hxxps://download[.]visualstudio[.]microsoft[.]com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8[.]0[.]302-win-x64[.]exe

Analysis

max time kernel
1045s
max time network
965s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-10-2024 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
3748	dotnet-sdk-8.0.302-win-x64.exe
5684	dotnet-sdk-8.0.302-win-x64.exe
6056	dotnet-sdk-8.0.302-win-x64.exe
4036	dotnet.exe

Loads dropped DLL 64 IoCs

pid	Process
5684	dotnet-sdk-8.0.302-win-x64.exe
3836	MsiExec.exe
3836	MsiExec.exe
5644	MsiExec.exe
5644	MsiExec.exe
3924	MsiExec.exe
3924	MsiExec.exe
3924	MsiExec.exe
3924	MsiExec.exe
1048	MsiExec.exe
1048	MsiExec.exe
668	MsiExec.exe
668	MsiExec.exe
2736	MsiExec.exe
2736	MsiExec.exe
6064	MsiExec.exe
6064	MsiExec.exe
5236	MsiExec.exe
404	MsiExec.exe
404	MsiExec.exe
2428	MsiExec.exe
2428	MsiExec.exe
2488	MsiExec.exe
5420	MsiExec.exe
3320	MsiExec.exe
6124	MsiExec.exe
1764	MsiExec.exe
5856	MsiExec.exe
5604	MsiExec.exe
2084	MsiExec.exe
3116	MsiExec.exe
3288	MsiExec.exe
3404	MsiExec.exe
5176	MsiExec.exe
4496	MsiExec.exe
5916	MsiExec.exe
5740	MsiExec.exe
5372	MsiExec.exe
3848	MsiExec.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe
4036	dotnet.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{edc38f90-e61a-4ce9-b8c2-759325351312} = "\"C:\\ProgramData\\Package Cache\\{edc38f90-e61a-4ce9-b8c2-759325351312}\\dotnet-sdk-8.0.302-win-x64.exe\" /burn.runonce"	dotnet-sdk-8.0.302-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldocumentation_9_minimum.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\de\NuGet.Configuration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\fr\Microsoft.CodeAnalysis.VisualBasic.Features.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_8_all_warnaserror.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\Microsoft.CodeAnalysis.CSharp.Features.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitLab\tools\net472\pl\Microsoft.SourceLink.GitLab.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.6\analyzers\dotnet\cs\de\System.Windows.Forms.Analyzers.CSharp.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.BeforeCommonCrossTargeting.targets	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Authentication.Cookies.xml	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Components.Web.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Xml.XDocument.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\cs\Microsoft.CodeAnalysis.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.6\System.Transactions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_5_recommended.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\targets\TransformTargets\Microsoft.NET.Sdk.Publish.TransformFiles.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Web\analyzers\cs\Microsoft.AspNetCore.Mvc.Api.Analyzers.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.AspNetCore.Http.Abstractions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.6\ko\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.DataProtection.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Roslyn\bincore\de\Microsoft.CodeAnalysis.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\pl\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Mvc.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\fr\Microsoft.CodeAnalysis.Workspaces.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\tr\NuGet.Packaging.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net472\System.ValueTuple.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\aspnetcorev2_inprocess.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.IO.Compression.FileSystem.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\System.Linq.Expressions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Microsoft.DotNet.NativeWrapper.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\pt-BR\Microsoft.NET.Build.Containers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Http.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\build\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\ko\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\targets\Microsoft.NET.Sdk.StaticWebAssets.Pack.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\codestyle\vb\tr\Microsoft.CodeAnalysis.CodeStyle.Fixes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\ru\Microsoft.VisualStudio.TestPlatform.ObjectModel.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_9_all.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\es\System.CommandLine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.Authentication.Core.xml	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\Microsoft.AspNetCore.Hosting.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysisleveldesign_5_recommended.globalconfig	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\Microsoft.DotNet.TemplateLocator.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitLab\tools\net472\zh-Hans\Microsoft.SourceLink.GitLab.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\zh-Hant\NuGet.PackageManagement.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Roslyn\bincore\Microsoft.CodeAnalysis.CSharp.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\trustedroots\timestampctl.pem	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Roslyn\bincore\ko\Microsoft.CodeAnalysis.VisualBasic.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\Microsoft.CodeAnalysis.Workspaces.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.6\ref\net8.0\System.Globalization.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.AspNetCore.SignalR.Protocols.Json.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Web\Targets\Sdk.Browser.targets	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\de\Microsoft.TestPlatform.Build.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\zh-Hant\Microsoft.DotNet.Cli.Utils.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\zh-Hans\Microsoft.CodeCoverage.IO.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-arm64\8.0.6\runtimes\win-arm64\native\nethost.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-netcore\pt-BR\Microsoft.CodeAnalysis.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pt-BR\dotnet-format.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\zh-Hant\Microsoft.TestPlatform.CrossPlatEngine.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk\tools\net8.0\Microsoft.Deployment.DotNet.Releases.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.6\ref\net8.0\Microsoft.Extensions.Http.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\de\Microsoft.NET.Build.Containers.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.6\System.IO.Pipelines.dll	msiexec.exe
File created	C:\Program Files\dotnet\sdk\8.0.302\ko\NuGet.LibraryModel.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Host.win-x64\8.0.6\runtimes\win-x64\native\libnethost.lib	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI2437.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6BE0650D50726D1B.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b79a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI30A8.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8E3D84DD0B55045F.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID25.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1C3E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b76d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b7a9.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF46082B2F2E986885.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{1D322079-F409-3868-944E-AD06A17806A1}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI25FE.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB11A26B50005A5FF.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795	msiexec.exe
File created	C:\Windows\SystemTemp\~DFAEB38A451EA6B6F1.TMP	msiexec.exe
File created	C:\Windows\Installer\e58b772.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF927C5E7221146BB7.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI18F0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2A58.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0EF5DD4D-EC49-4AE7-8C9A-F64FF8B3EA58}	msiexec.exe
File created	C:\Windows\Installer\e58b7ae.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8B0269F69505BBDA.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2832CA13-6850-440C-9839-16B2D01909F7}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICDBE.tmp	msiexec.exe
File created	C:\Windows\Installer\e58b744.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFA16.tmp	msiexec.exe
File created	C:\Windows\Installer\e58b749.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF746.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b78b.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFFC0E267CCA77974A.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b77c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF28E9F2AD09EA20B5.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA096291E6F97FB08.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE685.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8E68FFFE01B0AB76.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB14A699695F21FB7.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF845E0C2BAC781C5C.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F69305BE-6EFA-45D0-9635-752373304A1A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIED41.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b781.msi	msiexec.exe
File created	C:\Windows\Installer\e58b7a9.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA1D2396892BDFF46.TMP	msiexec.exe
File created	C:\Windows\Installer\e58b745.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1AD2CD7330679B12.TMP	msiexec.exe
File created	C:\Windows\Installer\e58b762.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b763.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA78C514CC495EFD0.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF21C8A2F5D843A387.TMP	msiexec.exe
File created	C:\Windows\Installer\e58b73b.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6BF59E75-BE05-4C69-9C48-3532B6DE0EC5}	msiexec.exe
File created	C:\Windows\Installer\e58b771.msi	msiexec.exe
File created	C:\Windows\Installer\e58b776.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3604858E70EE9B19.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF5CB6CA3E9A0C6333.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICFF2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b73b.msi	msiexec.exe
File created	C:\Windows\Installer\e58b763.msi	msiexec.exe
File created	C:\Windows\Installer\e58b7a3.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF59BF8E706301ECAA.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b74a.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7A1F260E767F01A8.TMP	msiexec.exe
File created	C:\Windows\Installer\e58b768.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB670833F279A070C.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3781.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openssl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ApkToolkit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openssl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotnet-sdk-8.0.302-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aapt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 57 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6BCB4186A215FA150EF214206EA428DB\3F085679017B67C4D821BE9150383307	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{edc38f90-e61a-4ce9-b8c2-759325351312}\ = "{edc38f90-e61a-4ce9-b8c2-759325351312}"	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0\0\0\0 = 4e003100000000005159a9bb10004461746100003a0009000400efbe5159a9bb5159a9bb2e000000bfca020000000900000000000000000000000000000056af78004400610074006100000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9FB75A5BA7CF6AF4ABBE641E3789D63F\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\32E6B45832BD9644492B42CBB3CD9AE6\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9FB75A5BA7CF6AF4ABBE641E3789D63F\F_DependencyProvider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D4DD5FE094CE7EA4C8A96FF48F3BAE85\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BBECEB62ED1345840B91B98BBEBFDB1F\F_PackageContents	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net6,8.0.100,8.0.6,x64\Version = "64.24.15199"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3F085679017B67C4D821BE9150383307\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\872C68125B55A80630D6B65F936D34F4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0CEDFE95C285B077E86365139C4E8BD1	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.24.15199_x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64_arm64	dotnet-sdk-8.0.302-win-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.24.15199_x64	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0\0\0\0\NodeSlot = "10"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Mono.ToolChain.net7,8.0.100,8.0.6,x64\Version = "64.24.15199"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.24.15199_x64\DisplayName = "Microsoft .NET AppHost Pack - 8.0.6 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\40533F750E62A00488FB80ED832F9352\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B78A30BB69F4FE44FACAF3D2F9C9DEAE\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\DisplayName = "Microsoft .NET Host - 8.0.6 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3F085679017B67C4D821BE9150383307\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DED415AD20FAF84E8838E682549E674\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\31AC23820586C0448993612B0D91907F\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AAE4A3EA1C97235328B42A3D91A58152	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\0 = 6e003100000000005159a9bb10004348494d50437e312e41504b0000520009000400efbe5159a7bb5159a9bb2e000000b9c90200000009000000000000000000000000000000ff143d004300680069006d007000430068006f006d007000560032002e00610070006b0000001c000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\970223D1904F868349E4DA601A87601A	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.MacCatalyst,8.0.100,17.0.8478,x64	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27418C6A24027FE498953A9429677C84\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\79CA3E6CD0495E64C853402947130D80\F_DependencyProvider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\Version = "1075329887"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB7C1BA431E2BD53D8863FA976A0F557\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.24.15199_x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\970223D1904F868349E4DA601A87601A\PackageCode = "3A9545B7E74904846ABE4C7DE650687B"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DB9E09EB14A57123299C1CD44F7E035F\0D6FE611E8EAD6E40B8DFE1F54DC54AD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\79CA3E6CD0495E64C853402947130D80\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 500031000000000051594ebb100041646d696e003c0009000400efbe47594b6051594ebb2e00000033570200000001000000000000000000000000000000bed52501410064006d0069006e00000014000000	explorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C6A4C95452E91842B45B0F41F7774BE\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\Version = "1073747250"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C6A4C95452E91842B45B0F41F7774BE\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\11D7DF398422FD84489AF8664EE54371\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.Current,8.0.100,8.0.6,x64\Dependents	dotnet-sdk-8.0.302-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF1DDEAE67888DF4896AA34F93884741\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\970223D1904F868349E4DA601A87601A\FT_ProductInfo	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AC4835B8981DEFC4D80FD2504BAE4899\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_targeting_pack_64.24.15199_x64\ = "{A514DED0-F02D-48FA-8E38-E88652946E47}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.9.36482_x64\Dependents\{edc38f90-e61a-4ce9-b8c2-759325351312}	dotnet-sdk-8.0.302-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3F085679017B67C4D821BE9150383307	msiexec.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 763187.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ChimpChompV2.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\uabea-windows.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3844	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
3128	msedge.exe
3128	msedge.exe
1620	msedge.exe
1620	msedge.exe
1800	identity_helper.exe
1800	identity_helper.exe
5444	msedge.exe
5444	msedge.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe
5960	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3844	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	5960	msiexec.exe
Token: SeCreateTokenPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAssignPrimaryTokenPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLockMemoryPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncreaseQuotaPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeMachineAccountPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTcbPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSecurityPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeTakeOwnershipPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeLoadDriverPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemProfilePrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemtimePrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeProfSingleProcessPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeIncBasePriorityPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePagefilePrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreatePermanentPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeBackupPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeShutdownPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeDebugPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeAuditPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSystemEnvironmentPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeChangeNotifyPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRemoteShutdownPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeUndockPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeSyncAgentPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeEnableDelegationPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeManageVolumePrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeImpersonatePrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeCreateGlobalPrivilege	6056	dotnet-sdk-8.0.302-win-x64.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe
Token: SeRestorePrivilege	5960	msiexec.exe
Token: SeTakeOwnershipPrivilege	5960	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3844	explorer.exe
3844	explorer.exe
3844	explorer.exe
3844	explorer.exe
3844	explorer.exe
3844	explorer.exe
3844	explorer.exe
3844	explorer.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2780	ApkToolkit.exe
3844	explorer.exe
3844	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 3528	3128	msedge.exe	77
PID 3128 wrote to memory of 3528	3128	msedge.exe	77
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 5080	3128	msedge.exe	78
PID 3128 wrote to memory of 2860	3128	msedge.exe	79
PID 3128 wrote to memory of 2860	3128	msedge.exe	79
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80
PID 3128 wrote to memory of 1140	3128	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.visualstudio.microsoft.com/download/pr/b6f19ef3-52ca-40b1-b78b-0712d3c8bf4d/426bd0d376479d551ce4d5ac0ecf63a5/dotnet-sdk-8.0.302-win-x64.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbbd233cb8,0x7ffbbd233cc8,0x7ffbbd233cd8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5444
- C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe
  "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3748
- - C:\Windows\Temp\{1D37A76F-D192-426A-9099-326AC1B4722B}\.cr\dotnet-sdk-8.0.302-win-x64.exe
    "C:\Windows\Temp\{1D37A76F-D192-426A-9099-326AC1B4722B}\.cr\dotnet-sdk-8.0.302-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe" -burn.filehandle.attached=608 -burn.filehandle.self=756
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5684
  - - C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\.be\dotnet-sdk-8.0.302-win-x64.exe
      "C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\.be\dotnet-sdk-8.0.302-win-x64.exe" -q -burn.elevated BurnPipe.{584166F9-FBAE-49E0-88DB-A30D12E4B5C0} {CCDE5D18-1FEA-4E70-AF47-E33CBFED4998} 5684
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3400 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,15109150315869592271,14195364067979668355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5960
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5929DEFC8602C14E7105B1841FD5EA77
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3836
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 25D75E07406A214A5AFE509D0844CE64
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5644
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8C1158916AB2CD12016C5495E313F9EE
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3924
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B4CFE44C3BCEAAEABA8F28824B1CBBC6
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1048
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D180890CC818D9AD4742D1C1628085A1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:668
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 896EEDC6D6C8E0C0E954F05870684108
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2736
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D24F01D6A67C4A735B1B04BFA8452703
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6064
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F05F7035E8964C383A2E18BF92AC2082
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5236
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 21C4CC48A657EB34AA0AA871CE30628D
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:404
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 62664583098960DDB2FCC9134013BB58
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2428
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 885B88C9095A269563079B25C567297E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2488
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3FAB5D6A2697D76F4CB75A088417EE78
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5420
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 82A40B490881494EA79ED4065BF5A0D8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3320
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7A8AEAD090B039FECCED645BD9CC9E91
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6124
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 541452B9D2CAC3ED9044015C9D6618A1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1764
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8C6C2D28CAEF2F0D10AE4605DAFD2B94
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5856
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4D9E398F4EE9C3E58C833C8B5C420442
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5604
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A131ED32EE198F088CABB67416F88754
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2084
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CF20BFD9A85683CD975BE4666955E3AB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3116
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B1E7CE8091425D0DD292766BE22F8D90
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3288
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding FE245CD61DEEAEBE62732C369F3B454C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3404
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0286D608F2BA36F71C7E3802EAF86756
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5176
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 43041159BD82EB17656D7E5BCA9775B1
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4496
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 347FD1E43C19521991A9A7151E770B65
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5916
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1B9E35C4B2EAF22B8FCDE3619A6CDC9C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5740
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C5F45C463B1BB25731452B6DFC4D8FCD
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5372
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DC69AB54C6888BBCA1D8A13B9E6BC67B E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3848
- - C:\Program Files\dotnet\dotnet.exe
    "C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.302\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4036
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:2840
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:3140
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5936
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:5572
  - - C:\Windows\system32\getmac.exe
      "C:\Windows\system32\getmac.exe"
      4⤵
      PID:2272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6F91BD72E895C7F4A6D39FF5390A0542
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2732

