dd48f3a771eafec1fd1661f52b57a0

SHA256
6c5a7fb80b7a7c6433d69a6d2fd37fa4d42e97a9ca01b7ccaf4412d5f3c9aef6

SHA512
e5315da2609e163f2dd28976f4295ff081a1069256d901c368042342ffbe1cb6be1ad205fa45b8fbe28ea73c7200c039b06e0c4efd53cef55bf05048c3340885

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 679285.crdownload

Filesize
4.6MB

MD5
d401161afb56b8647202e031cec1ae78

SHA1
6eb7ed61ccdb0bd5018271a3ec24b63b913fc281

SHA256
81470eb5917705fa0df03181b8112422671842bdcec5252a7894975b38058c91

SHA512
01df1134b9f4d6bb44a8f23a9ba8191dbfb20ed1eb5f249331000955f6b340b1e3e3a6c0e237456a39a712f77d90fe85fc4b946832c88fe4617e45daea9c966b

Download Submit
C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSI1D1D.tmp

Filesize
244KB

MD5
60e8c139e673b9eb49dc83718278bc88

SHA1
00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

SHA256
b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

SHA512
ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

Download Submit
C:\Windows\Installer\MSI638E.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\e5b0f61.msi

Filesize
29.3MB

MD5
7f7a2c9903b501e6be319643903bd746

SHA1
a9701397d76ad81cb24ab9839c1f6a55fe6c53f8

SHA256
fc0dd518f516da1c1d23a7bf46872a36e2010fd34f5e1218d1bbc13982e5ce8f

SHA512
eacb67d3cb534bb87d34f57049592f164e26f3669317e0524e0ae784bb4414e63ffbde24d82a8971629c203e689a64e15631f62754feae1ad65718d772d660b2

Download Submit
C:\Windows\Installer\e5b0f70.msi

Filesize
2.8MB

MD5
530cdc2131a73274841b3b252c4f25c5

SHA1
f94d26a2b5e25553f45606195e36602f99d9fd16

SHA256
6dbff1653d21d8a5abac7810e3633b19ff79c17c65b3ed923c956d94bae6911c

SHA512
bba32fc50ac3240f84f723610978c26ed721d9aa53120d0490c1c2c7a132afecae934a8d880af927ad0012e9d3bf3b51a74c84ff4995678fe317c351b6bc4121

Download Submit
C:\Windows\Installer\e5b0fb7.msi

Filesize
9.8MB

MD5
95ef87ddde1ab91572fad2b265a1c0d7

SHA1
6ce9eec5c6dba24233f29cc790e7578e49ec6a73

SHA256
ad640d7c9a7acce17f117607b6bbff38d4d1bc4e90b8f08fe9541fcfc12f5ead

SHA512
30c796bac647b2999e354be1c4db0cf95958a97881030ced6631101c75fa6d4ddf3b60a3c40e92e61a78ad53bb8f2093786026ad857ec0a5c2365dd0e7210d5a

Download Submit
C:\Windows\Temp\{2244892F-A3C7-4F9D-A799-CA434E9FD047}\.cr\dotnet-sdk-8.0.302-win-x64.exe

Filesize
638KB

MD5
17d65c997840d353675b0a994998108d

SHA1
3bad1ce7d70b0858e0d15663c9bc20554e394986

SHA256
73566ff17c61e86a5b4665301e6c50f50fbd645ba5536a80a50424d209be3599

SHA512
cc367dc1a62379e0e50a0a67b6840debd049a4c20c029929795ad23bcb048b7194e0eedfa6fdad56b2f28d90ebb31616918f932f5b8a43bda24e11d62e7d7305

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\.ba\wixstdba.dll

Filesize
215KB

MD5
f68f43f809840328f4e993a54b0d5e62

SHA1
01da48ce6c81df4835b4c2eca7e1d447be893d39

SHA256
e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

SHA512
a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\Finalizer

Filesize
170KB

MD5
38f91969ff82209c624d004795e14066

SHA1
786c2aa3ca0b2f9845e377b480dc9cb06045dc70

SHA256
da912e5cb5b749cd65b67c650808400db80a3401b32dae74c3561d034e4e2cce

SHA512
f597c1066d8296a8812531e24d8d9614f0db4136f30e941d0526ff62da319c16db88476492d2584827c6d3f5ecd73533b5ea74a110d63ce5b1edcc9dd0784a9f

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_apphost_pack_8.0.6_win_x64.msi

Filesize
4.6MB

MD5
3a859c59aff2bf33f8e2d9c0db02896d

SHA1
9a7b6c27076a7ca196937664ede41dc53340d823

SHA256
c1756025a4bbd7f6c0004c29c700c88c1e1f3b2c0d705ec210ec0e75d23596cb

SHA512
9680b79a079a59db8a30ec2eb8f122e7302a70f2099819802e0efe288661166dc2f587f7be68e8b9cf2a94fde7415e5d3d13b87b713a6e5e300f622c56b3f8c1

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_apphost_pack_8.0.6_win_x64_arm64.msi

Filesize
4.3MB

MD5
44fb621ea4f6a6928e727b327b89e6f2

SHA1
dbf48dbbd16b20b1bf1e7bad2e5379068abd3ba3

SHA256
d66f8bf0592028ee30749a6a76ebde5faeaca99672fd853993f906b7da0618f3

SHA512
656c8e8b882a53990a47141e7ea9a417b6bb9fadcb36865e59c2ea127da9daf1341316ed8a2ac9e0bc121b6a08bb8e1e61672ac45d7919ff32aad10794fabd63

