Analysis
-
max time kernel
329s -
max time network
335s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
notepadd++.exe
Resource
win10v2004-20241007-en
General
-
Target
notepadd++.exe
-
Size
141.8MB
-
MD5
a0d384443e1b371533b9ec36f8560059
-
SHA1
fa1dd276a343015d86e1b5307f3c8940648a3fe8
-
SHA256
33831a79387cf9f8ceae5481eb2f69b15b43be49ec2ab4ba50a0f0efcb009bcd
-
SHA512
2271227cb2e07d00f352f90f674eaed7972575f1c061ef00620dcdf2ef4c913561fab5690d7bde688b3751f3c56ba011dac7d80bd2b195316148ce8454fc05ce
-
SSDEEP
786432:OW2CyJfgreBVNrPVsWN3KPqiVZb6Sc8CjWi3HTK6aTtLwSTRpf4P1wT1wim:Oz1grOVNBsTVZb6ii3H2rm
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation dotnet-sdk-8.0.403-win-x64.exe -
Executes dropped EXE 4 IoCs
pid Process 1060 dotnet-sdk-8.0.403-win-x64.exe 4948 dotnet-sdk-8.0.403-win-x64.exe 1072 dotnet-sdk-8.0.403-win-x64.exe 4972 dotnet.exe -
Loads dropped DLL 64 IoCs
pid Process 4948 dotnet-sdk-8.0.403-win-x64.exe 992 MsiExec.exe 992 MsiExec.exe 4940 MsiExec.exe 4940 MsiExec.exe 4928 MsiExec.exe 4928 MsiExec.exe 4928 MsiExec.exe 4928 MsiExec.exe 3456 MsiExec.exe 3456 MsiExec.exe 4416 MsiExec.exe 4416 MsiExec.exe 1316 MsiExec.exe 1316 MsiExec.exe 2904 MsiExec.exe 2904 MsiExec.exe 4260 MsiExec.exe 1220 MsiExec.exe 1220 MsiExec.exe 940 MsiExec.exe 940 MsiExec.exe 3940 MsiExec.exe 4812 MsiExec.exe 4656 MsiExec.exe 4032 MsiExec.exe 3484 MsiExec.exe 1956 MsiExec.exe 1156 MsiExec.exe 4756 MsiExec.exe 624 MsiExec.exe 2284 MsiExec.exe 2632 MsiExec.exe 5016 MsiExec.exe 4944 MsiExec.exe 384 MsiExec.exe 4636 MsiExec.exe 4180 MsiExec.exe 3060 MsiExec.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe 4972 dotnet.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c8a2ace2-6555-4192-bf52-f8dfb1eb7678} = "\"C:\\ProgramData\\Package Cache\\{c8a2ace2-6555-4192-bf52-f8dfb1eb7678}\\dotnet-sdk-8.0.403-win-x64.exe\" /burn.runonce" dotnet-sdk-8.0.403-win-x64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\W: msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\sdk\8.0.403\ru\Microsoft.TemplateEngine.Orchestrator.RunnableProjects.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\NuGet.Build.Tasks.Pack\Desktop\cs\NuGet.Build.Tasks.Pack.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\es\NuGet.Commands.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.Build.Tasks.Git\tools\net472\cs\Microsoft.Build.Tasks.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\FSharp\ko\FSharp.Build.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\PresentationFramework-SystemXmlLinq.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hans\UIAutomationProvider.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.workload.mono.toolchain.current\8.0.10\localize\WorkloadManifest.ru.json msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Runtime.Extensions.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_7_default.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Containers\tasks\net8.0\NuGet.LibraryModel.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.Build.Tasks.Git\tools\net472\ja\Microsoft.Build.Tasks.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Web.ProjectSystem\tools\net8.0\Microsoft.NET.Sdk.Web.ProjectSystem.Tasks.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\pl\WindowsBase.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\zh-Hant\NuGet.Build.Tasks.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\pt-BR\NuGet.ProjectModel.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Microsoft.Build.Utilities.Core.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\BuildHost-net472\System.Buffers.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\pt-BR\Microsoft.DotNet.Configurer.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.Http.Features.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_9_default_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\System.Windows.Input.Manipulations.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.10\ref\net8.0\Microsoft.Extensions.Primitives.xml msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.10\ref\net8.0\Microsoft.AspNetCore.Authentication.Cookies.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\es\NuGet.Build.Tasks.Console.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-format\it\Microsoft.CodeAnalysis.CSharp.Features.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\middleware\Microsoft.AspNetCore.Watch.BrowserRefresh.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hant\WindowsFormsIntegration.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Diagnostics.Debug.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\TestHostNetFramework\testhost.net472.arm64.exe.config msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Containers\tasks\net472\Microsoft.Extensions.Primitives.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-format\zh-Hant\Microsoft.CodeAnalysis.VisualBasic.Workspaces.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Containers\containerize\ko\System.CommandLine.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\8.0.10\ref\net8.0\System.Runtime.InteropServices.JavaScript.xml msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\DirectWriteForwarder.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.ObsoleteReferences.targets msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\it\Microsoft.DotNet.Cli.Sln.Internal.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_8_default_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.SignalR.Common.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.10\System.IO.FileSystem.Primitives.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\TestHostNetFramework\System.Net.Sockets.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelmaintainability_6_recommended_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_5_all.globalconfig msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\ja\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net8.0\cs\Microsoft.Deployment.DotNet.Releases.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelusage_6_none_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net8.0\pt-BR\Microsoft.DotNet.PackageValidation.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\pl\Microsoft.CodeAnalysis.Scripting.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\pt-BR\NuGet.Commands.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\zh-Hant\NuGet.Packaging.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Runtime.CompilerServices.VisualC.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Publish\tools\net8.0\Microsoft.Web.XmlTransform.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Containers\containerize\Valleysoft.DockerCredsProvider.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hans\UIAutomationTypes.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.StaticWebAssets\targets\Sdk.StaticWebAssets.CurrentVersion.targets msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\System.Collections.Immutable.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Roslyn\de\Microsoft.Build.Tasks.CodeAnalysis.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.PackTool.props msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net8.0\es\Microsoft.DotNet.ApiCompat.Task.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.Authentication.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.10\zh-Hans\UIAutomationClient.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.10\Microsoft.AspNetCore.Mvc.TagHelpers.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\8.0.10\ref\net8.0\Microsoft.AspNetCore.Mvc.xml msiexec.exe File created C:\Program Files\dotnet\sdk\8.0.403\Extensions\ru\Microsoft.TestPlatform.TestHostRuntimeProvider.resources.dll msiexec.