C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe
"C:\Users\Admin\Downloads\uabea-windows\UABEAvalonia.exe"
1⤵
PID:5560

C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe
"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2780
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1012
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3668
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2488
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -version
    3⤵
    PID:3168
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2196
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
    3⤵
    PID:5968
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3420
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
    3⤵
    PID:4068
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4768
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
    3⤵
    PID:5576
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5280
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
    3⤵
    PID:3620
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2324
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\APKEditor.jar"
    3⤵
    PID:1524
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version"
  2⤵
  PID:4716
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\adb.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2416
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6112
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2884
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4884
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" version
    3⤵
    PID:4756
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5096
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1552
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2104
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" version
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2200
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\ChimpChompV2.apk""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:964
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump badging "C:\Users\Admin\Downloads\ChimpChompV2.apk"
    3⤵
    PID:760
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\armeabi-v7a""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:784
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\armeabi-v7a"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:468
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\arm64-v8a""
  2⤵
  PID:800
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\arm64-v8a"
    3⤵
    PID:2208
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\armeabi-v7a\libil2cpp.so""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1916
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\armeabi-v7a\libil2cpp.so"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:232
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\arm64-v8a\libil2cpp.so""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1352
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "lib\arm64-v8a\libil2cpp.so"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3804
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:560
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "assets\bin\Data\Managed\Metadata\global-metadata.dat"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3424
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "META-INF\*.sf""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:888
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" l "C:\Users\Admin\Downloads\ChimpChompV2.apk" "META-INF\*.sf"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4916
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\ChimpChompV2.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\ChimpChompV2.apk" -aoa"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4644
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\ChimpChompV2.apk" "META-INF\CERT.SF" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\ChimpChompV2.apk" -aoa
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1060
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\ChimpChompV2.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\ChimpChompV2.apk" -aoa"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3296
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\7z.exe" e "C:\Users\Admin\Downloads\ChimpChompV2.apk" "res\mipmap-xxxhdpi-v4\app_icon.png" "res\mipmap-xxxhdpi-v4\app_icon_round.png" -o"C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\Temp\ChimpChompV2.apk" -aoa
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5988
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\ChimpChompV2.apk""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5432
- - C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe
    "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\aapt2.exe" dump permissions "C:\Users\Admin\Downloads\ChimpChompV2.apk"
    3⤵
    PID:1792
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\ChimpChompV2.apk" "C:\Users\Admin\Downloads\ChimpChompV2.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5776
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" d -b --only-main-classes --resource-mode remove -f -o "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\ChimpChompV2.apk" "C:\Users\Admin\Downloads\ChimpChompV2.apk"
    3⤵
    PID:2788
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\ChimpChompV2.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2116

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58b729.rbs

Filesize
47KB

MD5
a4221112c76b5ac3fb0b8930c936b89e

SHA1
50271aae8f3bc52db57593a11525c6438b7e1f34

SHA256
e1d7ea413058e74ab7617055bd94a262cf128a4f4a3c7b41712979570c9e1adf

SHA512
e59f05f7e15d0f5e34921fad75fa99aba5a8e25b5626b18bf11f8f8d84fd6be3163118a880b9e586c12d42587a560e8fad600019e34b120e54949777ce8963ff

Download Submit
C:\Config.Msi\e58b72e.rbs

Filesize
9KB

MD5
a396d4dc0ee2e083402c15a333c04d82

SHA1
8e0da2f61f61a064126f985cb228ec4aeed013d3

SHA256
2d14274dae5afc9c60575697c0eec1e3da4ffab7ba28df95a094221959528fae

SHA512
bd51eb3d4a339ef968b34a597247d5cf5b12dea4526ac5881111fdcba0a24f932f42cc1b79e023fd103fb3451f4045cea00fff19389470b65139eb5ee8bc4bc9

Download Submit
C:\Config.Msi\e58b733.rbs

Filesize
11KB

MD5
92bfaa911b053e7e5ab9cb02a3a24c0f

SHA1
9bf21d67a20cdc5a606332fc25d2fd2f8da6c4ac

SHA256
59bd22d80bf1e6cb32c7c9b61ee64b11de0f969d4af90a6cbc4275e858a4dd03

SHA512
bc3328cca1d5c84d1c3e0404b53a48dccfef9995c7b3d8be8e9bd8b855fb4debcc4f78338e264b2d47fccc9e93c3036cda444b6fa437704868815d15c9ac06b4