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_apphost_pack_8.0.6_win_x64_x86.msi

Filesize
4.0MB

MD5
665944ffd740fd6a3be01598a10ef391

SHA1
622ceedccb1a06595ef2bba2d199571dfaba2f0a

SHA256
f0b811f806869beaa54e84c898cb80fd5ec20efe613b6b6b3f8f1a9b1bd558a9

SHA512
4c5dc8113a968ef81377ad04a2c8fc991d9ea76afe5a2afd200a7953ecf40cdc75c83a3b3a6e792b56e63f57a4e5e8fc071df5613733a3548d4804b6137bfdab

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_host_8.0.6_win_x64.msi

Filesize
780KB

MD5
98b6ac90f0e0a7f43e3c88f9099ad70c

SHA1
564ee5e09f06404a37c9ef685f2336e5d86a44f7

SHA256
cdb9f64aa7845a05713ba42ece610a18c3db1aeb9b11dd33d8ad010c2c0fbd8d

SHA512
5feeebaa78617f46b424c4e3e17ff9ea65ec226c8e0a79d8434df3d92aa9e131f96909a64956569c36e1d23f0b9b2c6abb245ca3c89ce3c07b7c93d149028cdd

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_hostfxr_8.0.6_win_x64.msi

Filesize
848KB

MD5
357c01acfdb40c0d8fe9be487170da5d

SHA1
eeaf7b56b79013f8ddb1b9d90421f2e03378d81b

SHA256
4952b61ca4cd19c4690a24f30f1f437cb416d06756330345e3fa821b9b90f44f

SHA512
152556764f958e8c3a9096e0e87ce4893ff93358be279a9a2ad9ada58f011a99a7fd4342ab0685998b0e90673a341e02fb18bc92d8ce0d5dcf7156eb70c4aec7

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_runtime_8.0.6_win_x64.msi

Filesize
26.2MB

MD5
9616c0869dffc30a2923a890d8b14a67

SHA1
174affdbc38a3c7fc15e48528c80e7168d228be0

SHA256
5b58566f0b0520d92aa9fbe75b75d6942bf1cf012d80c44d3af96ded3824c3d4

SHA512
d5252b4a86a674fcf460a65223dd3261816b6e7865f7b6c1f387b682090e8e6f92601e7b67cff57856b52c086add10e4d55189451ef26829f2a256ba621bcf24

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\dotnet_targeting_pack_8.0.6_win_x64.msi

Filesize
4.7MB

MD5
a9e3c7716c12c4137e7798386dc7b1f7

SHA1
83645f19a7cab29f798746cb35588e4c24a19ed0

SHA256
16aeddf4eb276de2c49c9f7e304b8d1fe3e423e42d90a9c92416f91dc0e95240

SHA512
28b010688ff10987d586c6827702e93881a2ea26100e5ac7ad4884ece0c539f52654f06468619461775797372b8a0a2fad72a3dabc7d135a55ff3896caeef0fb

Download Submit
C:\Windows\Temp\{C35F77BB-01DD-4CCA-A63E-D30C28ACBFB5}\windowsdesktop_targeting_pack_8.0.6_win_x64.msi

Filesize
3.7MB

MD5
3497d3c2eee3fa306123f21e9e0bfef9

SHA1
6ea031f3890cb2fc7c66c865acd33ef48532411a

SHA256
fb02994080471ff89ce238e279e86cde7180253cbb261886744d9e118916cb33

SHA512
bab4ae91fc2845fe058e8be728a46ce7192f261d70135ead064c86cae56aa1b59efd44b1299ed4de0b7b72da62ec5d1b7cf707070b4dbe8ef76852c92837a9e0

Download Submit
memory/32-8544-0x000002463FA00000-0x000002463FA01000-memory.dmp

Filesize
4KB

Download
memory/32-9189-0x000002463FA00000-0x000002463FA01000-memory.dmp

Filesize
4KB

Download
memory/32-9179-0x000002463FA00000-0x000002463FA01000-memory.dmp

Filesize
4KB

Download
memory/32-8622-0x000002463FA00000-0x000002463FA01000-memory.dmp

Filesize
4KB

Download
memory/1168-8464-0x0000020FBD2F0000-0x0000020FBD2F1000-memory.dmp

Filesize
4KB

Download
memory/1188-8437-0x00000259D8690000-0x00000259D8691000-memory.dmp

Filesize
4KB

Download
memory/3892-8475-0x00000229358C0000-0x00000229358C1000-memory.dmp

Filesize
4KB

Download
memory/4364-9190-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-8312-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-8487-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-9193-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-9195-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-9207-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-9208-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-9209-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/4364-9212-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/5212-8486-0x00000193EFB80000-0x00000193EFB81000-memory.dmp

Filesize
4KB

Download
memory/5704-8453-0x00000176F5EB0000-0x00000176F5EB1000-memory.dmp

Filesize
4KB

Download
memory/5704-8450-0x00000176F5EB0000-0x00000176F5EB1000-memory.dmp

Filesize
4KB

Download
memory/6104-8426-0x0000015F7FB20000-0x0000015F7FB21000-memory.dmp

Filesize
4KB

Download