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI9CEE.tmp msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\CacheSize.txt msiexec.exe File opened for modification C:\Windows\Installer\MSIED0B.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} msiexec.exe File created C:\Windows\Installer\SourceHash{61DDF3F6-B199-45CB-9483-88C2A4BF8D8A} msiexec.exe File opened for modification C:\Windows\Installer\MSI4FC5.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI6C4F.tmp msiexec.exe File created C:\Windows\Installer\e599bda.msi msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\CacheSize.txt msiexec.exe File opened for modification C:\Windows\Installer\MSIFA6D.tmp msiexec.exe File created C:\Windows\Installer\e599b8a.msi msiexec.exe File created C:\Windows\Installer\e599bc5.msi msiexec.exe File created C:\Windows\Installer\e599bde.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSIEE64.tmp msiexec.exe File created C:\Windows\Installer\e599b94.msi msiexec.exe File created C:\Windows\Installer\SourceHash{62EAD19D-3122-3A47-9BB4-0B802B106314} msiexec.exe File opened for modification C:\Windows\Installer\MSI3B4C.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI3C95.tmp msiexec.exe File created C:\Windows\Installer\e599bc1.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI235A.tmp msiexec.exe File opened for modification C:\Windows\Installer\e599b9e.msi msiexec.exe File created C:\Windows\Installer\e599bc6.msi msiexec.exe File opened for modification C:\Windows\Installer\e599bc6.msi msiexec.exe File created C:\Windows\Installer\e599bcf.msi msiexec.exe File created C:\Windows\Installer\e599b65.msi msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe msiexec.exe File opened for modification C:\Windows\Installer\MSIE94.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI36B7.tmp msiexec.exe File opened for modification C:\Windows\Installer\e599bbc.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI7B0A.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE856.tmp msiexec.exe File opened for modification C:\Windows\Installer\e599b85.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI1D5D.tmp msiexec.exe File created C:\Windows\Installer\e599b9d.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI81B3.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIB761.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIFD5C.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI72EA.tmp msiexec.exe File created C:\Windows\Installer\e599bd9.msi msiexec.exe File opened for modification C:\Windows\Installer\e599bdf.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI375C.tmp msiexec.exe File created C:\Windows\Installer\e599b5c.msi msiexec.exe File opened for modification C:\Windows\Installer\e599b66.msi msiexec.exe File created C:\Windows\Installer\e599bca.msi msiexec.exe File opened for modification C:\Windows\Installer\e599bd0.msi msiexec.exe File created C:\Windows\Installer\SourceHash{3A80EBC5-6B68-49B9-BEBD-E1A6C966B416} msiexec.exe File opened for modification C:\Windows\Installer\e599b76.msi msiexec.exe File created C:\Windows\Installer\e599b85.msi msiexec.exe File created C:\Windows\Installer\e599bad.msi msiexec.exe File created C:\Windows\Installer\e599bb7.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI5A86.tmp msiexec.exe File created C:\Windows\Installer\e599b66.msi msiexec.exe File created C:\Windows\Installer\e599b71.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI1906.tmp msiexec.exe File created C:\Windows\Installer\e599bb6.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI565F.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI6682.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{EFB9E0CC-AA8A-4D24-8FDA-33E693C22688} msiexec.exe File opened for modification C:\Windows\Installer\MSIC551.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIE671.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{614C9740-3FD4-4788-A277-7C35CB4C323B} msiexec.exe File created C:\Windows\Installer\e599b8e.msi msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 31 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-8.0.403-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-8.0.403-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-8.0.403-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe -
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
pid Process 784 msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 57 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BFC6307A304B895458FF3D79BA8B1837 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CB6FA83ADA53BCE43B6FA2F5A709084F\F_RegistryKeys msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\776E3A688CE808043995BFECDA30C927 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.0.0-preview.1.23557.2,x64\ = "{F3AEB036-4B8A-4C25-B4D2-850944E909C4}" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C0D7B51902F82C4FAC1DF38624F5DA8\Version = "1076384842" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.40.21605_x64 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D91DAE26221374A3B94BB008B2013641\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{62EAD19D-3122-3A47-9BB4-0B802B106314}v8.0.10.24468\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57E95FB650EB96C4C98453236BEDE05C\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\782729899778A74419E93720D8357F91\F_PackageContents msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64 dotnet-sdk-8.0.403-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\PackageCode = "180A0EA5490D0D24685174214848B9AC" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\27F9D946C5261C532811A4C2C3741C5C\CB6FA83ADA53BCE43B6FA2F5A709084F msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6BF6B9FE93264D4EB6009240F6B8478\SourceList\PackageName = "caafbc922987368d181973bdabc1d7de-x64.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C0D7B51902F82C4FAC1DF38624F5DA8\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DE1DC260C3A0C3848A17057123045C54\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Dependents dotnet-sdk-8.0.403-win-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.macOS,8.0.100,14.0.8478,x64\Version = "14.0.8478" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\Clients = 3a0000000000 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.40.21578_x64_arm64\Dependents dotnet-sdk-8.0.403-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D91DAE26221374A3B94BB008B2013641\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D91DAE26221374A3B94BB008B2013641\SourceList\PackageName = "aspnetcore-targeting-pack-8.0.10-servicing.24468.4-win-x64.msi" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CBD8D3B8681AC04980C00D291E34709\DeploymentFlags = "3" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\630BEA3FA8B452C44B2D5890449E904C\F_DependencyProvider msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CC0E9BFEA8AA42D4F8AD336E392C6288\Assignment = "1" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CC0E9BFEA8AA42D4F8AD336E392C6288\DeploymentFlags = "3" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CBC511F81473AE24F8E28B0D6A53397D\DeploymentFlags = "3" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\ProductName = "Microsoft .NET 8.0 Templates 8.0.403 (x64)" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.10.55893_x64\Dependents dotnet-sdk-8.0.403-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\Version = "285221150" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6BF6B9FE93264D4EB6009240F6B8478\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{F9B6FB6E-239E-4D46-BE06-9042F0B64887}v64.40.21578\\" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\630BEA3FA8B452C44B2D5890449E904C\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CC0E9BFEA8AA42D4F8AD336E392C6288\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EFB9E0CC-AA8A-4D24-8FDA-33E693C22688}v32.8.55893\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\833A9D1B4BE26C530BC943D325F1845E\57E95FB650EB96C4C98453236BEDE05C msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Maui,8.0.100,8.0.3,x64 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DE1DC260C3A0C3848A17057123045C54 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5CBE08A386B69B94EBDB1E6A9C664B61\SourceList\Media\1 = ";" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64 dotnet-sdk-8.0.403-win-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CBC511F81473AE24F8E28B0D6A53397D\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A44EC839E2ED95B4DB7B5D514AA10A92\SourceList msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E97D7325C1339393783BB0359BCD0AA1\9FB75A5BA7CF6AF4ABBE641E3789D63F msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\ProductName = "Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64)" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E68A770D982022546A5387D31BBDE782\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1CBD8D3B8681AC04980C00D291E34709\F_PackageContents msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.NET.Workload.Emscripten.Current,8.0.100,8.0.10,x64 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DE1DC260C3A0C3848A17057123045C54\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{062CD1ED-0A3C-483C-A871-50173240C545}v64.40.21578\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0479C4164DF388742A77C753BCC423B3\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{614C9740-3FD4-4788-A277-7C35CB4C323B}v64.40.21605\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\NetCore_Templates_8.0_32.10.55893_x64\DisplayName = "Microsoft .NET 8.0 Templates 8.0.403 (x64)" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\PackageCode = "4434B262F7819B948B06A6CCED9D0AA7" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\306051AD8B00B0139BD0579A2D71805E msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8E99F865D2F97D840AD56DC415B2A3DF\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CB6FA83ADA53BCE43B6FA2F5A709084F msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\56E91FE16472EE73E9EC7BED95BDEBD6 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E7ACC97FC6D734F459F18B0C7CF4788E\AuthorizedLUAApp = "0" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F3FDD16991BBC544938882C4AFBD8A8\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2C0D7B51902F82C4FAC1DF38624F5DA8\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{15B7D0C2-F209-4C28-AF1C-FD8326F4D58A}v64.40.21578\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DE1DC260C3A0C3848A17057123045C54\PackageCode = "EF66BBD9B7294B44CAD37BD1624CAE46" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CBC511F81473AE24F8E28B0D6A53397D msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_apphost_pack_64.40.21578_x64\Version = "64.40.21578" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B068F02E296E4DD4287EF20FE6220213\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A44EC839E2ED95B4DB7B5D514AA10A92\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{938CE44A-DE2E-4B59-BDB7-D515A41AA029}v64.40.21578\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D6FE611E8EAD6E40B8DFE1F54DC54AD\SourceList\Media\1 = ";" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1CBD8D3B8681AC04980C00D291E34709\SourceList\Media msiexec.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 339152.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 4888 identity_helper.exe 4888 identity_helper.exe 4812 msedge.exe 4812 msedge.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe 4864 msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3396 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeIncreaseQuotaPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeSecurityPrivilege 4864 msiexec.exe Token: SeCreateTokenPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeAssignPrimaryTokenPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeLockMemoryPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeIncreaseQuotaPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeMachineAccountPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeTcbPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeSecurityPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeTakeOwnershipPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeLoadDriverPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeSystemProfilePrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeSystemtimePrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeProfSingleProcessPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeIncBasePriorityPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeCreatePagefilePrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeCreatePermanentPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeBackupPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeRestorePrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeShutdownPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeDebugPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeAuditPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeSystemEnvironmentPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeChangeNotifyPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeRemoteShutdownPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeUndockPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeSyncAgentPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeEnableDelegationPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeManageVolumePrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeImpersonatePrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeCreateGlobalPrivilege 1072 dotnet-sdk-8.0.403-win-x64.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 4676 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe 3396 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3900 wrote to memory of 784 3900 notepadd++.exe 99 PID 3900 wrote to memory of 784 3900 notepadd++.exe 99 PID 784 wrote to memory of 2964 784 msedge.exe 100 PID 784 wrote to memory of 2964 784 msedge.exe 100 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 432 784 msedge.exe 101 PID 784 wrote to memory of 1424 784 msedge.exe 102 PID 784 wrote to memory of 1424 784 msedge.exe 102 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103 PID 784 wrote to memory of 4308 784 msedge.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\notepadd++.exe"C:\Users\Admin\AppData\Local\Temp\notepadd++.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=static&gui=true2⤵
- System Time Discovery
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaced46f8,0x7ffeaced4708,0x7ffeaced47183⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:23⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:83⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:13⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:13⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:13⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:83⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:13⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:13⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:13⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:13⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:13⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:83⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 /prefetch:83⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,11574126368652839805,11520712206432312302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1256 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe"C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1060 -