Download Submit
C:\Config.Msi\e58b738.rbs

Filesize
8KB

MD5
bb9a7de708f4244962fc0b098d16251c

SHA1
b1566577a3d3cf54829f8605486032dc57eac0d7

SHA256
370087c8c67e4208108bd2f5dffdda11ea6c328ec6533019a69e6c7b985627d9

SHA512
059d2f1398c9cdbce95ce5a90a9e15bc8d6d2140ee961d44577bebbe9ad302456382a6e236d42792452c54838bdbad5e2201162d2c6ac0195b6e462703de89a0

Download Submit
C:\Config.Msi\e58b739.rbf

Filesize
143KB

MD5
33b4c87f18b4c49114d7a8980241657a

SHA1
254c67b915e45ad8584434a4af5e06ca730baa3b

SHA256
587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

SHA512
42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

Download Submit
C:\Config.Msi\e58b73a.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Config.Msi\e58b73e.rbs

Filesize
93KB

MD5
8337824fb7ce5a1f28bf981113b9622e

SHA1
c94a78b95e75abd8c3f94da7ac89c5cdc89ae554

SHA256
55d79c210e6fcaca77da0782665e5b34eb36689d478b8c0a50808ac7b59e3be9

SHA512
0af4550a7502ffbef20dbe5937b764bfdd169bf132dc958fdce9b0811af88b70198d7e90ab5104fa2e8e27f8531f686a5b0701ad679da35090a5f2c16c251f63

Download Submit
C:\Config.Msi\e58b743.rbs

Filesize
11KB

MD5
22e54bb2a51762a9c687e5f0483702c1

SHA1
e14cb8286c9a4604439472877a80adf9ec359c96

SHA256
507d6e67ee13680e1f08a81929502abf903ac608b0ecf74933d3b402761f8d0b

SHA512
e0c7bbe0bf8865dac681d689307b7c489f8cb4f246dc0360222a391dee7454ed00619512319091a28316f567a2ac3769bff037b115c69caa927099be2a9eb888

Download Submit
C:\Config.Msi\e58b748.rbs

Filesize
11KB

MD5
2690d7210ad9c7baee8509a418047fec

SHA1
8b3bfa6702bf42a50528a357c0226ad1940d5c28

SHA256
900b3b571bf52816a4c573c58ce7433f7b8fff4e8d1e952125176a6f6636bc35

SHA512
9b9ca259e209b8cff48fe06c379e9e3bbd434731e5589e6118ad081e716da0b1746aef6d9d79d5e00301fc7879ccb3fd84bc4f92ecdca8d5a3462034f7bac890

Download Submit
C:\Config.Msi\e58b74d.rbs

Filesize
11KB

MD5
d644dff74321b3d55b7088c7ad802447

SHA1
235a18b216270787a7f787bc9b58d070c0979d95

SHA256
6d65ca3b369744072458bc39746d0872d2781de75bef3ce55a878b4a46eb840d

SHA512
3941d92e11fc5e570a21d288770341f5e2fb4ef646d8adb2dec2b164f14adc8e003fef14e64685ddb21542323ff6a3b3c139ca4bab20e08374fd710614149ebb

Download Submit
C:\Config.Msi\e58b752.rbs

Filesize
35KB

MD5
f765c4504a4f05336f466a8e1d3c99f4

SHA1
349b11e2004b9b576597bed493f795b2f3bd355a

SHA256
e46bd99e1bcc2096ff0ff02c4d268ed921e2882523ab6e4fbc25c5c64a42738c

SHA512
3fdd2f0d71be7dd3bdddfa9c3d319919d23a34aace95e66033c7b0fcf2e1a79c148d4c30ee0598a0dd5f86fd5e84fb984b45333cc702fa3ce4defb54cfb904d6

Download Submit
C:\Config.Msi\e58b757.rbs

Filesize
87KB

MD5
0ba5c40ec91c24e2c2ab5fd1a7bd7134

SHA1
6cc16238f7e4aad18706ee4e41e96ea78f2c61e5

SHA256
ae5d26ba94930cf8b58e5dd936ee650621aae190dc234c4cef98b11c0b9d60f3

SHA512
2079c25ef78539f141a3264d86d3925ae1bf363dbb8c89a2144a6a147cf6b75a4cb3f1fdee20b5535ecb2d5c8225de674b93201ed25204882d282886c0f63845

Download Submit
C:\Config.Msi\e58b75c.rbs

Filesize
40KB

MD5
35208961059256617a9fd2114452b889

SHA1
301b8827e899f5d4962eb76f128a9874239987db

SHA256
5519986be3be95b534619b8d9c04edb6792bec5048887d56e8cfa75165bf88c1

SHA512
ae62e3355f31a7c189a5ae85968706de9da34faff74d835309b58b6bd03e3ba934d143405137ebaa53bab99a690c89916b9d150eccbc3fca38ffa429ec467431

Download Submit
C:\Config.Msi\e58b761.rbs

Filesize
92KB

MD5
ce69333e694cebcf733670d6fdcb1ae9

SHA1
272cbcf3c730a7dbc6770873fa96b965fd3faa5f

SHA256
03d2fde3cf510071f893aa856b565c363e17a8f363b764557eaa843e145d6bfa

SHA512
44968a56b8d9167b72132545922c406aff9fbadde1533f6f5bf1049ab1a91300ea6e79081635388d657eada09a62f4f22175a20924f22e2d1cd5a65b8952a05f

Download Submit
C:\Config.Msi\e58b766.rbs

Filesize
9KB

MD5
b43378c8586d26686c80757535bdba30

SHA1
59bb82fda6240220a76c3730d913f1bf9e7bc0c9

SHA256
c333bcb21cd7d4cecd9a5101b8e9bcb4bac4767fed87021f9c88e9a0b6e67298

SHA512
6ec22e9a1fc63651f038f56787a7f9145158718d8f33fadfb42699a6eee0086084dc5f40ebc01fabdfc4cebe6016754f03735c790ce15cc04f03a67af7cd67ea

Download Submit
C:\Config.Msi\e58b76b.rbs

Filesize
8KB

MD5
054469cd6f46b866ebbb76cb955f1e21

SHA1
a1061bd2f264c7fa68818f3a7ca53e273102ce39

SHA256
9cbcb9bff3093252f992356f92e85b9ae2213572e6e867cd5d554a8fb59dc3e8

SHA512
d2049a1011a309ab06e7c54bdf710ee5a5d74fdcc09ce2c9d37b8007c28b6187ccd81860185c4942cdfa8043fc000fbf2b32dff26047a3aa5b9cea750702f070

Download Submit
C:\Config.Msi\e58b770.rbs

Filesize
8KB

MD5
929e6641a555fb5b665008fc7af30498

SHA1
2fcc4b0b512fc4ac1399e7275c72130e59a7bc3c

SHA256
6a342302f5dfb2a4aca93971583dbf5a3ac6f42e01d1129ed42e8802af06e35a

SHA512
957bbeb1e0ab2e5096778668dbd79bab776a9e711d41e38a8caaaba5a0b1b1c1ad6ebd6b33dd72dea3e27410057a4989e2bb8fbac0eea451f63c1ba81ddad136

Download Submit
C:\Config.Msi\e58b775.rbs

Filesize
9KB

MD5
74ebc900cf11ef11ca8b25ac6e939aac

SHA1
b1a70c2f8d3c867cbb818d497d32b8fe85709e8c

SHA256
2331194a1ee43d8731725837184cdc8ef1ad2ca3f42a2d25b9874476173c2baf

SHA512
798e4572a69feb7be52681076ebbe54660d5dd0accc882be56a936f74b727e29f686409078861df38121c23112de1ee19ee056ef711f013273bd5a5270f40ab2

Download Submit
C:\Config.Msi\e58b77a.rbs

Filesize
8KB

MD5
193ddc02331d2cc87360c36b3b6580d6

SHA1
7066f50a54c4126abd5977987e0dd5d04ec27875

SHA256
206bfa5413138f9546c9c7ec37d4efb84704343fba9b2d9dcb0dc94adf0ad328

SHA512
5fe27f175cd841b1747a6d3a673ff5cfe52dab0fd8dbbcf68127b71a939dc6396611a7c0092e6ff101b3dd368cd4f2f5ee83cf08d82c05bf0d22520324a36ab5

Download Submit
C:\Config.Msi\e58b77f.rbs

Filesize
8KB

MD5
3169ebebee112f23f062ea531eff9ad7

SHA1
2ba22421fab6c359cfa0ce869c6cf296efc10996

SHA256
99773aa1085d22c014a53352ab797601baaa819c4ad756c72869756f0771211d

SHA512
84a37ce112e29ad00da4754976b77b0a9f575b5ff1ec4917cc86886e0ebe7621fbcddce851d4eaa18e7168256979e81ae7d1dab10e57199e4aaba27203bf01ff

Download Submit
C:\Config.Msi\e58b784.rbs

Filesize
8KB

MD5
7850984acac2c6cef36133e84a7ff240

SHA1
95125f514d34fcc65d0b97d48e8eace778c1a94f

SHA256
e9a362923e8a8fc2bde7e6e3a754b235a691962aec6bfa59df0c30cd6bde8784

SHA512
cdb0d321114f2b099c39cfeafadead3d91858c2926f1bcdf616e1ffa6f3ad9d9f00b3246c7109c4a20b18618e558032e7b4e54d319eaa779c35cdfe2cffa71f6

Download Submit
C:\Config.Msi\e58b789.rbs

Filesize
14KB

MD5
95a2dee375909d234f7b412d82ae77a0

SHA1
abc385ec838a3f6e2d0a936315bdfcaed4b07830

SHA256
3e561131bf3d3c75bc8a8c571ae779f71499af97ec4fb0e3c34f126ed04c2a71

SHA512
529577a438d8ad6c66efcf4bc34e37731b35b15a4cb748f4e1d6a32975125e3b4666fedaf141174a28d42790495683b461045a659e59c6aa3edbbe5ba54e83d0