C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe"C:\Windows\Temp\{40C3B9DB-A9C2-4C6E-B610-D523BFAFB536}\.cr\dotnet-sdk-8.0.403-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=7204⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4948 -
C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe"C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\.be\dotnet-sdk-8.0.403-win-x64.exe" -q -burn.elevated BurnPipe.{22444FC0-9205-4301-B31A-8E14C4E959D6} {6FF43A1E-EEAC-4CFD-A7F1-A716FAB714D6} 49485⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1072
-
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1964
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:872
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4864 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 64D9DF9E16176B88309EB06666B6EBDF2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:992
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9BAE4F6255AD19856004DE956777A1672⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4940
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A5DB934814D0FBB4FDF5192E16EF89E92⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4928
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FC149FD1FCD4C89538859168E62D71882⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3456
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding EBC2848E1909347A0CFCD7867D62BAB42⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4416
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding EABC49D088AF905833DF84B5E83B8DA82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1316
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1FF65355E042B5541035A9AD1C298F882⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2904
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4F2F9DE896DCA2A792D4E7CB98C21FF22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4260
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1ABBAED76E866A8F81BD2E305982E0C82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1220
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CADC131721A14182553F4037F5A073A72⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:940
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D2819795C79A2FA1813A4CD3F6C37E3D2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3940
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FC91C90BFA3EA3E61E5BB530C63B1A5A2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4812
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0CA91D06F32BF6874AFB794FAC3696E42⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4656
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 7C9C8B471C0C50C83927A4ED9B06DE652⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4032
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 628ECFE20B5EB52D01BFFC5E94B3CC062⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3484
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C8DA444C61D312D3D88C7B681FE657DA2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1956
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F881937F72C653BC3E49628245B71BF22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1156
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C59F6DB93BD39FF40E7D9490917608572⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4756
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E300DE40A61D6F489B1FDEA956FB17F32⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:624
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 89091A547235C021CF002080D4F4F5162⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2284
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 23AC7AC2D5B6E98BB9D147C88F099CF92⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2632
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 80C90BBF37089516F16FC787D7AA11792⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5016
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BE4D689025F33F16007612F8886D67522⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4944
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CB84BD1FBB2F559E31EEEE2DA510B10F2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:384
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FC2D201F2EC99104713AB275CC82A5C32⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4636
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4358F6D2D4F0DC32A7F4C41D0EF5134C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4180
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8A86002E11C0A77FF9E96AB95E9AB8A6 E Global\MSI00002⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3060 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\8.0.403\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-8.0.403-win-x64.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4972 -
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:1512
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:4640
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:876
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:2352
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:4488
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F8D49D7EBA40C77A680990815F7738032⤵
- System Location Discovery: System Language Discovery
PID:2068
-
-
C:\Users\Admin\Desktop\notepadd++.exe"C:\Users\Admin\Desktop\notepadd++.exe"1⤵PID:2300
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\notepadd++.exe"1⤵PID:4028
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4676
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3396 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\notepadd++.dll2⤵PID:4640
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD598bb31d782e87454a3c54384d03d0b53
SHA102f68452cfaad2c7ed19619034ac00de939a4cf4
SHA25662f5e8abd6a435e919123665e7c45d334f3f676e2bf333fc398ea1b121ae7eaf
SHA5121d14606e5b24df888c78f97a71148d99e6d03764ad478cb6239f00f71cc8c2954b6d0b5eb25ce944853f85e16d65bedb79a3e510f9f963e5d48580572532a161
-
Filesize
9KB
MD5ee4bc76c1e12da9afde721b114571a07
SHA1d2a70d9b40e420e48bcf82e0a68d2e2af3146de4
SHA256288ec0e62aea4aaf81089b091e09998475076a1e85b7aee9fce1f492e48972cc
SHA5127aa082e881906509bbdb33dc898a7958f36abfe87d81c6f42a0986d744ab8278b6e90596459217fbd6fbd9a9b85ab65c31c741596f3484a831b38819843615f8
-
Filesize
11KB
MD5db22c6ad8a76fa79296437b3f77338d4
SHA17d04d2671cc547948fd0cbd1576577a3b80eb400
SHA256e73ecc4add937911f78715603a4735157511185d467da96a0fdc5c7fb9acb7f5
SHA512d5ba66f8b284764f4e582e2781eade9c6af87d2a264c18f78666cf70c3585f4b505800f75b97147c6e9f6a01907b5a08833eb4100bf652b0c5c427de9de0cc8e
-
Filesize
8KB
MD5eedf6f954348985da272260d78f7be9a
SHA100356caa07c284c5007d1d6daf65127635290528
SHA2560d9504903f9237909ef8783440f4eb0d66ced78c912623053414915db34d827a
SHA512cf5c0b36269ef77abfe2a4662b095ce88f0b59e0c4a74849bc33b8b7a0da321fded1f15249806fce0613f9ad2fcd62d85868f43cc054f62fdc6b8009dc3285fa
-
Filesize
143KB
MD533b4c87f18b4c49114d7a8980241657a
SHA1254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA51242b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9
-
Filesize
3B
MD521438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
Filesize
94KB
MD531ac73348447299cab167f2b7cd0f4e1
SHA12ae50331213c6ae2652c1e2f4c5ed84d761b03f2
SHA2563f82ceb545f440f09eae79eb6537ccdf379464733fe05cdd9e89f1e3c764ff9c
SHA51249f0891563de04490472f97e8aa2a7fa3fc27df22a6f23b8ba272c766d1a8494c777a430778cd835199214a59631e0f7dc51b1b542487242b3d8d43a8eb1db73
-
Filesize
11KB
MD59e946d2d19761559818cc37bed3ccc9f
SHA1221409f10346d76b59296965e1cbc716693c3683
SHA25600f6886e4776131d7dc9dddc1cad46aa62ca35c54be480d563aa5ad6d362d006
SHA51243e339f04696b85ed9f06555bbd937721fa3a7276ad3271a0defe54479f09ef48c69ede172736de306a119b549c61cf07d3adc5fcadaeb9666352ac628985173
-
Filesize
11KB
MD5ffab366c01bf19a89182408e589301ee
SHA15d58630020172c8c60362add0ac870d16dae937e
SHA256e8966758afe86b5b7a9ecbd1090841858a370780659b4d44295b3ec2ead9363d
SHA512ec89c1a0375355581ccb24a74d91940846973f1c3a3cc102fa015f33a72408e6d54ef4ad7a7bcfa3b3916243fad89d4b97915ea806ecd00662c93888367823af
-
Filesize
11KB
MD566fff5754fb8555e6cbbd68457d89098
SHA1b92641c4d8960fd9cd168f9651ef32774397ed07
SHA2562350d320a95c38792bff698f9d6bdf0ffd58eb2b693c354867a7b37076715049
SHA51265ee8865e0563c3dd280e952fe1c6d621234a60dad100ca4ddf388d45b93bfe9b74d2edbfca3ca6b0bc3a95ab2be578315951a3557bd21e1efe9e0edcac84fe2
-
Filesize
35KB
MD5d4a4dfb1d386875aec9f92077fbcf1fb
SHA1fd26cf288147cdcb7880a1e90db53cc5ab723a4f
SHA2565b4cd76c8f70f9620ab610f9e6de570b0ed08acac4010fe4f1f1c4e6f4b1e7bd
SHA5127964b9921fb699a214ecf72e6c32382adb8f18b9f879556cbc810b9ee02f023d05fd0c8dd9118522ddaed51bb581cd1cf380df18e831a17d1df3fce1a4b605a1
-
Filesize
87KB
MD5b83b1f39923de5ad00811f6798f97c45
SHA1c5fb8dbe9b9849cba8d00f0764dcfeff9a6a87a2
SHA2562beee5180d99fe033d5b58ea0558d6ae7becc9b6e0c847e85343fcaada2b10bf
SHA5127567586d1af5294348a0e49706a21752f795d58acc0b9c971aa79acb8008f86ca996b80e8a81a68584bcaf322c313d3241510838edadda975beb8ba421597d8a
-
Filesize
40KB
MD5a2978876fc6d307de17be00c2d7e7d36
SHA134729745f33c5276245f3d6678cab67168356950
SHA256e8e36dc39869bbdb2c31ef443f620ba23e6003de32addb77907388625b133cc9
SHA5124ab018add68b9e3560d1e88e4e039540a8d148796c969e244210c3998dae6e9b26ecc9b19f651f369e59f93b96cf77a28e506e28da3539a3af9b83c3fd6d00a5
-
Filesize
93KB
MD5f1738a9ffb8217d86c267c6f6334d029
SHA10fa36e26e48346843988c07e3ad15840838b5b94
SHA256a809520b791a6b68660e8d9e9faffcc491624a19dbcd112211d71c8b1b3778db
SHA512161de30935c1a2b829242fa7ad086528966fec3ec6a95fc42368c9f721f7601b9fcd344d9127d2ed7656ad1cba0f47a768bab07c8389ed3143e8d44287eedb24
-
Filesize
9KB
MD5d4f3c4650c022ceb791bfe6cc8da308c
SHA1c6fb0a736257d95802b750b592fb0f3279d9744f
SHA256fd5cc6d17e970840678ccf88a8cc22b2ba06a06223546adaab3c397cea0701d4
SHA5128afdfa44be2d50ec3c1c13e7e2e00817eff1ccf6e4f5d01b63f36817448cdc4b8a820105d16ba7c44c0e8642af40ad28a96f2f709abb47b51ab35960dbd3a2ea
-
Filesize
8KB
MD5e6bc50215d55c8919288a3139d16b8be
SHA155da46ce860a00d58c88d691a2a632cb3d8c44f2
SHA256308fe89eb5ea1393ad1e3ec567695a4fcfa875cc5a45135397c1db89c4675b6c
SHA51204eb49f7fcdf0168bbce28e363450b7355cca968fa0a841e7f4da1654c30cebd42e01d7c5deca3e523162de4be2adae057c0c0ca485145132def86bdfec82915
-
Filesize
8KB
MD5e3c03f94eddc6294cf92edb244ee68a5
SHA103eecc7b854e2cceaecd43d43bfa136c7c6086ce
SHA256518d417273b2173a93ce5a70befb122a42693c4107588293cf1f4baa5f50d8e2
SHA512123493278243b06b36e61be3f1e09296ccec43c0833091c9f3f8659c4c3d7cdbfa1543834809b62abc7fbc3bac3d09866fd51c65d863b44a4170180a01f559f3
-
Filesize
9KB
MD5cb95873d02302597b8824c21005fd0ec
SHA17d5dead3b80780530f860dd08355aebfd1cdaaa1
SHA25631a16d1cdf879e54cea04348bfc53dbea538329cd6894c8f964ca68fd3212f3d
SHA5126701578472d8d4f92a45a378e8ea31127b50985b1ed005d771df8673a39a2f2a21b299421638e65eab24a4e22548a29b19fa80989e1325937e5213844c5c54fd
-
Filesize
8KB
MD5fdd3c70cfb4a727d9e27d790e9f40ae8
SHA1a04924b986bde8e6e93efeea6de6637c799dfa7f
SHA2566fa7975eb4665552e49e7b7134849a21ba42eed67accd2fe3584ddff60885109
SHA51248a9e65111e0517335b52b2a1488cde069b1f4b2291cf5e3f5d71b0d3d32a79ec45a0a6f9ad256ba730dd5472687f905d932dc0981a35fce990c0391fa1c91c9
-
Filesize
8KB
MD5984da25aee8a7b9e01239fb2ea34a5ba
SHA1cb674569a6a752227bb280c81d7328fb4b0aca0c
SHA25650fce5b64f0d1a0a46ba24771219089d4973d8dc54945473914823075a5c2ee0
SHA5128a633bff4a54c485202a836bc911115290c12c538d9672deba8c7abddf6e24868c1f8e682a144f8ac206a3e179f872e03c3bc723821457e80addc4187f9b6c1e
-
Filesize
8KB
MD5d04975078ba699631365ea424f9a13ea
SHA181b9b603f53258f2c9b22e9a1347dd2f3f49938c
SHA256a84261fd4a06ea4ffa52e111c5db3584823dc5e78dc7ed5ee44b7b6ef2f58e48
SHA51223dd176b559296bf21a3048c2c6fdeab8625863bc93b8b6463fc488003d8d41200ccb8e51a75ebf8e1d20f8c76db372676a22d0a2db4fa4a7b466299b9972ceb
-
Filesize
14KB
MD51f69621eb7a39d9101813af5407a9fad
SHA16013bdcd720b21d545197ab016b8237e862be504
SHA256e7f68fb855e945892faa591b325e98471f61cca97b29a9be3000243145830d30
SHA5122d7ce8210f159a15414e777ee337efba38013fc332d10ff901d2e6c3689667bac6c071caf0e1afaf4696c805837cea17b7b84aee9a5f36d9af2d130e97f7cd52
-
Filesize
10KB
MD5592f3b17ca7a66b4a189b17b98fb7645
SHA171b3cd3a085a812e55c802dca586e945dc85c02d
SHA256585a00f8e96902363dd12c0f028b8f1bd5e56749e5502569b3ec279490447e8c
SHA512b0b627b2308e242ac94837649175cf372658844b43e0470618fa1afd07be516ec568cb7447c7396cee8300b38cbc2808b89137320539cea843769e02a4ff524d
-
Filesize
10KB
MD51e1b3fe955da21b70a5714803354d2d1
SHA11ca1d9178bafe5586285e7f8dd693ce40167e67b
SHA256413bf57e5893b68794078c55f4c37e692f5e3aa0025abe958897209e60c8a89c
SHA512e944e4c4909bbad94f268c9116bbc84c6a3ebf3e50c34e1114f4e21ea29bb2f77815f15582256c651629647a1a667978b50f2412a8031e16f2d46dbae89e5a88
-
Filesize
10KB
MD51ad13baf01324225bdc621422af7ffca
SHA1e69df12b426650aa86c1328cffcde0432918d155
SHA256f7021cc64fc3d8f610601a72d84e4de211130bc9888369f18c0cf7223d851ff8
SHA512551f51089abb773bfcf0bdb579f0af74d5fb2539d8af53ddd115307a75bde034fe8a47581c8adcb93ccba9d7db92c0b91a9eee590cbe7f72e6f76cf91b9ebe2f
-
Filesize
13KB
MD55268bdf4a4cab9064358e8121754b3cf
SHA1c062057f478092ba6b66fadcbe979138dea0b516
SHA2567a2b504d41abb4f81a8192ec1d0f9ac5e10100ad2f44ed048fb78b11f39c83b0
SHA51218b5e7ff53b941c5bcd4db16701e13b81a2ecaa8e8ee05c0ec5c583a9a454ff29cefe1cf300bfbb7547f07b49eea788b7bdebacd8248e9fac183e15be7758b75
-
Filesize
13KB
MD54fbba45e424338bfee2f8363141fdc69
SHA1483fca006704864a836378362c0e50b263c10956
SHA2562ce80c61f6e5559bf476011b590e7c1b46f403ec97c326f319dfd696321cd9ee
SHA51240b65975ec28d4233d608c1b6c006599aae854fdffd952ee2ea9cf89fab23f9ce5c516319196f610fcb114764f8d59227e7b18fc261515dd71ca51fa1b8e2aaf
-
Filesize
9KB
MD57eb5dd1a69d6b16bd0b0d4f8de9b0ac7
SHA1ba39039f8987b11736810a3548f887c48aa5200f
SHA256447a34f8869a8b39a15d6aa79b91d36837daad7fbf41c126f67eb55dd95c7520
SHA512d8c5ab074580f80cb11b2a3fd88825baf9a15425bfa5b84af8940db02a6a94c87760ad5d4181bc878b87b678fff0b08db9cfa0f922882767d6577e8d1f063bbe
-
Filesize
997KB
MD54630e8bc608887d8cc82bed43a24d4e6
SHA1dfdf7928682e7a5d738fae30fa8b383d5d27df88
SHA2567e97996574bca41a0fbb76e68e48a5e6ab5d3223020701ccbc3731649cdb7e6d
SHA512ece0963e9b81f90e069c16028b2df2790b19d14a67f1e6035049dccd0109f60065ae72667cb9d9655265db43d2af675760438cf98edf77f9250d5f2128de17c8
-
Filesize
41KB
MD562e8d44f1529038155ed4d3c2b63797f
SHA1d61fc35950f805efebc296aa886ee83c1d18addf
SHA25658bf02d9e94ccab3f6dc109ca1df19070dac2cff9b61b30e8828846fc1bd5d6a
SHA5120ea78f5824d41f00bc90edd5b33af3ca413f40e895bb53b27e3769856f91786bd97d54d81cf5adffcc46d4bc063f6c18e77a6a2499d5290d13822fccb84837d8
-
Filesize
143KB
MD501e656b7c01a9d6554af55b233fe7a6a
SHA1aa06b39403728e1fa4fa059c973547773ef59dd6
SHA256a81dda25c2193ca72f6cde2d8b1317a896ff0029387a15ae8e8c25b9d1886591
SHA512fc15642088a847febb8aac225369b0b257b5e33be2466c2093e61e9bc4ae93e59d94723464c0ca9d760ff2b691bdd1997d418cddc5a01ca89e76b093a50cf852
-
Filesize
19KB
MD579e57433e70b5a0a300303dfc5d759b4
SHA1cfe5862964f3b389cbac01e157e9ade0031e45ef
SHA256b58c35c328c383e3461c3ea2f1f0c46e7a48446d863f2c2c63f42aa466e002b8
SHA5128f2ee3b02c4bee0483ed702d283bd9e513917044bb77aa4412dd85de501a8a52c966510df948a9f5f36177407bd111633047686d727fe32de14599e17b229de4
-
Filesize
19KB
MD5aa8eeb801d74a4e562fd8c044e03fa8c
SHA18653841bd62dc74f605f608ed8f354dd692faaa2