Download Submit
C:\Config.Msi\e58b78e.rbs

Filesize
10KB

MD5
09f5a8381f6bb9880fdda5a673c3f344

SHA1
2597a2b1cd17c9e66dda4cf5b490239e78a04f1c

SHA256
ab6c92051b1adedaf181fdb9751ff813c9eeb380ed843d9a96ce34969bbd1bf4

SHA512
ed1f5a98c80902649f63bc42ed9736357abd0610eb32e2b7f8f1bec3189e9a6a65baffc09a102cb0c849ab812e180ceb5e04b047fdd09ad401d2024786304afb

Download Submit
C:\Config.Msi\e58b793.rbs

Filesize
10KB

MD5
b893adb0205e9d4165a52c12ac823914

SHA1
526c44a018e8e5be47396db2fe0d4d71166e5d60

SHA256
327f905f927e7409a18aaed47e3b6a0b3f62b98f95dea86e2c8c5110ca4c2b60

SHA512
0aadfa680ae1a37e4e3f603d47efa56216c75a866d5ad8c0ba451bdb72b93e59b2c12d52c92ea70af30c19665689d669d27a0193014c4978d03f9cbef63f7ed6

Download Submit
C:\Config.Msi\e58b798.rbs

Filesize
10KB

MD5
a7f711bc8a42fa63f15876020f0e67cc

SHA1
c4a5b81769f23d53e2e3c83af3c9b994e97ae515

SHA256
6ab9d9d3121e7a705b977c4150967034a222173f0b567fb9087e869793563872

SHA512
93384b5d9079d98845db2660fe5565f9f67be4c43777683544a259e0b8026a2f1e0fde10738cc13400cb656a62a6de775f8380fb6a46eebccf7e6ae5ab6796f3

Download Submit
C:\Config.Msi\e58b79d.rbs

Filesize
13KB

MD5
5a995ccf4191256d5b40afb6265a784a

SHA1
7315544a7b0da7372f9d837b90cc3e41128d3556

SHA256
45d203812bbd98c27516ba18c6cdf241b9e2be318a6a0bc248648c97c97d83ad

SHA512
16b5fdc3c748f7ad4da30bc29c055b90ad46e422ac0b12f6f99f40e8e3f448a3e6e0e2857a0dd84e4b7001a7f015e73d87f1f108081d3d2d343c482db81c2f75

Download Submit
C:\Config.Msi\e58b7a2.rbs

Filesize
13KB

MD5
a6089cef0002f605763882327e41a0a5

SHA1
81cadfff37b435cb869a09b8c0bf750b1bce323e

SHA256
a5170a7df63f7343fc1430a386636be8d50aa648208f6f9b2d5d3ac6f87f0e53

SHA512
f188528d356ebda6e27f0310b66d74168aa3d6bf950224c76993f7ef18b448bcfdc3d43fc8da81821afa18e59009fd283e56e6857da66967222d4cdbd3b3fda8

Download Submit
C:\Config.Msi\e58b7a7.rbs

Filesize
9KB

MD5
36f870c10d497879be04b61d8f7e6151

SHA1
1ba6e969b9cce59668ce1c351c5033c281181197

SHA256
e70c751d73941ac1e8bcfd35ec6307cdb7bbef12bc0c2a6a1cd782639740a08d

SHA512
123be92c9374c89286091830f44aabcdcaa05973ad92dbc655203ccf0814a6131ab552e6982e58e030c7526205fabdbfe34a78745c05f358169136b27d24ec1a

Download Submit
C:\Config.Msi\e58b7ac.rbs

Filesize
1.0MB

MD5
6e249a3e9b8961d59bef663d5f7102c4

SHA1
cb9ff874d8015553d59e82e83395dd7496dde8d4

SHA256
86b308698d40cfd95d197fefce40148baf3dea6e95f31f48932ee4693ba10e62

SHA512
c4b09a60b220c44b9a23b983826028ff02c64c02c270b32f188d42f36f7355b4fb56069300b1aba49d703bb33a33506eebf3f3a2e83d1f734d662ad72a7553ee

Download Submit
C:\Config.Msi\e58b7b1.rbs

Filesize
40KB

MD5
c0989615d70eda4059b924471f769c61

SHA1
3be38a24331f950496a8d6fcf74c173daa96ba84

SHA256
71021ad978676ad1cbc6b2398b1f6ed7f98695506ed282bc3a01e13e2f5e27ad

SHA512
d863fbf984dba829b17a6e9d5fb68a1362fd7af934996773c56f32ef2841ad48d26115d22cb00620f9726e9a70523a5eaa9126912e7df42c5523252e666b0626

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
143KB

MD5
4209ac83bdc20a053470a48c3ce2719c

SHA1
9e8608f8a6cc1ee04f350f66b16f3481e81e9262

SHA256
c6e330c1e3895deab7b47b725822a4453e50dd0b79a148dceaf8ba3a749f8412

SHA512
944aabf043890cf92a05ba6641d77c8289639f0aab802f9d8c8a73fc18d8a94529a86ae1ec0ad70af3158cb6cf72835370d5695dd8ed7d42987af244521a164d

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\fr\System.CommandLine.resources.dll

Filesize
19KB

MD5
aa8eeb801d74a4e562fd8c044e03fa8c

SHA1
8653841bd62dc74f605f608ed8f354dd692faaa2

SHA256
7ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b

SHA512
388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\containerize\zh-Hant\System.CommandLine.resources.dll

Filesize
18KB

MD5
9101e8227a7ab83cafd27e4ec222ba10

SHA1
3a80807f7cd695bd9258eaaadf8b2d7dccefc125

SHA256
8508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e

SHA512
e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net472\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\it\System.CommandLine.resources.dll

Filesize
19KB

MD5
4e92ced559ff6f26d238fc5393dab39f

SHA1
400983302371c5a7ba38e3dba8fbc4c5f8192018

SHA256
37ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471

SHA512
0c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\ja\System.CommandLine.resources.dll

Filesize
19KB

MD5
5d26652b0f420ca6ba2bfa00b84eea38

SHA1
8dc1d2a7cb6b857344c120544f842fccdaa97e79

SHA256
654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c

SHA512
5e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\pt-BR\System.CommandLine.resources.dll

Filesize
18KB

MD5
c7f0f7e0a7562225d7b60b88459bde92

SHA1
96c432044ecf7d346e09c6c46f5ca163396d97f8

SHA256
516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353

SHA512
05cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Containers\tasks\net8.0\tr\System.CommandLine.resources.dll

Filesize
18KB

MD5
c9c8df325a05d227bc32a5d854713c4a

SHA1
cf9ea69ccebd1ef0bd46beff01254a02c5fb0131

SHA256
7a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf

SHA512
fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\de\System.CommandLine.resources.dll

Filesize
18KB

MD5
e771e643a2f47b5d527aa4dd1e857aed

SHA1
ddb6ebbdc354122989c67ed9cc2555da640b16e5

SHA256
8c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15

SHA512
14d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\ko\System.CommandLine.resources.dll

Filesize
19KB

MD5
ea1fc85ccabec5aa1ae22452afbafac1

SHA1
8ea9da27d9335f80c76867837688218b78311148

SHA256
f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483

SHA512
42a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\pl\System.CommandLine.resources.dll

Filesize
18KB

MD5
3f14df8e4be6100673090c43eb3c3476

SHA1
61c1e35aeb6cb477077416f050c344fb18f5f87b

SHA256
09eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2

SHA512
7988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-format\zh-Hans\System.CommandLine.resources.dll

Filesize
18KB

MD5
c182eebde556be386ca5b656974993fa

SHA1
864aab5c6e71bc3537612c2541e7737d02e6f4c0

SHA256
d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd

SHA512
3613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-user-secrets\8.0.6-servicing.24269.9\tools\net8.0\any\dotnet-user-secrets.runtimeconfig.json

Filesize
340B

MD5
db8f50afa10272bdd9c658a08ee151f6

SHA1
be0fb5b4d6a013e2a9f024a11a2e87e827bf6ea7

SHA256
9930b35481aeac719b7c7e90c5a3b55019be2017f11b0a1e83b4b3199f67e368

SHA512
4f237d5c266101e6f58073767bf02642f035271cb960297c693ab79a94792cf0a0f8364035c7a210ead4529976bd8634d11b7a9ef04f48a05ed8bb2225729d30

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Numerics.Vectors.dll

Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\cs\System.CommandLine.resources.dll

Filesize
18KB

MD5
2f679e46823cf54660405eda0dbf0842

SHA1
29fdcbd753e36022b6308425dad9323e5f3472fb

SHA256
6c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf

SHA512
f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\DotnetTools\dotnet-watch\8.0.302-servicing.24280.11\tools\net8.0\any\ru\System.CommandLine.resources.dll

Filesize
19KB

MD5
7717b3eae55b3ec74f40699c1b9896c0

SHA1
1483166af6059633de2e20545bc3f3cb6f035304

SHA256
8a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02

SHA512
c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
ff34978b62d5e0be84a895d9c30f99ae

SHA1
74dc07a8cccee0ca3bf5cf64320230ca1a37ad85

SHA256
80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc

SHA512
7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.Publish\tools\net472\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Encodings.Web.dll

Filesize
77KB

MD5
fa9d0d182c63c49a4c567f7c1652b6e6

SHA1
55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc

SHA256
e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84

SHA512
58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll

Filesize
627KB

MD5
63f1d0b53ce47b0ac3216281c8bcaf24

SHA1
090cb7392ed07a94d237b5aa2175689faaf49b7b

SHA256
de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb

SHA512
386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.ValueTuple.dll

Filesize
24KB

MD5
23ee4302e85013a1eb4324c414d561d5

SHA1
d1664731719e85aad7a2273685d77feb0204ec98

SHA256
e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

SHA512
6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.props

Filesize
295B

MD5
a5dcc9e5bf323d748b26652e11956905

SHA1
7f8c7a2523d1f4600e0f8bf347d10564cef36780

SHA256
2ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c

SHA512
79d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\Sdks\Microsoft.SourceLink.GitHub\buildMultiTargeting\Microsoft.SourceLink.GitHub.targets

Filesize
297B

MD5
5725a6d47308db618d015c3e55dd499c

SHA1
9b3e1ac8d62d522505f57fee89a249ac33325edd

SHA256
61af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1

SHA512
ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\TestHostNetFramework\testhost.net472.exe.config

Filesize
4KB

MD5
a22cdd3374234d3a50c2ace2dc33a63f

SHA1
d71bb2417cb805c3da21ebcc0e1ae5a102823c9b

SHA256
b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874

SHA512
71d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61

Download Submit
C:\Program Files\dotnet\sdk\8.0.302\es\System.CommandLine.resources.dll