SHA2567ad12924769e5e85266ebd510fb4be141cf5092f0f8988345f80f5bacce0479b
SHA512388ad6fcb298ad170e45f214ea4b1d1e5844efc1612800341a4b1b651ee3ca25b4bcdf541bf2f8f0975a1da50dbe8f60ff8651c100f8675b9e3ce924b0f08db3
-
Filesize
77KB
MD5fa9d0d182c63c49a4c567f7c1652b6e6
SHA155ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc
SHA256e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84
SHA51258f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7
-
Filesize
18KB
MD5c7f0f7e0a7562225d7b60b88459bde92
SHA196c432044ecf7d346e09c6c46f5ca163396d97f8
SHA256516e73295a8c886807ef125de6dfdcc3b783133603655c7a105b38a953ca3353
SHA51205cd9ad86c824d498ab7e0be7656c233cb051b056dabefd9d037923f7d3a1bb967182f575dee89896c47912fca4a2227c56f8f26f0c2949ee18a38d7e041b999
-
Filesize
19KB
MD54e92ced559ff6f26d238fc5393dab39f
SHA1400983302371c5a7ba38e3dba8fbc4c5f8192018
SHA25637ab1ac8eafeb21cdca5418d01ee65671dacad3fe206f13e8ddb5b199e5ee471
SHA5120c77f4392b804a0f47e6c535ac7497182cd4a47e19d1d437d15d73ccfc03bb8febe45ae01965eb9e70a77059ed271bcad210f5495998c75b4ec46c1858fc14c3
-
C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\BuildHost-net472\System.Collections.Immutable.dll
Filesize246KB
MD5af7880a90c02c0115cd169c7182ab378
SHA16e3ccf50bb1d30805dce58ab6bdd63e0196669e6
SHA256d5ec0837bb176abf13dcd52c658c4e84c5264f67065b9c19679b6643f7d21564
SHA5125377f83cfb8b9892727ed22ba0b9b1a75b2d4750caa6da04f4eeb0f6f9c0f75949226b2ca00876ad1f4c9de02f8ffb1cbcdb3048fbe6d26a6119148282e818a1
-
C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\ja\System.CommandLine.resources.dll
Filesize19KB
MD55d26652b0f420ca6ba2bfa00b84eea38
SHA18dc1d2a7cb6b857344c120544f842fccdaa97e79
SHA256654efb9ccd7c39ce7992616f8aad94e5855f01a3b1ad5dbf21710b1b6d24f00c
SHA5125e066b399ce519202f2dc8299787ad47bd37467e85598489489bd5f0f49c424518ed6c4e89cb6ea44c038ceec9a5169aa0c1afcccb0de55ea805e1e0641a7419
-
C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\ko\System.CommandLine.resources.dll
Filesize19KB
MD5ea1fc85ccabec5aa1ae22452afbafac1
SHA18ea9da27d9335f80c76867837688218b78311148
SHA256f3d814678daa95c4609d723548edef7a76bb87423a4e78a20e48fded87089483
SHA51242a8c0fd58cad8765712b0379a9ea8adaabaabfa2fb5e2760756e0cac80c30484da491065634aa406ec6fd2ffef0dcb386fa6378e191afb6fcb48a7845c8c479
-
C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\tr\System.CommandLine.resources.dll
Filesize18KB
MD5c9c8df325a05d227bc32a5d854713c4a
SHA1cf9ea69ccebd1ef0bd46beff01254a02c5fb0131
SHA2567a2ada59d84ae17791ca23ff010f1251d98a72df15d1c7355274557349c124bf
SHA512fc38b3d241bb8315202d2b40821d9a8ca4075ad7ccffe60a97268805e9cb00e83e6136d872f248661843753415b6eee22858a7de829cf60affc4c89c3793dd97
-
C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\zh-Hans\System.CommandLine.resources.dll
Filesize18KB
MD5c182eebde556be386ca5b656974993fa
SHA1864aab5c6e71bc3537612c2541e7737d02e6f4c0
SHA256d8682c24396dd5093f4e4bee6cc021148ed2558039b2682bebb60dbb95db56cd
SHA5123613cf324c708564185f021404215202dc2fd5340890db115bd906716a9ce74900aba954c68ab13900c79bbe869b916739157e426a0196c1843426beb9d4ef52
-
C:\Program Files\dotnet\sdk\8.0.403\DotnetTools\dotnet-watch\8.0.403-servicing.24469.19\tools\net8.0\any\zh-Hant\System.CommandLine.resources.dll
Filesize18KB
MD59101e8227a7ab83cafd27e4ec222ba10
SHA13a80807f7cd695bd9258eaaadf8b2d7dccefc125
SHA2568508d85c0fcf1040b05d2a2f0c7e4f74ac476f9a46f414e05e8d47d565367e5e
SHA512e017142f816299ea430a980db1b15298e4f45b4d8264b06160194061f7cb9c8cd3c9a1a8976eedee1f67d6a94b6a393583909c7c167e4407a5c47cb686f23412
-
C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.Build.Tasks.Git\buildMultiTargeting\Microsoft.Build.Tasks.Git.targets
Filesize297B
MD55725a6d47308db618d015c3e55dd499c
SHA19b3e1ac8d62d522505f57fee89a249ac33325edd
SHA25661af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798
-
Filesize
138KB
MD5f09441a1ee47fb3e6571a3a448e05baf
SHA13c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA5120199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6
-
C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\Microsoft.Bcl.AsyncInterfaces.dll
Filesize26KB
MD5ff34978b62d5e0be84a895d9c30f99ae
SHA174dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA25680678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA5127f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28
-
Filesize
20KB
MD5ecdfe8ede869d2ccc6bf99981ea96400
SHA12f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA5125fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
-
C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.Razor\tasks\net472\System.Threading.Tasks.Extensions.dll
Filesize25KB
MD5e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA12242627282f9e07e37b274ea36fac2d3cd9c9110
SHA2564f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
-
Filesize
24KB
MD523ee4302e85013a1eb4324c414d561d5
SHA1d1664731719e85aad7a2273685d77feb0204ec98
SHA256e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA5126b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32
-
C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Text.Json.dll
Filesize629KB
MD5d7e1e8629da31f3482045f243edd50be
SHA1d3ad7f529c0b9232206348842e31566ad7347135
SHA25686c3f263ae9b4469ab1266c80471087082447eb4a38e6b97bf5e84de15c07a1d
SHA5120ebfcae7cf17ca0c4299f6d1cd850f0f8959b49e6bbc05079fa6679838abff9eca3a09ad8158f7b0395dabb20a0b9a25efe1d8f645ca9ef69bedce45606a23d3
-
Filesize
113KB
MD5aaa2cbf14e06e9d3586d8a4ed455db33
SHA13d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA2561d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA5120b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
-
C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.NET.Sdk\tools\net472\System.Runtime.CompilerServices.Unsafe.dll
Filesize17KB
MD5c610e828b54001574d86dd2ed730e392
SHA1180a7baafbc820a838bbaca434032d9d33cceebe
SHA25637768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396
-
C:\Program Files\dotnet\sdk\8.0.403\Sdks\Microsoft.SourceLink.GitLab\buildMultiTargeting\Microsoft.SourceLink.GitLab.props
Filesize295B
MD5a5dcc9e5bf323d748b26652e11956905
SHA17f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA2562ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA51279d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae
-
Filesize
4KB
MD5a22cdd3374234d3a50c2ace2dc33a63f
SHA1d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA51271d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61
-
Filesize
18KB
MD52f679e46823cf54660405eda0dbf0842
SHA129fdcbd753e36022b6308425dad9323e5f3472fb
SHA2566c9e8a37d656c8ee738cb0db392d49e908505a82175266e072a4552a7c98adcf
SHA512f07fac0e45c87ea34fd1e9354fbdcaeb61f0a52b23cfd993def3c71f8c5d7249f861dc8c2dab427fb93e2bfbcd156d2f0518faffb91853e70530e2ad71e4cef5
-
Filesize
18KB
MD5e771e643a2f47b5d527aa4dd1e857aed
SHA1ddb6ebbdc354122989c67ed9cc2555da640b16e5
SHA2568c4a1a6e84875ae583fc032a723e934f0d8805d452b43a81b4eec624b5ea7e15
SHA51214d17e82464fb813ff044b4e5dad1a429f0fd8fc5973ba2bcdb50edbef7e129048133d99b5c50f86a3f82d33b9faddbbeafff222d92b80e31ff963345c4b29e9
-
Filesize
341B
MD58457df74e898629c7262b02dbe4160f1
SHA1cddcaac926ea7001edde155f9cb0732be9086081
SHA2564426b99531f63472fef36c9ba4beb75986ed6b1a9915f46e507b698b7c6384e4
SHA5121aaae31f79dcdbd9869101e8aa67897f2a439dc513ac8fa7dee4ece4d628d33d29308598a02519c718c9cf378ea93ca116f99bc6e3f28f193d4bcaf33ab6b82a
-
Filesize
18KB
MD53f14df8e4be6100673090c43eb3c3476
SHA161c1e35aeb6cb477077416f050c344fb18f5f87b
SHA25609eafe24bde0110f526b49001d97673e533ffd9d361d9be9c4b511eac4dd1bc2
SHA5127988759407514f6a6d3792ce58c582420eba75bb1871d8392f0f018f403557bc99d665c7655f913c9021d6ed777f7bb8b3d12a52ba5869abf48ea29e7c2d977c
-
Filesize
19KB
MD57717b3eae55b3ec74f40699c1b9896c0
SHA11483166af6059633de2e20545bc3f3cb6f035304
SHA2568a24f850a71065e93ae80d3a62903653e1aaff9ff478e05831f288761e4bcc02