Filesize
19KB

MD5
79e57433e70b5a0a300303dfc5d759b4

SHA1
cfe5862964f3b389cbac01e157e9ade0031e45ef

SHA256
b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8

SHA512
8f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4

Download Submit
C:\Users\Admin\.dotnet\TelemetryStorageService\20241017232626_0d86d537b8d043798793d470c0ca61e4.trn

Filesize
1KB

MD5
e5c37de90c0a2b797cd2c3fd5ca89184

SHA1
59daacd6eeb82d5b619f79e636a376e99d90e8a7

SHA256
eadf6787aab4c80499fac51d47b0f3847f983a15725af54d1b90275a69c5e635

SHA512
f909274c6082ae9a6285f86065932d116fd4ef587f682bf8caeb37649e36db4e371562150b0fbe93d3d54ad3bd26d4b1071be0a4a1ff0dd6a0366fe45f1a06d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
43KB

MD5
790c81db9bf945fc2a3a3912c2a5b6ae

SHA1
bcaeed70f5e969e369dd2303df53da089a81bb8b

SHA256
5dd15e15b2c3f3537c06e593e5700225dd28f13678e9649866c7d3c477efaba4

SHA512
7693db525ca06118bc1907e9962ba691f1973bf5639986cb303c03894440dfb9252a2e9633d5bfff58905f8b0fd9dd63d75b48991412ccc4f0277127a08365d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
50KB

MD5
258e004ecafda290f6007fbfcbefeac5

SHA1
ceb03d36597c7f77e68b4c85dc659678cebce4ac

SHA256
745bbee63267b68f0c10253ab0cb56e8e706ce1ad401e37ec0f198f0772211e8

SHA512
4af726fdc5a36e2f0a6b9ae30f54399e69051527a2a9732cd19115f08a5bb3db0d6473abcce2015bebcf2b3cc7e34585adc339a9b16de5d2f7abbbbac4aa9990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
96KB

MD5
b5d8704827f53ff77cd42bf8f2789bfa

SHA1
8a7050031717c09971a79de22806a80fa0c9a9f0

SHA256
3b4ed184f050bdc8ef0ec122531da9696e7c4d74379e685f589d0d823530ab45

SHA512
0d0997532c89d1f61da79f10caacf889d7dd12596e7ac4647516b0c96fe8620d6ffbb346217c1e505449732916c98f45fac2807ef41e57de27e7972a1b4803bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
22KB

MD5
8edeb5a220fe2ebde6e724ec46a47b01

SHA1
4cda11549a4866dda172d7e9eda415ce3f84fa3c

SHA256
25426e5097ffb53fe93f88b9e6fd457aece2c01ae06c9cc02aa6d0f59e04b7a3

SHA512
279187e4788378c7b27a7d606293622be31423a76a749d9ae03c2b359b91482f937c466b1288545f8d2251b8df306ada2c30ba5d1d186b63946aa42327000118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
21KB

MD5
365139c81098a7d1a09be5ad35636cc9

SHA1
1ea3cc8cd2e4af315129ad24f4788e7b5ae48b74

SHA256
a8afb3784cafc474c077c92a5e640ad01bb8b8ddfec1db4908e9291fa3d48ba1

SHA512
1934dff330d81f0b576522350f655bfcfb10d4dea9b23b4a0c7581ade4044d7c8a81e62caf5c3ab1009fc1bf99d083ddfdd2c1a17f748a1566320868db1516eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
22KB

MD5
cae0a3bff6c55245d9c41f31ffb59d80

SHA1
ebd40dab223720af9a3f7f6fd8a1d979a50ffa92

SHA256
0373c3d6ccd255a22794c4d134d7072a5eec32cd132571889538389959075abe

SHA512
f0fd812b0c5db1655a224729c1d2f8bca5dbd797f333ddeb4c8779a0c7db7e142f02bbbb209971ba324613bd6c467f2dde4f940c246236752cf47e9c53fc73e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
33KB

MD5
9125a181238c83258b9b850b9aa5e168

SHA1
1633b81f76ae2205a89da6a62b9f00eab393a442

SHA256
f1579b67aebe820fcc5e9644700f399da21aaf93fa1a355276fbc370ea2eedc2

SHA512
269b26b296be10f2271a13e438dfbea5556f2bc880fe5585f14c2987b243dbb2aba14975aab4047a87173afc6c6c772da8f15261eafb03be223279a1c4b097ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8876735a9d75d217dbd4e6445cebb3f0

SHA1
867f55a89598bd843dd62654bb81e8ea6104794f

SHA256
5f7750dea6309c29ac59d16a71ce2767d2b556ff6684aea92dbe2edc93718605

SHA512
5ed55ee586eef52b49cbb4f491628ecb28bace49043c13802b3f023309092a7bda4ef6c63084204b6e6ed8b18f90b5fb54cb41a2264cd3c15678b5ffd14361a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3067417f91e8985c02f7a3975f2725d0

SHA1
21c74eff74651f2d52216a8d8e64ffb72a06797e

SHA256
e7e95129b114440918d8d63072ab8a4b1e725cdb0607d649d27ab0799a74c563

SHA512
2c5929d959dfb159498bc8a021e3b244ed52a857c3993a1d305b58af6521273f3105e7d1d08698545c6c490726e94ff527b86ddc79d53cf264d51e19ca73a8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
82b75d29af4360714ff98a47dc03d89e

SHA1
84b8daa4d212636c3ddeff10ab8c7073b4fa4e52

SHA256
13df743be0e399361516281a2b48d650869030770e1e86071b352f600b3f5549

SHA512
7f02d125ffc75dfa7944550e7c2e573aa51a4d027effab7a2ca806c6551f43a2387d6eb1a81c450f16a75d680bea10504e748a43d5f326dab936d7040e11ef62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
34e2de786c4f0f908f319a938fc4638d

SHA1
a66b45189529ec6825c9c930808d6156e8e488d2

SHA256
0a77a2a792318de4e401fa0e1276247d0e2c9252c0928b0c787dd22ce2918883

SHA512
65296bec231f848a358b23910e823e8861f24df31abe8c0228a64a66f66ebc7a671f13ee851f27d489686cc5218b2eb92b785ec555fcec84f9d8b675580f9cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
089ef754676d96157749e188092574c5

SHA1
e5eaf43ba884eafd6d46d2da31ebb77f51eaae79

SHA256
b093e660c55afd9073646e07b4e74ab80738e3fee067edd0db5452903354096f

SHA512
d9b95bc05f762bd029f6abb14be37e3a456630045fc9befd052d17656da66dba5b498bd0dea67d5d6041a98c4b073cea7a3c72cb61ae98adabfd66aadbe4d0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c8cd3248cba894d7caebcfe6cc379230

SHA1
cb3a74f047667f8e97370f47de1024fc61067ac7

SHA256
6e1a38dea85b205f80a17934961198f493452e7f780e3c51140349fd1a666f20

SHA512
cb19be455a2305de55da7d0e1d08a22181f44308143b2c3e00b70486b7ac0ae5a22d68b04a5b717968d4d273ba7bcf978d4c3623b043ae21a3a9e2a7f6f979a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
334bb5c24c1194203602da7ddb57b562

SHA1
c7c29322dfcce173d972cc6ab30f96ae034161df

SHA256
5e8d11c114b2f07ee06051ec49a5f22d4866e32f60145ab0228419eedeb80553

SHA512
0242821e9c1e1f4abd6a15a58799aa1825a366117b2c66c92cf18a1d69f2f7ad0c010cb3be4145cf584006667fb2833607c9cc3eb8122319b3f891b89d71e5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ca4ac939ba0c23708df3aa2a6bdf1ff1

SHA1
267a450e4047e5b211924927edd9c7159555f7b6

SHA256
5194b9f45e9e36c443183b4d4e9ac8744c09816ae28752844770664b664db351

SHA512
7cffea466533f3fc8753b0f49c124f4391a9173c71a048d7878785947c426dd3e25ad677107061752132541d19177f83799b2c06b04ef45dd055cd9a00bab463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f405ac4fa6c96493744daa4d96798e55

SHA1
2cf27a851c514d61034facb0ca2f4959d4fe6b64

SHA256
e96c958b42c7ec349949e2fa803945adc66136c90d01fc8cd086fa4a12014bc1

SHA512
f6ede6fdd1c61404bb1c9e5c4d6a5d8683f8a90513880270d73248b04206a0c46e40da2e3bf1826e47ea839b72eb5a3c27af7263faecf2b5a54f508e0089517f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
71fafaaa00ee4d7dda829d3344dfe5e4

SHA1
70aba1c1e121568e9a112727e2b5a8783678ce1d

SHA256
fbfb17b7c771c3e99080b47364e2965320de679225590b34a0fcd4cfca724af1

SHA512
5abb5d4be39833b0130aee3aeb7d923a8d9f00e5e33a660620634a2bb0fa66a6bd16f95874144404d892027d6a9ff68db58d05f3df2d23cfe840ab1de336b599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f8c9bc73ac301de836aea4a30e9604e

SHA1
3294e89c4616af0824d312d55cb588ffeb0ae80c

SHA256
16949a619d57d02d1e79cc6b6ec2e420838257097e0727169de73981240c4f6b

SHA512
94f311f3a6601452602a3b61b9720cce236440c5deb4149d001a948a8a58593ce5f85b769b47c04b105b9fa7bc230699bc577cd7751f9a5f2991d521d8feaee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55027936d8acd5dbca73b5d6262ef318

SHA1
9fad0cfadbaa63017f5e99ed637dbd69e4fa8991

SHA256
7846fddcda744874f35d9c051fa82f5fc4c997aa979a37f9d30ff4e0fa043070

SHA512
19888a102409664385ba3314c0d1cf84880568b141156639dfeca2b5047ec3fd955a356b767c0e119ddb5c7d4db394f4faf99d623148ad61904fb399361ec799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7ad20c2d7092e47ee95f352aaec64af1

SHA1
b1741b5f08a9ea2d3d2b8ced318f9a64331c693a

SHA256
75b7c4a3702e0484b3c55ee81240578827896634a25fc913b36ea13dc6b849f1

SHA512
7c36fb75ae421fa0553ca7cdb2dd9189f5b7a7927f5edcc12cb1c83808e6910e7c49284448dc23db0f933bd088738074033785d55f0abf63ca4d0dd3367b6e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6081ee87b6eb16d8c4a1ccdca65a713c