SHA512c988f566875ee73f0e568fb90df423424d9f3f237ebc8cda6b19e6b685ac778435a4fc654ce923a70090579216f6afb14a5663381c505ceaa919ebdda97b239b
-
Filesize
1KB
MD517671d66ecca1a0f43f14e6c203e465b
SHA12972b1623d088df57bfb3f580af4d1cdd138e9c2
SHA256fddb5224b83f97d0bbb63b921421d837e9ef338936c411300de15ce1e85c50a1
SHA5126a62c357a661b52f3df81f26d8b25bd5792ec350c54ca135ee00a373193c1c0a0d4071dc0c97c5b36cd86fbd02759ccb02ba68c81fc127dcfa31c5ea9f682395
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1623ecf2-2542-452e-b692-0888ec82b85b.tmp
Filesize909B
MD51260ee5913b8717fa674b9312f81b2b1
SHA1dd02e1c444c0af979c093f6eab9e85fb6a5a83f0
SHA2569c8965669b6e55c3a20af99e1a1e63f48e5ec9073f1a1199866818fe5c4cb641
SHA512de8608a6d8ff387de754de98e8da1c9c2d476ce8fe8545cacf9de70919178c6deb8563523eb4997363163a4d63f38adea30b1c3ba553eb5b6afb5d786968a00e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e461385-616d-446b-a335-0b49432251d8.tmp
Filesize705B
MD5067f86d6cb16abdce03e64ba775ffdc0
SHA18124a1a20510d3bea354bf6de39fe58ef1b45bb9
SHA25678dd4df2c67e96a4cd061fdc4cc41b5a86e4862d16698869430c7f51a59093b4
SHA512e31fe00ccd207285cab0163a46c600e385e3d9631b12b79150a5c95aa5ff39938ff5b00bf4e2d2e93fcdc1807e181b45161be03f2020a08adaaca832f3a15eed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5618617aa4a9a28333606a791d0b39160
SHA18d018c7512cc8bedf39c8877b0d9844631cae25a
SHA25637edde7cd88e6b7eab625585849afcf28c5c95471be3f9232d257fa198872495
SHA512fb2601aacdb723d45044ea3073057d6f5db0b301f9f856b250459b9c7a5c33a162de2ac49965774211a83d65d68a091be94369583936f3cfbefa2967fb886795
-
Filesize
5KB
MD539ae5673b7953d042defdf7b193ad4e9
SHA1f70883002b3a50288e69d433ce6d459fd023c223
SHA256f83b83a5abcb723b6367a01cdbf1763e3032fbf9e61c9f3a05ecf8f3b6b89f56
SHA5129960c1033ef1d8a53293b9a921fb28b373a9c2186709df3cf991f2bc3b6f1edd74d266b3425f0fadf1140426bcc24cc87e5e1dcf18b6673dec532e31460120ef
-
Filesize
6KB
MD57af9126c9c8d2eeeb3c24382acf0a019
SHA1e895524c1cff2f02c388ce43ef0820916cb193cd
SHA2565b98b3bc0622d663d7ba9866b4ce2789604bfb2f71326082f9d2178448dea377
SHA5122327d81344d4b31b5d28bc57bcdb4e99bd11bf4dd07ecb77c977e8d658e5fce50ae07d291421510568c6e72c2dd35d1abac908375c6d11899e944a1e52f43d2b
-
Filesize
6KB
MD518e88684087a8f12cf6eeaf1311d541a
SHA19c9378bb816c38b78e5c5af460e5c1d7a9537c7a
SHA256738079d17b25d05bf046074f1183e87f0e4d0b76a055f36a500383f8e15e3bdc
SHA51295fe049508ea87ef13ee69248b2217b78423524753e678422ebebaa0a3a94154c692de76c2843a36a39aca497d5d7805633eb36da8db60fc423516a75d3fd6d8
-
Filesize
6KB
MD54782a8128ca1ab748e20e70b29e6c8a4
SHA17d614e27767e5546bb64d3fb545f4694a05b6627
SHA25698f25e209b39f9eab0b898789e5ea349b36d9125fd47660613b7abeba3d2680a
SHA51201c22deba66b90d8aad2d32517a20f14766eacdabb713debd84716532ebdd188b11f31d5cb37865bf2bcff0771afeb6b5c7713809da68aedb959bf0543881a80
-
Filesize
6KB
MD58ceaa99fec1fff892c08a8c317a25b51
SHA1f9f90ef72a3184317a4d3922767952a406d0b8e1
SHA2564723d089847db45466ebc426d60e10b6cd0f1c3fa0ee7da2dd66fc80451233cf
SHA5121d76a81d464c7202ca84c4c89f52f4dc48d67726471eee6172da5419f772db418d3d52a4168c5f1878db2ec1400cee7d5b256408c7f7d8a7e0b63f92bc3dcea7
-
Filesize
705B
MD55c44003928b0ce1f59e1047aa5238b7c
SHA1cdd9fa7a5a333f9563e8dd6a4b68a508b0810e28
SHA256ef0ebe0b49a0244f7a49cebf4a25c230469b2625084b831f4c0ed4505ff8831f
SHA5123730876f2548e6adde047c129205958d10bf6975386f2e4341c76367432156571ccea8306897fc1f3895d5c360d67dda568816119e3a8fbdfba9778a7bd28d5f
-
Filesize
707B
MD5e2a518b4ced24e05928e58f738e3342b
SHA1ac1e45d3e5c409aee3bc655f01110942186c53ae
SHA2565f1b0120227c92a3427f889e351702da14eea24f0cb09602c96c96a502d97732
SHA51281309cce0f0a931f8ae6c9fb9ff25df0a57c473b79b82fd180b1535457a1756be9020b48321f2b973a4bcabda56b91731350023716f284c679a3e40077b09b88
-
Filesize
707B
MD51b667e15691ba451eac716d4fa4a997a
SHA12e118bddd3a140d9dfd67daa7e81e5d17bf774f5
SHA256ff2d40a11e755b1e6d4d0b90f45e52c0d007bb58455ee9a996dbcd4ab7499f3b
SHA51266bfcf34861a852ed4ec3f9dbd41fc372fa4eff244006372248bcb61ffe42045fb77c84544aa505bd17052a0c80264fc860dcc233c5109eed193eed06ac6ab37
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5180ba8f55fe98a6a41622f64ae625d5d
SHA1adeb42d2249992ba1c418794f368a78e95fac680
SHA256fc713d1c84ebbfe87463cecb3dc1c3cd080f0f80f9ae5a83f62bce8d1b3428f3
SHA5123922722d863a69b427870e43ebd502c6781980377deb7d7fec5a26cf7bd50efad9a966be4e38e36a8517cbc6c202bf1848ccd0384f0014dff04dca132c727450
-
Filesize
10KB
MD5e5c464ea20ab867852f3b6f0e2805475
SHA1aaa26b08562fa47325e47dc9f38ffd26eb7e3598
SHA256e41429f4b8b9da712f4a935529b37133d4b61be4271827bc3b3e80f24492f0ee
SHA512135420a6e5db2c530d9077046605a5e40a6866f89e13d556d8fc40d6605839c17b535fa8e51aa542c435643e80130637d8ae697fcc8d68000ddd9a0680be7693
-
Filesize
11KB
MD516a8ee25167a5b1faa64031bf52a88bf
SHA1221102a4298c025300ba682aee5aa3132434ec86
SHA2566b3e372ab7d50b710425fcfad3432e7d8100b5a25bc6dd40d14515ac720de19c
SHA51201bbac2695f25bf7d620d70a50a47778645f63bd019d040da35f6bfad73e979e62e7292ea4047b6bcdf2ee2075c0b6ad61d6fa4ee22d94e808261484ec210347
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.403_(x64)_20241109202728_000_dotnet_runtime_8.0.10_win_x64.msi.log
Filesize3KB
MD563425c164848d737325d4b24063c52e2
SHA19cc0028c6e762902716c69a0ba4f1a5a0cb8d171
SHA25633d626a21582221cec20b01080c88bcc8368cc84d7cd2d08ba72775ef3d3b2f5
SHA51221c24b837885112b18649a7d2113f78b0a49c7d857cb7fd52044d246a059342493fbf9763e461d97547e55eeb775c09a56f877cbf1385b176ae80c0ac0780e43
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.403_(x64)_20241109202728_001_dotnet_hostfxr_8.0.10_win_x64.msi.log
Filesize2KB
MD52cface05a254ec27aabfc6f680529799
SHA1f5ec4364ad798571b86527f4accbd34282f86823
SHA25633b76bd1a0898ec0ec902267b44004129fddcba0124f392aac1de90d60a15448
SHA512501f38b7ff12ce20ec8ecd74dd58bf270ea8ca48b4c6704936a93ed61d50b91bfe44bd65b53ee55c327ae9b79ffa133202aefc85c62981b8140069f6712be08b
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_SDK_8.0.403_(x64)_20241109202728_002_dotnet_host_8.0.10_win_x64.msi.log
Filesize2KB
MD550fb39e46c1fab960f5165469450cfae
SHA17a2ad8e1d5f3369b6c59081cc12f5e0cd1843eb3
SHA25607e8879c28ae5eb3c6ae4c2e79b94b347c0ab06b795361c3069315c3b0df182e
SHA512fe404bbf633ee44a12bd1f91f0179aaa8e0acbe283eae146f2f24d3625f6993e3c67c6926834b460ab5ef7b2c05c9425312e3134156d9e921d742566598819f3
-
Filesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
Filesize
244KB
MD560e8c139e673b9eb49dc83718278bc88
SHA100a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103
-
Filesize
639KB
MD57fa5713899bd98e0012e009acda9a617
SHA1218fae69d36e56cfb34c47227f93d486935900fe
SHA256a853f5d009f0083732a2b6c4352775d7b15ff3483a72c639cfb26847b6eba7d0
SHA512d3d04235544e0065907beb047f51cf9c47f6ef65500b4f15deb19d0bf683dea5e0f8e56ba13462db445854de490d5cdc1c4848aba46f04b23d0be89d1698817d
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
215KB
MD5f68f43f809840328f4e993a54b0d5e62
SHA101da48ce6c81df4835b4c2eca7e1d447be893d39
SHA256e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e
SHA512a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1
-
Filesize
9.9MB
MD51c59d1fe5a59ed2240d3d3ab15c1d70e
SHA17646a636dd350c828b4fdef675cde680ada24336
SHA25666cce7c4018c00fcfce49f38911e30d6f4fbede872717a2d9347f4dfded97853
SHA512f10afc995da40b2e26c0c4485ae61a68f87f71b141be9ec2923b04973689863bf20b55ba5af36f8f3a8aa3d2566db2eb86c25770ff0f1edba0fb7338c5949a14
-
Filesize
170KB
MD509fdd7aed036ee40d0d6df6b1bc94ba7
SHA1c15d3d0f6bea9e3e828792109379fee2599367ff
SHA256d4f420879288b7e58c25dd44929d3c62b690c89bfe4605807c511d1b2d6d03ba
SHA51216993dacc8f43da8ac104b7b937b17ed88f95ae68ca2c295cae61796f00169673a095c2abf5a6acb6e6b55c8a7cd1863426d89470f548cc95d8f3e61eb9155d1
-
Filesize
648KB
MD599f79eae39ef995ada46f787f401493f
SHA1677e655ab7f03f4e8177d0bf6d21b515acff717e
SHA256d3f85f87fd0af2c2fe6c93f7e012ce10faf76ff54061ad7ae3e0d1815d4feb12