SHA1
c9dd48be66c70122f8d5bdca4872a44ab54dea36

SHA256
0954f0f4d883866bd70175fc86ef441ba51c0f9fdbba64ac4bf3dbb48c8e5a7a

SHA512
3970cd4af3480c8a9413f2082a9ec00594fd014310d4529f80a28547dec027bf1ec56fd9422395f01f932f8ffe7f67e824fbac0ba639919797e4183453db5f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
65707876aa8f17a741aa92cfd6d60116

SHA1
d6f57595f9c93faf893abe47d0ad1ab909b287c8

SHA256
db4564403d4b8124f62969d07f10e793a4f746722ed11b17dbc6cf392af97bc4

SHA512
446f9f303e4c3c8a166ed6eba60d5f56effd167b6253cc33ab0c96fbb54c72fea94ff6749f7efcd2f806fc04e4b5c6670ed781152195186ec481adfa249580b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b1338200612f1d1e2b65c8b4f185d8d7

SHA1
64198c7f05a0082022448bcb820ab6f26dd45fe8

SHA256
e3eb05b4dc56ec326217cd5bbc571ab6c6397dfb912f7b74add13dc15f14245c

SHA512
45d6fc39c67fa90889764bbb9ea1bb69a4b5465b34fb75dc088ae293fd5129ee6d34add918515d97a6c773b5c76a8d2f3bd33a919d957f433bf38c7ab65b3ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5fb96bbd446d157c791c103ba087104f

SHA1
c25ba973655f523b6ff4ba4a620084c6d0fd432f

SHA256
b4d5284762fb235cdeccaac6536f77c46f98d81186b0267e48cac7037b5613c8

SHA512
073ed56856c69bf91898bbe754084b6f8e2f9c9a6625ae56c7a5cbae48a4e67ec8a913d1dc3557350ccf437f7bef0dce4013a6a32cb0e02af0237813de1b96f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d90cab5a5cc1831f3885d725da5a1346

SHA1
6d90b644cbb47c9a10ff6cf8588c41931ab111ff

SHA256
83bdb452a1b346d8b45ca23423a0f1b234decb3d16163505518d57e16b70ce43

SHA512
a49eff6bbb1a26b8b8d6e779213d95e98e8b0f0f43a08a721a025b4f7bc7667913881f2bb067ac8557ef93da98e3289612ee2f2bf6850cd62d819ea2467921ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa1319ea7b600c5284b040a2692f1dc8

SHA1
db4169b12ae26ed9de8ffd0739e41fab9ca7528c

SHA256
6c18db5e6163d1b78c41dc07696724ba9d3c62d6bd0d7e877702b2d7332e533d

SHA512
9e3f6252fca0cf7f2b3e291097ee6fb94ae589cda19794dc2084c3255fa7e9561b059cf57aee5ffb0ff2b82e2fe587eb56c274e3b006ea11548de2b3a3b37c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
414150f33336fa6a679a400b2e2ac7a8

SHA1
3b699181e640e4fbedc92df9ad6ca352f7e94adf

SHA256
8bf7ed7be7f9585f566acca2c215e924f8ecd085d36fe15e561e0820531ed600

SHA512
3989b17ce0ea032e35cfcd94e0c2d4bbaadb5f74f030ed4a30aeecce4f856fcd5485aeaea080acb17aea875c702818e0cbe1b618f43a7b60c20f12e95e164e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8273a46526064ad7f50a4ced880a9bb5

SHA1
08a95a15c6376e78e1103fdee7e15030fd70f910

SHA256
a7cf4f67c74ac66ccf77b1706e76d21014279b840631189d887db17ac4eb916f

SHA512
edc965252bed5e90874727d364071fb0a993bf257c9d88ba2fbaab4019949e04cd2b96d112c5a8007e963efd0bc0e3a69010a3a4a515b54ce06930be9d95e313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
12cdfd6e1c53601e2b10756b4ea7dc04

SHA1
9f769ba91a2d6ddcfd3cd59b598df449f1690ff4

SHA256
57cffa82177fe6e5f724f672a5c1ef38dab1a27c026639ec781600e0fbb84119

SHA512
4e49c4935015f1a4a167df2daad5d4457eec184e2e2e99d6c559394c6c9a5e49e4e855db572d99c69770296ee8d078a9282d2459e220a34e2d980960aeb1dca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58967e.TMP

Filesize
536B

MD5
933c54c820182a1267e748bfb94c805c

SHA1
ae5d4e01720002f4a290635f7051bca5d82745dd

SHA256
49c09ca9eabdb479f2bbf76ff51768473ea82560a81a0c2a9604bed80e894f89

SHA512
c52ec7e189488bda785babf0bd84c782ea16285df5fc6ebf34264627658eff3bedf506c49c3296a3e082652bc6b8151c08a2cee20d34a85f5ef273d305ebdfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0410c9a371938e401e0d74a0e1b19d84

SHA1
18204a66d1f2fd0c5a52b72eea24a5fc4cdf48d3

SHA256
fa6ea2dad71d096f9d812e75ec5d70a9c8e5c6f464c6654b51a0f961f9a3f041

SHA512
3293a0a3cc7123cefe9c403dc633977972b833a93760000bdba681d836789a30c24d712e8524f22d529565137d766c5ca748532a24526bc6dac350fa2a9dc439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37de2ecf0e4c2e7411353314274630ba

SHA1
a8ed923069502697185dcc1dabc3cb6953b2dbd3

SHA256
db08b983f7732408fd187a025ddca79aa28447867efd9a454a7209d46838e88c

SHA512
d929440ed7f715d330f37e67dcd407deb09ad31b7fc3099e9b52d72e0abc2492fc12fb4294036beb5a8d6e676cf2c92be43747d55025aad626565463a5ea7573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9462ebadd106053695376f1466d2288

SHA1
9eb755f0174ca3c2178c9f19f53b4dcb9d6b6b72

SHA256
32ed736257912ea9653a3c873201ab336a604b2805ab96ac7a82478650c48f2b

SHA512
9a9243532df376828068d4aac97fd3ee6417ab9adb4792580584235ee05e37a404552ec39463c628a158a9faaf2f32b79ab268ccb0ec21905e3842579e2fa7fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.302_(x64)_20241017232527_000_dotnet_runtime_8.0.6_win_x64.msi.log

Filesize
3KB

MD5
d089c5af6e62f78babb7d6b82da44b4e

SHA1
4cd50e96b823647163b2997693b4f5c85d646fd8

SHA256
5a414c023b4dd77172bfb344013dab94ff97d117680c4dd4e12d71e584c0a2c4

SHA512
cd479e7b17ea58645993e4e92280e79a1d7c4bf0ef971ae294f0c058500be06fdb28c8dca94dd144e9d61c025622f03b7b972966b637238bd6d8e8ef57198d0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
d84208e7b4a94749a1cc419b92d82155

SHA1
9648b31867093e57144bf6894b0d319c7aeb7132

SHA256
dc020dda238ad977974d83ffd09b6fdab8f207c4082e890acad0e5c51c625012

SHA512
386b338eab1e422476f24a37f915c15c6d40742b78d8d0c68a867a895d5eaa65c13cacdc1a9cb7b3a8e27bf83c8479cad6fee70beb3a8fcd865ea68fc8ba76dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
49503a109c797630fc5bad66a9f4704c

SHA1
9977a13b39dfb43a81b2bf3597803fe8d85a8c6f

SHA256
9fe45912c5f9469ca01a9f2321517ad7f91aafc2dabfca2ce646aa4331593df1

SHA512
a8ee1143e408cfb590e2996192cf86161e2363d0d903a84ad3861d996e943b9b289cffa74a9a90798bb7115de85ae57ec84905ca6c25375d10f5746c8e93a390

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
07078161ba1bd59e0ad163db07f79135

SHA1
927c28d07bc4b9be475cacbed5ceadc83767b7ba

SHA256
e8e9621e837108fcc6c861b49594ee7c30bd74903405f5189748d44c203306a9

SHA512
6422cf210089912d542e0a632fd781dd9a3aa8489d27b73e10436831837aa3cd609db5332738151420edd4c2d1df15d203ff6d5dc3384a3fc2f3b4c83fe3bce8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
2ba71a145a8e40a7c3c63170fd9b2332

SHA1
7a08dbd8f7458a0aeffa2db43320f005c89e50fc

SHA256
60e7e78af5a92be9ad3369ea2096c235455be94848851b38f260a8cfbf5d7f58

SHA512
63d51ec4b9913701e2550c2d57f535c1ccb80d4c3dca6f315d19561a608b7e4e4002f8e25f321cef8429ab2a2d4acd95e87803927bb26f3c0e4e2acc9700bc26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
af84a549749e3b56c53bca8a20758044

SHA1
fb07a2c33786d25b298b0d9e7ad33886e5de0b4c

SHA256
dbdaa25de46433f5d79cf90da773042bf8cce5fdad3e919ed3305af6307e053b

SHA512
5a0b2e9c019baa3c8197da3fa0bd238e9c78f677988030b80bc6c0f4fc13fa7c10ee8b83180336ef93dda513e878b067bb238403133ff8b8724833d0b5446d99

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
cdaaa381eef6b9d50bfa82cf07f6ced9

SHA1
856068c59744962999097635cb4439ff88b36177

SHA256
ac155c0de4bff38a3202220d0e805a9ecfda02b296405981361f9c91ce5361da

SHA512
c7f87b545679a08057082628d900ef6fd6d9b7bb9011a1447dcc705006b09b70a256c2cdab556353a68d73abd2088e861051ea870f17487c9b07dd79b9bcd292

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
e4448b2a8da39471bb35700eb73bc3f6

SHA1
e3b1558651e7bb794277804bcac55d6e7110bcb8

SHA256
553a616fcc4e634ffa219b47442686e1a00ddcae6a6578b5709f596d8109975c

SHA512
01bf2e2f940361a9ccc396c003f4c10761a8ed95066309bdc6f5482e53d6e74f168e08d11660d68ba90cf7df5a44922b6703301b502f7f5bded75e982f081ada

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
b1fccc05c4b9f24c06398deec7b99fd6

SHA1
bb9f3fc9a55de401bb74f00363f5ad86c528a35d

SHA256
166348508df1a6b20e9a5c456e8f3fe5172b96d784b67beadec0af1b168c1019

SHA512
51669c26e19b7e5435dd1c87c4ff8954933012c932323b6889bf794340fea0df25982ddec2a753de8d7bb760be94f2a79a3a481ef20a1f00ac0ead7e18a13f4e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms

Filesize
9KB

MD5
d3c52016f91b8a9f06158e2f3f7726ba

SHA1
53945b7f22084d701097f146a0269d3825533721

SHA256
ea6b2c2c061969cc5c20e769448aadda4b570ac68c0116e7f3fb8c41895e264e

SHA512
52ccd2528eb174a45c7ce5d1602f6fffba62f9144aba3dad08ee250958e1f0c22df5bfaa1b6d31edc35444dd5458a50bb34479c2d817b578a82240cce92bd222

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\ChimpChompV2.apk\res\mipmap-xxxhdpi\app_icon_round.png

Filesize
34KB

MD5
eef471d2ed4a0bfd623a6e8cfdb26ef4

SHA1
f1f2aa8b147b720cee21439e6e365705498237da

SHA256
43cbdb187726c52d553fb7e3ca6dff1440c8abe98d904825385072c87ab848cc

SHA512
4daf79a1f61cc4e4ccca96cc26e1b1d30de0ab049ec6cbb6cdc273c33686e93ab9f2bd66e1ab78a2ebbcb2cdbbaf53e5ac51d98ac977f88b88cb7cfd1127a50d

Download Submit
C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\1 - Decompiled\ChimpChompV2.apk\smali\bitter\jnibridge\test.1

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 332299.crdownload

Filesize
20.8MB

MD5
1e005973da05e0682767b687e3501f58

SHA1
439cc1f781dd48f3a771eafec1fd1661f52b57a0

SHA256
6c5a7fb80b7a7c6433d69a6d2fd37fa4d42e97a9ca01b7ccaf4412d5f3c9aef6

SHA512
e5315da2609e163f2dd28976f4295ff081a1069256d901c368042342ffbe1cb6be1ad205fa45b8fbe28ea73c7200c039b06e0c4efd53cef55bf05048c3340885

Download Submit
C:\Users\Admin\Downloads\dotnet-sdk-8.0.302-win-x64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSI1B92.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIBACF.tmp

Filesize
244KB

MD5
60e8c139e673b9eb49dc83718278bc88

SHA1
00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

SHA256
b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

SHA512
ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

Download Submit
C:\Windows\Temp\{1D37A76F-D192-426A-9099-326AC1B4722B}\.cr\dotnet-sdk-8.0.302-win-x64.exe

Filesize
638KB

MD5
17d65c997840d353675b0a994998108d

SHA1
3bad1ce7d70b0858e0d15663c9bc20554e394986

SHA256
73566ff17c61e86a5b4665301e6c50f50fbd645ba5536a80a50424d209be3599

SHA512
cc367dc1a62379e0e50a0a67b6840debd049a4c20c029929795ad23bcb048b7194e0eedfa6fdad56b2f28d90ebb31616918f932f5b8a43bda24e11d62e7d7305

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\.ba\wixstdba.dll

Filesize
215KB

MD5
f68f43f809840328f4e993a54b0d5e62

SHA1
01da48ce6c81df4835b4c2eca7e1d447be893d39

SHA256
e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

SHA512
a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\AspNetCoreSharedFramework_x64

Filesize
9.8MB

MD5
95ef87ddde1ab91572fad2b265a1c0d7

SHA1
6ce9eec5c6dba24233f29cc790e7578e49ec6a73

SHA256
ad640d7c9a7acce17f117607b6bbff38d4d1bc4e90b8f08fe9541fcfc12f5ead

SHA512
30c796bac647b2999e354be1c4db0cf95958a97881030ced6631101c75fa6d4ddf3b60a3c40e92e61a78ad53bb8f2093786026ad857ec0a5c2365dd0e7210d5a

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\Finalizer

Filesize
170KB

MD5
38f91969ff82209c624d004795e14066

SHA1
786c2aa3ca0b2f9845e377b480dc9cb06045dc70

SHA256
da912e5cb5b749cd65b67c650808400db80a3401b32dae74c3561d034e4e2cce

SHA512
f597c1066d8296a8812531e24d8d9614f0db4136f30e941d0526ff62da319c16db88476492d2584827c6d3f5ecd73533b5ea74a110d63ce5b1edcc9dd0784a9f

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_073381c43cf5ab5d4fa3e9357dd1816b_x64.msi

Filesize
700KB

MD5
96b23e90c7b260b0bc225eb46112dd89

SHA1
d18f8448eccfc015ea1790b7a7878eae1bae2017

SHA256
6a111a612d2b142366de6d01024dd0b7fbf6a4334d3248b191826d6c1bfd24ac

SHA512
3d270e36c167d8b34015fc1ead34e4e897935d626d1b0bb4717715c23ffce2a25d1e39217282f1d8c0ea268edc6ac91e5cc81f4cb43a8a176ba1a1af93f1c677

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_24bb901c0e890ef24f6b95928cd093a1_x64.msi

Filesize
648KB

MD5
f5c5c65c03e48769ab71f5054b6ed9f9

SHA1
3948606a54bd24bb9e20f390a499e03d6157b1f8

SHA256
d0e10bac765bc6526d46fbecb97b752903682cf7641a97688f9f77b208aff130

SHA512
2c8bd3ec3269afeb8ba16d4f1e8acca46987f1e817df293f6cfa869d27141b8e4632c9c1f217b8a1c7c65db50cb26db139c2f80f556d6bd96d323f3f0619cb25

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_28c86dc0e8d71959057ea0317b3698a3_x64.msi

Filesize
648KB

MD5
3ea7f9002dc67772f53cab2171f5c0fe

SHA1
a3415d16bc84f975fff7e1427029866f4e9da7b8

SHA256
cf4841ed6b2f95cc994246506264bb60afc00ae837e5636df2263cc1ea6c364d

SHA512
0f8f9ecacd29ffba5315797db55e3ac8f290d6e22a0220ce7a6ed662ef8b90e33ef3e948cdf04cd8d038da9c051ee54a7ccd04a07fa530ab8feac976744233db

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_4ab27be2a7a2a677d46caf9075f2248d_x64.msi

Filesize
648KB

MD5
043477632dc8a78db563f39808264315

SHA1
42642bd4d14a4714afdff95c0b8910e08e5af350

SHA256
bd1a3fe5d32f845430d425c8218f1c127d6334c25de2786977424fc59a8c7163

SHA512
b06a27256f39dc540db982dc0ec214c6cb42b19229da6f1074d3b2fb9a67c402f41c66af3e43addf7207ece6fd6019e62186d9b8fcffc441a1f3a1aefcb7e87d

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_52d468f3224e514f3964b48abe836c29_x64.msi

Filesize
700KB

MD5
93f12ebeb78876d3386dddbcea0e2846

SHA1
973de785119411c3d45b34a62c0b85db897c0d65

SHA256
88b19aa8af5fc71556b578211aa637e7d2139bc2dc1f3bd9eb66a032946b4074

SHA512
f36ffec07ac266559a1c5e7927332472434e8f05f6e480f7649d94fbf6833a8140e5510f7cceb0c3dfa1d50af7f86c6b5094b0a7869dad25ab9c6ae3b8fe1e9c

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_6a55c381d23e05b5316a8c8af0362e46_x64.msi

Filesize
704KB

MD5
593726de1b2a5b05a88360f8a62a4971

SHA1
d8308d379833b9abada09fe1d1cd04265ef97b6b

SHA256
48a51a4ba3edd65b639c765c09529b2967cfcbd64d9e2217213c7d5a5ac4cf88

SHA512
e517208e8e313ba1b4d41d608ff27aeb298ad9b04df3f260d019f154e8387cee7a8184a88a7159924d67a08b2f804b8697be233f2f384068a6d44382d6c570c7

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\_729ebc3a4ae248c9d9e33c8304329ec3_x64.msi

Filesize
648KB

MD5
3801694882b645f99e409ab40b37a787

SHA1
303d8a132acff48e35335e65da1a54d82a5c4e03

SHA256
8641c05892b76e51902b39f0af3fd0e778113873561aca8d9be6fd333885ecab

SHA512
64783692bcfb10cff3bdeb9b1a97877becdbf2fc9eca16ff504bc24d1fa97c22e2b8edcbf74084c17c557110b40b24ecbe277d3a63b466f66581836ae0204844

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\aspnetcore_targeting_pack_8.0.6_servicing.24269.9_win_x64.msi

Filesize
3.1MB

MD5
51bec6387c22427585a773064a181c1d

SHA1
7ea6f55eb5f2daf71b10e591dd791135d18aa82e

SHA256
b01f14d91ad145f524f402d6c583e521b7c57a52b6d7efb0b8131ef4b042fcec

SHA512
3c90b32fb79ef44b63117b64426da1bf337ff9910cf224fd26a75f3daa1159b0f87cf33ad760ee2055990b189aa500b657cf5458a01118bf71a28afea1e0ddee

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\c8fa2e96c6fa2d195842726f9cbe7f84_x64.msi

Filesize
704KB

MD5
1eeeb1e8883b70bde6b49aeaaf1ae2c0

SHA1
fc4a18f57da039b9f95eb09f032a0c6906deb035

SHA256
a9741c36369261c31e0090b372e793389e953f3ef4d05e8b0c54dd90bc6c2d81

SHA512
1fda0f6df8a31d48aea5874f500fc46228ba55be7914e3bcec57633106b5465d9f2cd920388a64b4b04778f676188b3e4b7667f56c8bb113b080989356f12977

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\c94190691e95867cab8cf374565fa2bb_x64.msi

Filesize
708KB

MD5
d130360d3c20242322e85cf1ea7d80df

SHA1
923ad5b3d07d1d8fc37026a19d3ee9550cd3a514

SHA256
02bc7b1cde3de9a7d83b60ceeffded48609b07e07db1f937ad597e033fc54ed3

SHA512
daa149dca964cd5aa18c6e7cc551d916342d2dbf11272b15e09b911306bc2267ac6fc243901ba8b288af2eca161af74e4dfa89ab8b0c32bd405f02902072e709

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\d97ba7bc692c3aa9a96c291f6e2efe41_x64.msi