SHA512c21268b710184c4e9568483fc5249cb07fca51cf6b88f32befe1bbf9a01316309c6d918a1b6530e4ac8af014260b8989c2b448ac143184c31d092f4fa5a66622
-
Filesize
648KB
MD50bb80f4c213f4b484cb3813caf58d94a
SHA1ef4aa69c17b8d662aec7d8a83f4011d9750c921b
SHA256737fa78efe8c6d07dff5cf99de9b3127ee9ccc59ab394e9e7c1e274f4b8c4c49
SHA512f3c471126b1613e63498191c2018932d1d8db72ba66bf977d9fe2f85c7b294bd9c1840ab7ec1b66339eb46ed2cf4c70cf6359116f60dd520cd3fb5b61362af50
-
Filesize
700KB
MD5a075d8ae3d7313ea7f292c620fc57094
SHA188e1311670ce6f89471a1813cc65b5e3c6955e87
SHA256440095ccc200f901e82f2b400c5a06c79d1e675aced136f1ae513bd465ee74c3
SHA512c9ca24f90d3af3fe39f2c53bba62b69adb5f6b2a8905d30c80a93bc6047bdd328ce3b43cf55a8ab8dc1412ba28f5d43bf89b335a0bd958ca10e387f94793b87d
-
Filesize
648KB
MD53828128aa976befb6792d9095b9342a5
SHA1f12e3899775c3b5e916b1f9f91a1994ed0a769c4
SHA256be30d3ea95eb2e56ae616086291ef565fc7474ac745441f69e1319f258a8b9ab
SHA5127fbf2915ce68378a8986cca7b39a5469d2ff3e309f2eeb76946465826d01ab1c6cd0ed1cb8e9838f7749770077829951ab26ac074b399034664f2c0fca8fe0bb
-
Filesize
648KB
MD5552a93c765b399f09e98be50bbf9afa4
SHA15f028f966501638bb44fb8c08f1d460bbcf1d673
SHA256a3b2f9dbb07f1d91c686584915404d91471c17c9e9795ce5ac073b10b854fc94
SHA5123017b78a00f05abef373c4589b00b079a0f44ec6ff61b2606580b59834e010a568f7cefeddfa98d706a37303b3f2daafcd434c5be3091f894dfa83e3831f93b5
-
Filesize
708KB
MD5e18c0aa1f8975bf3fd17d5701345addb
SHA1963a38dd9e9dfd509384811345278c3ddc962e10
SHA256cfb6bc550015105b083b43060610988be0a8090fc69877144816c8e18183d0e1
SHA512d3a61b71b7aabd45fc2275a3462851dfe09d14e8cb9af94075038658f649888469406cb2f79445f52fe6bf831291adf9e22909e330d126507d26d554170850bf
-
C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\aspnetcore_targeting_pack_8.0.10_servicing.24468.4_win_x64.msi
Filesize3.2MB
MD56b31d5ab5714c1604de6f2fa473762f7
SHA147a1a0600f9596985dd7d2a109eea9d1f87b0490
SHA2568a102fb02cea3a72de74f7f1eafb057451dd76b25882d8a62d353b08d64bc61a
SHA512afd407fd93401f6e65608db03373ab5f69708e45736cb0f54e7bbb66fa9b762f5fb06342383bf88e613855e522aec530ceff931d55624aa42c8f8c2dd6f20a88
-
Filesize
704KB
MD54e1dc37c7eea6f79dda21c686ea65632
SHA17d06d0dc46094ac4fb24b8a76a2d46c5d6af2225
SHA256b8f703d87f4fed4d57befd402c2d501868f64ebbff512c4c19f5c6447e9b960c
SHA5128cfc313dcbf3ab346ed53680a4f8dcdbf77f86dc7eeecb500e1b1e0191033d63ce55a93da70d0fbf07694fe9a819ed235b9fc3d25f5e6c608e800f95e43540d6
-
Filesize
704KB
MD5b51248cdbbeb3c4436ebe0bd64e624c4
SHA1cbe4fd4e8c350ae0df8a76467da5db8d4c1852e6
SHA2569d5ed3668f34542bf95e9495d148cb3b52e4b715a23fc957255bb41e9d63faac
SHA512ce9dc671f83fb7dee18f7d0f3aada97574eeb987170131924e25cea033456a264592b7447e51cd082edacfeaa70930afa2f3fa9616de0d935647d6bb50bc57ec
-
C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\dotnet_80templates_8.0.403_servicing.24474.13_win_x64.msi
Filesize2.8MB
MD5f58d4f6434798a43f0ca8e0aed027e09
SHA1d960ff405a594070d03ea8e2af9f420e81ed6dcf
SHA2561307f91b50461719481081150698c364c8d4b439a05ff220cdd4059f4b413da8
SHA5129a57e89f4fa88dd366c65f34a2f3c1b467200b5f408443281cdea39a9bd64121ac48188c5a1b1da920408e1a019a6cdee5e32f7f7cb16d554f0535183730f7c9
-
Filesize
4.6MB
MD55c6b6ed6005194abd4dc9f82c5c5a2b1
SHA190b77b18d08aa466a1d0a1d5b97867da88fbc30d
SHA256f618f7e7816ec425fc846df55231cbc56d846e7d470b99f451542a835f6f2147
SHA512725263aeea7af3c14107d12106620d6709d499b8982a944c4181a4811df69178e30642fcbdaf039b19658247a70b1af8ab7df6b255a18afbe6a7e323cba1f62a
-
Filesize
4.4MB
MD5c3aefca8f2dd0a2717d3a29660c9836c
SHA1719c09b3eace1ff9171908f02be7e7c5ea630063
SHA256e611399c6f24e914e62feb18f44061295e1b0f660de8413ad457bb878e00c2a3
SHA512144f82bccd1b75a34fa424a804fb67666e30b56a7fc6097b42a02b53abe20209521cda7b93414888298d42883b861a99b77b457719382c6e394d0c25814d4aff
-
Filesize
4.0MB
MD53c41d763bcb057c85effa9df067c7a5a
SHA1e09f4521e0432bb337f1e314bc4585240b10b0c6
SHA256b9ec061d755b382b178c97755ad6dba654d4588c0256a83dccbe3e80c6d99905
SHA5125505cd8139832b2bc32e3da3fb1bd7fd3510fdcd9bfab3bd153a9c3846f90cb2437cb14f4eef8a062d7ac3fbc06417f13d4ac2e5c2aaef815a4547a7128d9ee0
-
Filesize
780KB
MD545e3dbfa05670cd9ad05a87c03f80767
SHA17785fb6d4e010e2b8eeea4216fc34b14a756c2a0
SHA256e84ce556c846e3a8098399d5b0f1897f8bc5c313bdd96bb23bf88b061ba60cd7
SHA512ae9e2dc4d49ffbec56a348427054a13dbddb52e593b5d02a6ef7576998549f3daeea7c93834493d13ed71d1e63c54cf7d0d9438aa737a5ce97a402f961be0d2b
-
Filesize
848KB
MD593e8c3e371cbe28b13ae13f8d5c7a5e0
SHA1381254533ad6d63154df46178abcfb22ba609a1e
SHA25609c1e0ebd10b715b090cb4c2d00a264a28da3d23597b734c59128875efbc9f01
SHA5127b5e475a5d6cf40188bf80037527717218384a25ca73c40f109a9d1844bd80e3c73e3b3fcc7bf35cda6536c58b89e2d343fc95d25e847dee6733d822ae18d031
-
Filesize
26.3MB
MD53bcfd17c48bfcc5137f3f50d8821e7e8
SHA155070570acc7e35c88265ef918a20cd16af7e30c
SHA2564ce2c04c89a8ad7dc03a7ae29ec1a703457c6ff2b50435f250502d7cf5e00219
SHA512b31b87887e07dfcec7e1381806fc2d837c7e232fc214dd9a7032bde864a4cecf9d4b60e520c304cdbe95b32bf331399c989665f5d3056b0a84149337e9525164
-
Filesize
4.7MB
MD531bc84b81c631039f4ac6d7633badf50
SHA12555482c503573943e7cc8b806abe718568b6bab
SHA256785adbdba3ffc690c35e3d58744994c33c86394dd8ca5dec412ee341e0bbcf51
SHA512021f3a0d2d37616b08858e077dc545a2c1724d5ba3f5efc8ce73afe96cb7d4ba624ad1538164b5271d09be49936e99efa4a5128281e191a6fc43273468e96ced
-
Filesize
648KB
MD57c0a0712e3377b703a2bc22f90b6fd68
SHA1b1cd6e82fbb7316e3dd4483ed9db3eb0d53d76b7
SHA256c6357feb49da1a3e973229e502a3b26ab86b183a01f0f59be80c92c38bb87a79
SHA512d93c8bb42c6fceaf2a48f01d282c4bb80516b095b9d5b614d767275ec0b95bf5969fa9bda681bb7bc2dda809dffcf5904016bd5e4fd95f3c06af7f2084928fc3
-
Filesize
648KB
MD581f28e5946a58221ce9c0f26f1092b77
SHA1ee8c50caa0ca9faa225af5af0227eb55db6f4d58
SHA25635497652569c6f78c8fa6fee54dc1449896506c32fda2abd8944e9ac93008ecd
SHA512730fe70fe4dfbd9f912f333a2611d130af77a630f3e954b77a11bae11f4c7b41ea515a60eecd3396783cb2508fb98dd27c664bb6a2423a5088168a40b64477d1
-
Filesize
700KB
MD55ec854b10ced2f1fef67f3424672bfd2
SHA11b601d32e8812a6e87e2a6c8b5e7cd9c4e516974
SHA25643fb7836cd8f4e09c56f2c02fa69738bfea986c808b2e10a98483d189dac6cba
SHA512edc26663b2549a0b623939b2fb38a89d4aed49c44d7e546a574130fd1cebad31cbcd6317839e495c5e09124fe5708a1354e7b13d664e1dccd6ee3cc5f806d3fb
-
Filesize
700KB
MD540d95210a46a25542b8ec3d656c7131c
SHA19e6ff900d098927ee44f67ddd43706e6bb50d2e5
SHA25604023fdd54d4d5a8d32e6fb3d113f85bac2713a6588db7c585f2635920ccc404
SHA5124f5e869b235c775fe1e2cc66983a53e0607d0fbe84061a6e791ad09b5a120508d4b219f5e67146e45d2a185ba127c069b0858fb1aae74f1f2db25d80c08e939c
-
Filesize
648KB
MD5cd6ac784936c592b5b90b83e89fac544
SHA1960293e59db25f652bf8991a48ee5aa1c0df7033
SHA25651f50093f7f449c9705c787bc3571c7ba534b27979941908a3539aa993326382
SHA512d51a8c46d45cb48f755d06d37d2cc6f6d89fd23e9b81c9d3f019c2a0148a6ae8c3759770ca2a0d068bcf4c0a8b59c264ea60c38d8d636a9c6e5f4c384b23ce2f
-
Filesize
2.2MB
MD5450ee0e373b7adbc44caa4659ea77068
SHA118540ea52c4364e773a34b49c38142a35968b127
SHA2568dd74c97a70a6496e56cbedd3d7100aa80c788654c3164f642099c14bd43caac
SHA5123eba0e8265fd9fce82d1329929e70e467c8b34abed9f3baad4b5bdfa1ec8b05e02b7465de68ab465ffcfaa7ae6a739aeca841af0d7226a7ac847b265d35a0027
-
Filesize
29.1MB
MD5685d357a0cb304cc073b75e069149155
SHA1c63b913476494f49d8e903b58fac52b36effead4
SHA256115f39d0f22ff31544d62a7b2282602408d8faec3f01e38ad5224a2c1fe1ecb7
SHA51296fc385bf12f4b418a3ba4d64d9066129da8e659e555bb95d6ba8c087157c59e7fb14517ba3fb8c0540a87d8fdedc331d67d7ae5ea6e72bef3b7fd08bdf7513d
-
C:\Windows\Temp\{AA6B456E-A319-4B98-B051-0DD8188E0953}\windowsdesktop_targeting_pack_8.0.10_win_x64.msi
Filesize3.7MB
MD5d4c9727d69ce4dfd19193d1db9c374ec
SHA16f9e1d614608d80b6bf0561dcf9e453f4f0a86e1
SHA256b04906b1d0eff2e70fd280771383a6662e8ba44010a6b3f1a649f95e4d39cc5f
SHA512f7068f963842de2c1dd98f12ac34cde5326f0dd062368f6dbdf045c213272f1d95c99e0e556c1acc58e8c07f3694b5a97fdfdb3b1c784692add70a6238e47b8f