Filesize
700KB

MD5
8da4b8b79b3294b765787b84af3907ce

SHA1
fb931a390dcf4564de5e78b19ca1fc51e317db0c

SHA256
101ff270a0f617bf9bc0654b7033816094c447e64d4ac28bfb5ebd1d05a7b35a

SHA512
b2f309d7e9503e37d7d061983629469b12525ccc9cc4a6d963d8b7021a93f436c11106528215c984407e8c0e3d3589582ca45acb71e9e8a37624fa93407b4de1

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_80templates_8.0.302_servicing.24280.2_win_x64.msi

Filesize
2.8MB

MD5
530cdc2131a73274841b3b252c4f25c5

SHA1
f94d26a2b5e25553f45606195e36602f99d9fd16

SHA256
6dbff1653d21d8a5abac7810e3633b19ff79c17c65b3ed923c956d94bae6911c

SHA512
bba32fc50ac3240f84f723610978c26ed721d9aa53120d0490c1c2c7a132afecae934a8d880af927ad0012e9d3bf3b51a74c84ff4995678fe317c351b6bc4121

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_apphost_pack_8.0.6_win_x64.msi

Filesize
4.6MB

MD5
3a859c59aff2bf33f8e2d9c0db02896d

SHA1
9a7b6c27076a7ca196937664ede41dc53340d823

SHA256
c1756025a4bbd7f6c0004c29c700c88c1e1f3b2c0d705ec210ec0e75d23596cb

SHA512
9680b79a079a59db8a30ec2eb8f122e7302a70f2099819802e0efe288661166dc2f587f7be68e8b9cf2a94fde7415e5d3d13b87b713a6e5e300f622c56b3f8c1

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_apphost_pack_8.0.6_win_x64_arm64.msi

Filesize
4.3MB

MD5
44fb621ea4f6a6928e727b327b89e6f2

SHA1
dbf48dbbd16b20b1bf1e7bad2e5379068abd3ba3

SHA256
d66f8bf0592028ee30749a6a76ebde5faeaca99672fd853993f906b7da0618f3

SHA512
656c8e8b882a53990a47141e7ea9a417b6bb9fadcb36865e59c2ea127da9daf1341316ed8a2ac9e0bc121b6a08bb8e1e61672ac45d7919ff32aad10794fabd63

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_apphost_pack_8.0.6_win_x64_x86.msi

Filesize
4.0MB

MD5
665944ffd740fd6a3be01598a10ef391

SHA1
622ceedccb1a06595ef2bba2d199571dfaba2f0a

SHA256
f0b811f806869beaa54e84c898cb80fd5ec20efe613b6b6b3f8f1a9b1bd558a9

SHA512
4c5dc8113a968ef81377ad04a2c8fc991d9ea76afe5a2afd200a7953ecf40cdc75c83a3b3a6e792b56e63f57a4e5e8fc071df5613733a3548d4804b6137bfdab

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_host_8.0.6_win_x64.msi

Filesize
780KB

MD5
98b6ac90f0e0a7f43e3c88f9099ad70c

SHA1
564ee5e09f06404a37c9ef685f2336e5d86a44f7

SHA256
cdb9f64aa7845a05713ba42ece610a18c3db1aeb9b11dd33d8ad010c2c0fbd8d

SHA512
5feeebaa78617f46b424c4e3e17ff9ea65ec226c8e0a79d8434df3d92aa9e131f96909a64956569c36e1d23f0b9b2c6abb245ca3c89ce3c07b7c93d149028cdd

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_hostfxr_8.0.6_win_x64.msi

Filesize
848KB

MD5
357c01acfdb40c0d8fe9be487170da5d

SHA1
eeaf7b56b79013f8ddb1b9d90421f2e03378d81b

SHA256
4952b61ca4cd19c4690a24f30f1f437cb416d06756330345e3fa821b9b90f44f

SHA512
152556764f958e8c3a9096e0e87ce4893ff93358be279a9a2ad9ada58f011a99a7fd4342ab0685998b0e90673a341e02fb18bc92d8ce0d5dcf7156eb70c4aec7

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_runtime_8.0.6_win_x64.msi

Filesize
26.2MB

MD5
9616c0869dffc30a2923a890d8b14a67

SHA1
174affdbc38a3c7fc15e48528c80e7168d228be0

SHA256
5b58566f0b0520d92aa9fbe75b75d6942bf1cf012d80c44d3af96ded3824c3d4

SHA512
d5252b4a86a674fcf460a65223dd3261816b6e7865f7b6c1f387b682090e8e6f92601e7b67cff57856b52c086add10e4d55189451ef26829f2a256ba621bcf24

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\dotnet_targeting_pack_8.0.6_win_x64.msi

Filesize
4.7MB

MD5
a9e3c7716c12c4137e7798386dc7b1f7

SHA1
83645f19a7cab29f798746cb35588e4c24a19ed0

SHA256
16aeddf4eb276de2c49c9f7e304b8d1fe3e423e42d90a9c92416f91dc0e95240

SHA512
28b010688ff10987d586c6827702e93881a2ea26100e5ac7ad4884ece0c539f52654f06468619461775797372b8a0a2fad72a3dabc7d135a55ff3896caeef0fb

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\ef05a2a0a7cab4628b9a106ebdf303e5_x64.msi

Filesize
648KB

MD5
29f7392910c762efe35b377a04a597f2

SHA1
2d27b60016c73ba78c21cb855dc4bd36eb4a6863

SHA256
bdff5aaf36e5bb360544eb9ab5215349b4382eb7a85b635071696d190cd5a88f

SHA512
e559853fd522fc78ffb7c7d487eb28101320970087cab18cda659866584567e20300aa4b85b33176f3cb7f8519b45aa7c6645c993eeaf7c411f67448ee466afd

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\f0a38d69b91da2c9cf4812140d614380_x64.msi

Filesize
648KB

MD5
cfc309a4204e3f624713dc31bec04f40

SHA1
01db09bcd7a646d119f04fd32b41bb1bf3a1c585

SHA256
6a7fe022da4fd9d66caa8bf8d06bb546ab1d160ad274b862d45ead2789ee46a7

SHA512
29fe7b0ad2ffc1d317a926ab67522343691d54e58e191b7f873d99c479ac3f36399d42a6c42f7c5214832fd1eba2430a50b2b99c53a4a9e38288d46b1e9c381a

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\fbafa6938113eb2095e12092037bd5fe_x64.msi

Filesize
648KB

MD5
79b89c50d6dc299c4af693e27faa94a9

SHA1
acbef7065445072ecf8b39308a82da9b17b7d8de

SHA256
ba396a1b1f20b91da0cd7f028d123510715737f50adcff9aac9e489c43a4beab

SHA512
b470e36dc77d085b4d18b654b61e97cdb76578b4ebdb9994465a8ef0deee1f6fb63f95a930d8b78d5159c1857e02736da733d42c2de3f5cc76e0c65f8d742f0d

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\netstandard_targeting_pack_2.1.0_win_x64.msi

Filesize
2.2MB

MD5
8362325b2e5c9644bd465f6e09cf9d30

SHA1
e3798d259fb08300fd75819e2a5e88ae0626fc5f

SHA256
72417b4ab38e548714fa1113ac629bb7c1fa1c11e6002a87ae2d7361cfe71456

SHA512
de2134e22341e63496f3173ae390b28d6d6ee0f17145584c372a65e295c222035aed0839ac70c55c91c7bad1b9503b6c7b88614ff3c3dfd025cf11c49bd8d4f8

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\windowsdesktop_runtime_8.0.6_win_x64.msi

Filesize
29.3MB

MD5
7f7a2c9903b501e6be319643903bd746

SHA1
a9701397d76ad81cb24ab9839c1f6a55fe6c53f8

SHA256
fc0dd518f516da1c1d23a7bf46872a36e2010fd34f5e1218d1bbc13982e5ce8f

SHA512
eacb67d3cb534bb87d34f57049592f164e26f3669317e0524e0ae784bb4414e63ffbde24d82a8971629c203e689a64e15631f62754feae1ad65718d772d660b2

Download Submit
C:\Windows\Temp\{F7545B38-4259-4C96-8000-5775E9D23504}\windowsdesktop_targeting_pack_8.0.6_win_x64.msi

Filesize
3.7MB

MD5
3497d3c2eee3fa306123f21e9e0bfef9

SHA1
6ea031f3890cb2fc7c66c865acd33ef48532411a

SHA256
fb02994080471ff89ce238e279e86cde7180253cbb261886744d9e118916cb33

SHA512
bab4ae91fc2845fe058e8be728a46ce7192f261d70135ead064c86cae56aa1b59efd44b1299ed4de0b7b72da62ec5d1b7cf707070b4dbe8ef76852c92837a9e0

Download Submit
memory/1524-7133-0x0000020AD5810000-0x0000020AD5811000-memory.dmp

Filesize
4KB

Download
memory/2780-7956-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7658-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7994-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7993-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7968-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7180-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7181-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7967-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7194-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7962-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-7957-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2780-6959-0x0000000000400000-0x00000000009C2000-memory.dmp

Filesize
5.8MB

Download
memory/2788-7955-0x000002A1EAAB0000-0x000002A1EAAB1000-memory.dmp

Filesize
4KB

Download
memory/2788-7562-0x000002A1EAAB0000-0x000002A1EAAB1000-memory.dmp

Filesize
4KB

Download
memory/2788-7281-0x000002A1EAAB0000-0x000002A1EAAB1000-memory.dmp

Filesize
4KB

Download
memory/2788-7943-0x000002A1EAAB0000-0x000002A1EAAB1000-memory.dmp

Filesize
4KB

Download
memory/2788-7205-0x000002A1EAAB0000-0x000002A1EAAB1000-memory.dmp

Filesize
4KB

Download
memory/3168-7073-0x0000022A77940000-0x0000022A77941000-memory.dmp

Filesize
4KB

Download
memory/3620-7122-0x0000024DC0EA0000-0x0000024DC0EA1000-memory.dmp

Filesize
4KB

Download
memory/4068-7100-0x00000286C3E10000-0x00000286C3E11000-memory.dmp

Filesize
4KB

Download
memory/4068-7097-0x00000286C3E10000-0x00000286C3E11000-memory.dmp

Filesize
4KB

Download
memory/5576-7111-0x0000024C109F0000-0x0000024C109F1000-memory.dmp

Filesize
4KB

Download
memory/5968-7084-0x00000249BFB70000-0x00000249BFB71000-memory.dmp

Filesize
4KB

Download
memory/5968-7086-0x00000249BFB70000-0x00000249BFB71000-memory.dmp

Filesize
4KB

Download